End User Mental Models of Social Engineering Attacks
Public Deposited- Resource Type
- Creator
- Abstract
How do end users understand social engineering attacks, and how do their mental models differ from reality? To investigate, we have proposed a new social engineering attack framework, and ran two studies using the framework as the foundation. In the first study, we conducted 30 interviews to investigate social engineering mental models, and found that confidence and accuracy are underlying themes that affect users' mental models. In the second survey, we quantified how confidence and accuracy impact mental models at different stages of an attack. We found that users tend to be overconfident in their ability to understand social engineering attacks, but hold inaccurate beliefs. They hold major misconceptions of what constitutes as social engineering, and the threat levels of these attacks. Based on our results, we have proposed various educational and design opportunities to match social engineering mitigation strategies to end user mental models of social engineering.
- Subject
- Language
- Publisher
- Thesis Degree Level
- Thesis Degree Name
- Thesis Degree Discipline
- Identifier
- Rights Notes
Copyright © 2021 the author(s). Theses may be used for non-commercial research, educational, or related academic purposes only. Such uses include personal study, research, scholarship, and teaching. Theses may only be shared by linking to Carleton University Institutional Repository and no part may be used without proper attribution to the author. No part may be used for commercial purposes directly or indirectly via a for-profit platform; no adaptation or derivative works are permitted without consent from the copyright owner.
- Date Created
- 2021
Relations
- In Collection:
Items
| Thumbnail | Title | Date Uploaded | Visibility | Actions |
|---|---|---|---|---|
|
|
kyi-endusermentalmodelsofsocialengineeringattacks.pdf | 2023-05-05 | Public | Download |