ABSTRACT
Phishing detection and prevention have become topics of interest to researchers and the impacted parties. Phishing scams are intentionally designed to exploit humans’ weaknesses at detecting false information within cyber environments. This makes it necessary to pursue an interdisciplinary approach involving computer science and psychology to mitigate the attacks. We survey the status of phishing attacks, revealing that phishing detection and prevention is challenging because (1) the scope of the attacks keeps broadening and (2) the techniques used to perpetrate the attacks keep evolving. We examine human information processing of the adversary and the victim, which suggests an asymmetry of information between the two parties, is critical to the success of phishing attacks. To take advantage of such information asymmetry, we discuss alternative approaches suggested by basic cognitive psychology that use the cues provided in phishing messages to improve end users’ detection of phishing scams.
