-
Digital Privacy for Migrants: Exploring Current Research Trends and Future Prospects
Authors:
Sarah Tabassum,
Cori Faklaris
Abstract:
This paper explores digital privacy challenges for migrants, analyzing trends from 2013 to 2023. Migrants face heightened risks such as government surveillance and identity theft. Understanding these threats is vital for raising awareness and guiding research towards effective solutions and policies to protect migrant digital privacy.
This paper explores digital privacy challenges for migrants, analyzing trends from 2013 to 2023. Migrants face heightened risks such as government surveillance and identity theft. Understanding these threats is vital for raising awareness and guiding research towards effective solutions and policies to protect migrant digital privacy.
△ Less
Submitted 4 June, 2024;
originally announced June 2024.
-
Mitigating Smishing: Challenges and Future Work
Authors:
Cori Faklaris
Abstract:
This paper describes three principal challenges in smishing mitigation - limitations of device affordances, complexity of infrastructure, and cognitive and contextual factors of mobile device use. We give a high-level overview of ideas that can mitigate smishing and work around these challenges.
This paper describes three principal challenges in smishing mitigation - limitations of device affordances, complexity of infrastructure, and cognitive and contextual factors of mobile device use. We give a high-level overview of ideas that can mitigate smishing and work around these challenges.
△ Less
Submitted 25 January, 2024;
originally announced January 2024.
-
Preliminary Results from a U.S. Demographic Analysis of SMiSh Susceptibility
Authors:
Cori Faklaris,
Heather Richter Lipford,
Sarah Tabassum
Abstract:
As adoption of mobile phones has skyrocketed, so have scams involving them. The text method is called SMiShing, (aka SMShing, or smishing) in which a fraudster sends a phishing link via Short Message Service (SMS) text to a phone. However, no data exists on who is most vulnerable to SMiShing. Prior work in phishing (its e-mail cousin) indicates that this is likely to vary by demographic and contex…
▽ More
As adoption of mobile phones has skyrocketed, so have scams involving them. The text method is called SMiShing, (aka SMShing, or smishing) in which a fraudster sends a phishing link via Short Message Service (SMS) text to a phone. However, no data exists on who is most vulnerable to SMiShing. Prior work in phishing (its e-mail cousin) indicates that this is likely to vary by demographic and contextual factors. In our study, we collect this data from N=1007 U.S. adult mobile phone users. Younger people and college students emerge in this sample as the most vulnerable. Participants struggled to correctly identify legitimate messages and were easily misled when they knew they had an account with the faked message entity. Counterintuitively, participants with higher levels of security training and awareness were less correct in rating possible SMiSH. We recommend next steps for researchers, regulators and telecom providers.
△ Less
Submitted 12 September, 2023;
originally announced September 2023.
-
Experimental Evidence for Using a TTM Stages of Change Model in Boosting Progress Toward 2FA Adoption
Authors:
Cori Faklaris,
Laura Dabbish,
Jason I. Hong
Abstract:
Behavior change ideas from health psychology can also help boost end user compliance with security recommendations, such as adopting two-factor authentication (2FA). Our research adapts the Transtheoretical Model Stages of Change from health and wellness research to a cybersecurity context. We first create and validate an assessment to identify workers on Amazon Mechanical Turk who have not enable…
▽ More
Behavior change ideas from health psychology can also help boost end user compliance with security recommendations, such as adopting two-factor authentication (2FA). Our research adapts the Transtheoretical Model Stages of Change from health and wellness research to a cybersecurity context. We first create and validate an assessment to identify workers on Amazon Mechanical Turk who have not enabled 2FA for their accounts as being in Stage 1 (no intention to adopt 2FA) or Stages 2-3 (some intention to adopt 2FA). We randomly assigned participants to receive an informational intervention with varied content (highlighting process, norms, or both) or not. After three days, we again surveyed workers for Stage of Amazon 2FA adoption. We found that those in the intervention group showed more progress toward action/maintenance (Stages 4-5) than those in the control group, and those who received content highlighting the process of enabling 2FA were significantly more likely to progress toward 2FA adoption. Our work contributes support for applying a Stages of Change Model in usable security.
△ Less
Submitted 13 May, 2022;
originally announced May 2022.
-
Do They Accept or Resist Cybersecurity Measures? Development and Validation of the 13-Item Security Attitude Inventory (SA-13)
Authors:
Cori Faklaris,
Laura Dabbish,
Jason I. Hong
Abstract:
We present SA-13, the 13-item Security Attitude inventory. We develop and validate this assessment of cybersecurity attitudes by conducting an exploratory factor analysis, confirmatory factor analysis, and other tests with data from a U.S. Census-weighted Qualtrics panel (N=209). Beyond a core six indicators of Engagement with Security Measures (SA-Engagement, three items) and Attentiveness to Sec…
▽ More
We present SA-13, the 13-item Security Attitude inventory. We develop and validate this assessment of cybersecurity attitudes by conducting an exploratory factor analysis, confirmatory factor analysis, and other tests with data from a U.S. Census-weighted Qualtrics panel (N=209). Beyond a core six indicators of Engagement with Security Measures (SA-Engagement, three items) and Attentiveness to Security Measures (SA-Attentiveness, three items), our SA-13 inventory adds indicators of Resistance to Security Measures (SA-Resistance, four items) and Concernedness with Improving Compliance (SA-Concernedness, three items). SA-13 and the subscales exhibit desirable psychometric qualities; and higher scores on SA-13 and on the SA-Engagement and SA-Attentiveness subscales are associated with higher scores for security behavior intention and for self-reported recent security behaviors. SA-13 and the subscales are useful for researchers and security awareness teams who need a lightweight survey measure of user security attitudes. The composite score of the 13 indicators provides a compact measurement of cybersecurity decisional balance.
△ Less
Submitted 6 April, 2022;
originally announced April 2022.
-
Decentralized is not risk-free: Understanding public perceptions of privacy-utility trade-offs in COVID-19 contact-tracing apps
Authors:
Tianshi Li,
Jackie,
Yang,
Cori Faklaris,
Jennifer King,
Yuvraj Agarwal,
Laura Dabbish,
Jason I. Hong
Abstract:
Contact-tracing apps have potential benefits in hel** health authorities to act swiftly to halt the spread of COVID-19. However, their effectiveness is heavily dependent on their installation rate, which may be influenced by people's perceptions of the utility of these apps and any potential privacy risks due to the collection and releasing of sensitive user data (e.g., user identity and locatio…
▽ More
Contact-tracing apps have potential benefits in hel** health authorities to act swiftly to halt the spread of COVID-19. However, their effectiveness is heavily dependent on their installation rate, which may be influenced by people's perceptions of the utility of these apps and any potential privacy risks due to the collection and releasing of sensitive user data (e.g., user identity and location). In this paper, we present a survey study that examined people's willingness to install six different contact-tracing apps after informing them of the risks and benefits of each design option (with a U.S.-only sample on Amazon Mechanical Turk, $N=208$). The six app designs covered two major design dimensions (centralized vs decentralized, basic contact tracing vs. also providing hotspot information), grounded in our analysis of existing contact-tracing app proposals.
Contrary to assumptions of some prior work, we found that the majority of people in our sample preferred to install apps that use a centralized server for contact tracing, as they are more willing to allow a centralized authority to access the identity of app users rather than allowing tech-savvy users to infer the identity of diagnosed users. We also found that the majority of our sample preferred to install apps that share diagnosed users' recent locations in public places to show hotspots of infection. Our results suggest that apps using a centralized architecture with strong security protection to do basic contact tracing and providing users with other useful information such as hotspots of infection in public places may achieve a high adoption rate in the U.S.
△ Less
Submitted 25 May, 2020;
originally announced May 2020.
-
An Exploration of User and Bystander Attitudes About Mobile Live-Streaming Video
Authors:
Cori Faklaris,
Asa Blevins,
Matthew O'Haver,
Neha Singhal,
Francesco Cafaro
Abstract:
Thanks to mobile apps such as Periscope and Facebook Live, live-streaming video is having a moment again. It has not been clear, however, to what extent the current ubiquity of smartphones is impacting this technology's acceptance in everyday social situations and how mobile contexts or affordances will affect and be affected by shifts in social norms and policy debates regarding privacy, surveill…
▽ More
Thanks to mobile apps such as Periscope and Facebook Live, live-streaming video is having a moment again. It has not been clear, however, to what extent the current ubiquity of smartphones is impacting this technology's acceptance in everyday social situations and how mobile contexts or affordances will affect and be affected by shifts in social norms and policy debates regarding privacy, surveillance and intellectual property. This ethnographic-style research explores familiarity with and attitudes about mobile live-streaming video and related legal and ethical issues among a sample of "Middle America" participants at two typical outdoor social events: sports tailgating and a rooftop party. In situ observations of n=110 bystanders to the use of a smartphone, including interviews with n=20, revealed that many are not fully aware of when their image or speech is being live-streamed in a casual context and want stronger notifications of and ability to consent to such broadcasting.
△ Less
Submitted 18 February, 2019;
originally announced February 2019.