Overview
Explore the psychology behind why people click on potentially dangerous links in this 43-minute Black Hat conference talk. Delve into the results of two user studies involving over 1600 university students, examining click rates for suspicious emails and Facebook messages. Discover how factors like curiosity, context, and personalization influence clicking behavior, despite users' awareness of potential security risks. Analyze the implications for organizational cybersecurity strategies, including the pros and cons of employee security awareness training. Consider the challenges of relying on user decision-making for protection against phishing attacks and discuss potential alternatives for more effective cybersecurity measures.
Syllabus
Introduction
Technical vs. Human Vulnerabilities
Research questions
Study Idea
Ethics: Recruitment
Ethics: Connecting Behavior with Survey
Final Design
Study 1: Survey
Study 2: Design Changes
Addressing by Name
Study 1 vs. Study 2: Survey Reliability
Study 2: Email vs. Facebook Survey Reliability
Trust Into Technical Context
Reasons for Non clicking
Limitations
Targeting
Requirements on Users
Let me introduce...
Want Your Employees Be Aware of Spear Phishing?
Pentesting & Patching Humans
Feasible User Involvement?
Key Takeaways
Taught by
Black Hat