skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


  • Home
  • Search Results
  • Page 1 of 1

Search for: All records

Creators/Authors contains: "Nthala, Norbert"

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. ; ; (, Symposium on Usable Privacy and Security)
    null (Ed.)
    Phishing emails are scam communications that pretend to be something they are not in order to get people to take actions they otherwise would not. We surveyed a demographically matched sample of 297 people from across the United States and asked them to share their descriptions of a specific experience with a phishing email. Analyzing these experiences, we found that email users' experiences detecting phishing messages have many properties in common with how IT experts identify phishing. We also found that email users bring unique knowledge and valuable capabilities to this identification process that neither technical controls nor IT experts have. We suggest that targeting training toward how to use this uniqueness is likely to improve phishing prevention. 
    more » « less
    Accepted Manuscript Full Text Available
  2. ; (, Workshop on Consumer Protection)
    null (Ed.)
    Email remains one of the most widely used methods of communication globally. However, successful phishing email attacks and subsequent costs remain unreasonably high despite technical advances in defenses that limit phishing scams. In this paper, we examine human detection of phishing. We found that non-experts go through four different sensemaking processes to determine if an email is a phishing message; they use different knowledge and skills to become suspicious differently in each process. Additionally, non-experts rely on their social connections as an investigative tool to determine if an email is a phishing scam. We discuss the impact of our findings on phishing training and technology. 
    more » « less
    Accepted Manuscript Full Text Available