Let warnings interrupt the interaction and explain: designing and evaluating phishing email warnings

Abstract

Phishing represents one of the most spread and effective cyber-attacks of our times. Warning messages are commonly employed in email clients to notify users about the possible danger and let them decide on their own. However, the high success rate of phishing attacks shows that the existing warnings are not yet adequate. This study contributes by proposing two novel warning dialogs for email clients that prevent users from immediately accessing the content of phishing emails. Specifically, the first one alerts the users against the potential scam, and the second one also reports explanations about the possible causes of the scam. A comparative between-subjects experiment with 300 participants has been performed. Results show that the proposed warnings better defend users from phishing emails than the warnings at the state-of-the-art. In addition, explanations resulted useful in preventing users from discarding genuine emails where warnings are displayed incorrectly due to misclassification of the email.