Phishing has become a major attack vector for hackers and cost victims $687 million in the first half of 2012 alone. Additionally, despite technical solutions to defend against this threat, reports show that phishing attacks are increasing. There is therefore a pressing need to understand why users continue to fall victim to phishing, and how such attacks can be prevented. In this research-in-progress paper, we argue that the cognitive neuroscience of memory provides a useful lens through which to study the problem of phishing. A commonly reported finding from the field of memory is the eye movement-based memory effect, the phenomenon of people paying less visual attention to images that have been previously viewed. We aim to show in this paper that this effect holds in the context of email processing, and that the eye movement-based memory effect is a significant contributing factor to users’ susceptibility to phishing. We propose an experimental design that uses a memory task involving simulated phishing emails, and measures users’ behavioral responses and eye tracking data in response to our phishing manipulations. We further propose to show how training can be designed to help users overcome the eye movement-based memory effect and become less prone to phishing attacks.
Anderson, Bonnie; Vance, Anthony; and Eargle, David, "Is Your Susceptibility to Phishing Dependent on Your Memory?" (2013). WISP 2012 Proceedings. 40.