72

Personalized Guidelines for Design, Implementation and Evaluation of Anti-phishing Interventions

Abstract

Background: Current anti-phishing interventions, which typically involve one-size-fits-all solutions, suffer from limitations such as inadequate usability and poor implementation. Human-centric challenges in anti-phishing technologies remain little understood. Research shows a deficiency in the comprehension of end-user preferences, mental states, and cognitive requirements by developers and practitioners involved in the design, implementation, and evaluation of anti-phishing interventions. Aims: This study addresses the current lack of resources and guidelines for the design, implementation and evaluation of anti-phishing interventions, by presenting personalized guidelines to the developers and practitioners. Method: Through an analysis of 53 academic studies and 16 items of grey literature studies, we systematically identified the challenges and recommendations within the anti-phishing interventions, across different practitioner groups and intervention types. Results: We identified 22 dominant factors at the individual, technical, and organizational levels, that affected the effectiveness of anti-phishing interventions and, accordingly, reported 41 guidelines based on the suggestions and recommendations provided in the studies to improve the outcome of anti-phishing interventions. Conclusions: Our dominant factors can help developers and practitioners enhance their understanding of human-centric, technical and organizational issues in anti-phishing interventions. Our customized guidelines can empower developers and practitioners to counteract phishing attacks.

View on arXiv
Comments on this paper

We use cookies and other tracking technologies to improve your browsing experience on our website, to show you personalized content and targeted ads, to analyze our website traffic, and to understand where our visitors are coming from. See our policy.