Indiana University Bloomington

Luddy School of Informatics, Computing, and Engineering

Technical Report TR649:
Deceit and Deception: A Large User Study of Phishing

Alex Tsow and Markus Jakobsson
(Aug 2007), 46 pages pages
Abstract:
This study is a large scale investigation of trust manipulation tactics used by phishing web sites and email messages. The experiment focuses on media authenticity evaluations, rather than content credibility with the assumption that its authors are known. It tests the effect of features ranging from URL plausibility to trust endorsement graphics on a population of 398 sub jects. The experiment presents these trust indicators in a variety of stimuli since reactions will vary according to context. In addition to testing specific features, the test gauges the potential of a phishing tactic that spoofs third party program administrators rather than a brand itself. The results show that indeed graphic design can change authenticity evaluations and that their impact varies with context. We expected that authenticity inspiring design changes would have the opposite effect when paired with an unreasonable request, however our data suggest that narrative strength  rather than underlying legitimacy  limits the impact of graphic design on trust and that these authenticity-inspiring design features improve trust in both genuine and forged media.

Available as: