Stop the Clock - Counteracting Bias Exploited by Attackers through an Interactive Augmented Reality Phishing Training

要旨

Phishing attacks become increasingly sophisticated in targeting humans and exploiting cognitive biases, e.g., through inducing authority or urgency. Previous approaches to user training focused on URL warnings, textual, or click-based training, yielding mixed results. For more interactive training, uncoupled from users’ screens, we explore the potential of Augmented Reality (AR) technologies to enhance phishing detection. Through visual representations of biases that attackers typically exploit and gesture-based interactions with them, the training aims to enable users to counteract cognitive biases by increasing awareness and suspicion. In a laboratory study with N=117 users, we evaluated phishing detection rates, user interaction with, and feedback on the AR-based training in comparison with a click-based variant and a control condition. Our results show that interactive phishing training addressing cognitive biases increased detection rates by 33% and that interactive elements were well perceived. AR technologies further enhance the training.

著者
Lorin Schöni
ETH Zurich, Zurich, Switzerland
Martin Strohmeier
armasuisse, Thun, Switzerland
Ivo Sluganovic
PhishAR, Oxford, United Kingdom
Verena Zimmermann
ETH Zürich, Zürich, Switzerland
DOI

10.1145/3706598.3714023

論文URL

https://dl.acm.org/doi/10.1145/3706598.3714023

動画

会議: CHI 2025

The ACM CHI Conference on Human Factors in Computing Systems (https://chi2025.acm.org/)

セッション: Innovative Training Technologies

Annex Hall F203
7 件の発表
2025-04-29 01:20:00
2025-04-29 02:50:00
日本語まとめ
読み込み中…