Zheng, Sarah Ying;
(2024)
Online scam detection using human psychology: Towards usable cybersecurity.
Doctoral thesis (Ph.D), UCL (University College London).
Preview |
Text
Zheng_10185728_Thesis.pdf Download (7MB) | Preview |
Abstract
Online scams are taking an emotional and financial toll on people around the globe. Current scam prevention methods thus are falling short. This thesis aims to understand why people are bad at detecting online scams and develop interventions to help people improve, using phishing e-mails as quintessential scam examples. It first presents a fundamental advance in understanding why people may have difficulties discerning honesty in online contexts. Using computational methods and a novel task, we find that worse discernment is driven by how people weight heuristics versus more cognitively demanding computations. Specifically, over-reliance on one's own behaviour led to worse discernment and higher reliance on statistical probabilities led to more accurate discernment. This finding is then applied to improve people's ability to detect phishing e-mails. People may not recognise phishing scams, because most people do not create phishing themselves. Our results suggest that engaging people with how to write phishing e-mails indeed improves detection. Next, we find that people's phishing detection ability is not related to demographic factors, user interaction styles, nor negligence of e-mail sender details. Instead, poor phishing detection related to people's lacking understanding of technical legitimacy cues and widely differing communication norms. We then show promising directions for user-centric e-mail security tools that enhance intuitive cues of legitimacy. These studies demonstrate that a deeper understanding of why people may fail to detect online scams can help develop new methods to reduce victimisation. Specifically, online legitimacy judgements may be improved by (i) policies that enforce media to recommend content that reflect true statistics of real-world phenomena, (ii) teaching people how online scams are created, and (iii) highlighting trust cues and norms for digital conduct. Individual risk-based approaches such as targeted interventions based on demographics are unwarranted by the current research.
Type: | Thesis (Doctoral) |
---|---|
Qualification: | Ph.D |
Title: | Online scam detection using human psychology: Towards usable cybersecurity |
Open access status: | An open access version is available from UCL Discovery |
Language: | English |
Additional information: | Copyright © The Author 2024. Original content in this thesis is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) Licence (https://creativecommons.org/licenses/by-nc/4.0/). Any third-party copyright material present remains the property of its respective owner(s) and is licensed under its existing terms. Access may initially be restricted at the author’s request. |
UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science |
URI: | https://discovery.ucl.ac.uk/id/eprint/10185728 |
Archive Staff Only
View Item |