TU Darmstadt / ULB / TUprints

SoK: Still Plenty of Phish in the Sea - A Taxonomy of User-Oriented Phishing Interventions and Avenues for Future Research

Franz, Anjuli ; Zimmermann, Verena ; Albrecht, Gregor ; Hartwig, Katrin ; Reuter, Christian ; Benlian, Alexander ; Vogt, Joachim (2023)
SoK: Still Plenty of Phish in the Sea - A Taxonomy of User-Oriented Phishing Interventions and Avenues for Future Research.
virtual Conference (08.08.2021-13.08.2021)
doi: 10.26083/tuprints-00020675
Conference or Workshop Item, Secondary publication, Publisher's Version

[img] Text
soups2021-franz.pdf
Copyright Information: CC BY 4.0 International - Creative Commons, Attribution.

Download (2MB)
[img] Slideshow
soups2021_slides_franz.pdf
Copyright Information: CC BY 4.0 International - Creative Commons, Attribution.

Download (1MB)
Item Type: Conference or Workshop Item
Type of entry: Secondary publication
Title: SoK: Still Plenty of Phish in the Sea - A Taxonomy of User-Oriented Phishing Interventions and Avenues for Future Research
Language: English
Date: 2023
Place of Publication: Darmstadt
Year of primary publication: 2021
Publisher: USENIX Association
Book Title: Proceedings of the Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021)
Event Location: virtual Conference
Event Dates: 08.08.2021-13.08.2021
DOI: 10.26083/tuprints-00020675
Corresponding Links:
Origin: Secondary publication service
Abstract:

Phishing is a prevalent cyber threat, targeting individuals and organizations alike. Previous approaches on anti-phishing measures have started to recognize the role of the user, who, at the center of the target, builds the last line of defense. However, user-oriented phishing interventions are fragmented across a diverse research landscape, which has not been systematized to date. This makes it challenging to gain an overview of the various approaches taken by prior works. In this paper, we present a taxonomy of phishing interventions based on a systematic literature analysis. We shed light on the diversity of existing approaches by analyzing them with respect to the intervention type, the addressed phishing attack vector, the time at which the intervention takes place, and the required user interaction. Furthermore, we highlight shortcomings and challenges emerging from both our literature sample and prior meta-analyses, and discuss them in the light of current movements in the field of usable security. With this article, we hope to provide useful directions for future works on phishing interventions.

Status: Publisher's Version
URN: urn:nbn:de:tuda-tuprints-206754
Additional Information:

Presentation video: https://youtu.be/k8m8zGNNFBA

Classification DDC: 000 Generalities, computers, information > 004 Computer science
Divisions: 20 Department of Computer Science > Science and Technology for Peace and Security (PEASEC)
Date Deposited: 10 Feb 2023 09:54
Last Modified: 15 Aug 2023 13:22
URI: https://tuprints.ulb.tu-darmstadt.de/id/eprint/20675
PPN: 505708175
Export:
Actions (login required)
View Item View Item