Judging Phishing Under Uncertainty: How Do Users Handle Inaccurate Automated Advice?

要旨

Providing accurate and actionable advice about phishing emails is challenging. The majority of advice is generic and hard to implement. Phishing emails that pass through filters and land in user inboxes are usually sophisticated and exploit differences between how humans and computers interpret emails. Therefore, users need accurate and relevant guidance to take the right action. This study investigates the effectiveness of guidance based on features extracted from emails, which even in AI-driven systems can sometimes be inaccurate, leading to poor advice. We examined three conditions: control (generic advice), perfect advice, and realistic advice, through an online survey of 489 participants on Prolific, and measured user accuracy and confidence in phishing detection with and without guidance. Our findings indicate that having advice specific to the email is more effective than generic guidance (control). Inaccuracies in the guidance can also impact user decisions and reduce detection accuracy.

受賞
Honorable Mention
著者
Tarini Saka
University of Edinburgh, Edinburgh, United Kingdom
Kalliopi Vakali
University of Edinburgh, Edinburgh, United Kingdom
Adam D G. Jenkins
King's College London, London, United Kingdom
Nadin Kokciyan
University of Edinburgh, Edinburgh, United Kingdom
Kami Vaniea
University of Waterloo, Waterloo, Ontario, Canada
DOI

10.1145/3706598.3714267

論文URL

https://dl.acm.org/doi/10.1145/3706598.3714267

動画

会議: CHI 2025

The ACM CHI Conference on Human Factors in Computing Systems (https://chi2025.acm.org/)

セッション: Working with AI (or not)

Annex Hall F205
5 件の発表
2025-04-30 18:00:00
2025-04-30 19:30:00
日本語まとめ
読み込み中…