Security for Vulnerable Populations—On the Interplay of Weapons of Influence and Life Domains in Predicting Older Adults' Susceptibility to Spear-Phishing Emails

Tuesday, January 31, 2017 - 2:30pm3:00pm

Daniela Oliveira, Associate Professor, University of Florida

Abstract: 

Older adults constitute a vulnerable population for online social engineering attacks because of their cognition decline with age, including deception sensitivity. They are the fastest-growing segment of the U.S. population, control over half of the financial wealth, and occupy many positions of power.

Spear-phishing emails are used as a central component in many cyber-attacks. Successful emails employ psychological weapons of influence (e.g., scarcity), and relevant life domains (e.g., health) to deceive victims. This talk discusses older adults’ susceptibility to spear-phishing emails as a function of weapon of influence and life domain. A 21-day study was conducted with 83 participants (young and older adults) with data collection at the participants’ homes. Our results show that older users, especially older women, were more susceptible to phishing than younger users. While younger users were susceptible to a few weapons of influence and life domains, older users were susceptible to a variety of them. Further, there was a discrepancy, particularly among older users, between self-reported susceptibility awareness and actual susceptibility. Our results could lead to a well-grounded next generation of phishing defense solutions and training, which would take into account user age, weapons of influence, and life domains, to be effective.

Daniela Oliveira, Associate Professor, University of Florida

Daniela Oliveira is an Associate Professor in the Department of Electrical and Computer Engineering at the University of Florida. She received her BS and MS degrees in Computer Science from the Federal University of Minas Gerais in Brazil. She then earned her PhD in Computer Science from the University of California, Davis. Her main research interest is interdisciplinary computer security, where she employs successful ideas from other fields to make computer systems more secure. Her current research interests include adding uncertainty to OS behavior to increase attackers’ work factor, understanding and addressing spear phishing susceptibility, cross-layer and personalized security, and understanding developer’s security blind spots. She received a National Science Foundation CAREER Award in 2012 for her innovative research into operating systems' defense against attacks using virtual machines and the 2014 NSF Presidential Early Career Award for Scientists and Engineers (PECASE) by President Obama. She is a National Academy of Sciences Kavli Frontiers of Science Fellow and a National Academy of Engineers Frontiers of Engineering Symposium Alumni. Her research has been sponsored by the National Science Foundation (NSF), Defense Advanced Research Projects Agency (DARPA), and MIT Lincoln Laboratory.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {201683,
author = {Daniela Oliveira},
title = {Security for Vulnerable {Populations{\textemdash}On} the Interplay of Weapons of Influence and Life Domains in Predicting Older Adults{\textquoteright} Susceptibility to {Spear-Phishing} Emails},
year = {2017},
address = {Oakland, CA},
publisher = {USENIX Association},
month = jan
}

Presentation Video