Abstract
Phishing reporting is emerging as a key defense mechanism against phishing attacks. Whereas large enough organizations have specific policies in place for phishing reporting, user uptake is still limited, and a clear picture of what motivates users to report and which types of emails is still to be drawn. Yet, this is critical to devising better policies and procedures and stimulating awareness and a cyber-security culture within organizations. In this work, we sample and interview n = 49 employees from the pool of phishing reporters at a medium-sized European technical university. We sample interviewees based on how sophisticated the emails they report are over contextual and technical dimensions and cluster reporters in terms of their (emerging) reporting behavior. We conduct semi-structured interviews up to thematic saturation and derive 13 main themes driving reporting motivations. We discuss the identified themes in the broader theoretical context, as well as the practical implications of our findings.
Original language | English |
---|---|
Title of host publication | EuroUSEC '24 |
Subtitle of host publication | Proceedings of the 2024 European Symposium on Usable Security |
Editors | Farzaneh Karegar, Ali Farooq |
Place of Publication | New York |
Publisher | Association for Computing Machinery, Inc |
Pages | 30-43 |
Number of pages | 14 |
ISBN (Electronic) | 979-8-4007-1796-3 |
DOIs | |
Publication status | Published - 20 Nov 2024 |
Event | 2024 European Symposium on Usable Security, EuroUSEC 2024 - Karlstad, Sweden Duration: 30 Sept 2024 → 1 Oct 2024 |
Conference
Conference | 2024 European Symposium on Usable Security, EuroUSEC 2024 |
---|---|
Country/Territory | Sweden |
City | Karlstad |
Period | 30/09/24 → 1/10/24 |
Keywords
- Phishing
- Reporting