Phishing threat avoidance behaviour: An empirical investigation
Abstract Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. Phishing education needs to be considered...
View ArticleSharing Health Information on Facebook: Practices, Preferences, and Risk...
Motivated by the benefits, people have used a variety of webbased services to share health information (HI) online. Among these services, Facebook, which enjoys the largest population of active...
View ArticleSnooping on Mobile Phones: Prevalence and Trends
Personal mobile devices keep private information which people other than the owner may try to access. Thus far, it has been unclear how common it is for people to snoop on one another’s devices....
View ArticleHarvesting the Low-hanging Fruits: Defending Against Automated Large-Scale...
The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic. Defenses generally focus on identifying the...
View ArticleI Don’t Use Apple Pay Because It’s Less Secure ...: Perception of Security...
This paper reports on why people use, not use, or have stopped using mobile tap-and-pay in stores. The results of our online survey with 349 Apple Pay and 511 Android Pay participants suggest that the...
View ArticleI’m too Busy to Reset my LinkedIn Password: On the Effectiveness of Password...
A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. This paper...
View ArticleCharacterizing Social Insider Attacks on Facebook
Facebook accounts are secured against unauthorized access through passwords and device-level security. Those defenses, however, may not be sufficient to prevent social insider attacks, where attackers...
View ArticleThe Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy...
Current smartphone operating systems regulate application permissions by prompting users on an ask-on-first-use basis. Prior research has shown that this method is ineffective because it fails to...
View ArticleDecoupling data-at-rest encryption and smartphone locking with wearable devices
Smartphones store sensitive and confidential data, e.g., business related documents or emails. If a smartphone is stolen, such data are at risk of disclosure. To mitigate this risk, modern smartphones...
View ArticleAndroid users in the wild: Their authentication and usage behavior
In this paper, we performed a longitudinal field study with 41 participants, who installed our monitoring framework on their Android smartphones and ran it for at least 20 days. We examined how...
View ArticleContextualizing Privacy Decisions for Better Prediction (and Protection)
Modern mobile operating systems implement an ask-on-first-use policy to regulate applications’ access to private user data: the user is prompted to allow or deny access to a sensitive resource the...
View ArticleDynamically Regulating Mobile Application Permissions
Current smartphone operating systems employ permission systems to regulate how apps access sensitive resources. These systems are not well-aligned with users’ privacy expectations: users often have no...
View ArticleForecasting Suspicious Account Activity at Large-Scale Online Service Providers
In the face of large-scale automated social engineering attacks to large online services, fast detection and remediation of compromised accounts are crucial to limit the spread of new attacks and to...
View ArticleSource Attribution of Cryptographic API Misuse in Android Applications
Recent research suggests that 88% of Android applications that use Java cryptographic APIs make at least one mistake, which results in an insecure implementation. It is unclear, however, if these...
View ArticleAdvancing the Understanding of Android Unlocking and Usage
Research efforts have been made towards creating mobile authentication systems to better serve users’ concerns regarding usability and security. While previous works have revealed real world smartphone...
View ArticleContextual Permission Models for Better Privacy Protection
Despite corporate cyber intrusions attracting all the attention, privacy breaches that we, as ordinary users, should be worried about occur every day without any scrutiny. Smartphones, a household...
View ArticleAnalysis of Data-At-Rest Security In Smartphones
With almost two billion users worldwide, smartphones are used for almost everything – booking a hotel, ordering a cup of coffee, or paying in a shop. However, small size and high mobility makes these...
View ArticleForecasting Suspicious Account Activity at Large-Scale Online Service Providers
In the face of large-scale automated social engineering attacks to large online services, fast detection and remediation of compromised accounts are crucial to limit the spread of the attack and to...
View ArticleTowards Understanding the Link Between Age and Smartphone Authentication
While previous work on smartphone (un)locking has revealed real world usage patterns, several aspects still need to be explored. In this paper, we fill one of these knowledge gaps: the interplay...
View ArticleVulnerability & Blame: Making Sense of Unauthorized Access to Smartphones
Unauthorized physical access to personal devices by people known to the owner of the device is a common concern, and a common occurrence. But how do people experience incidents of unauthorized access?...
View ArticlePrivacy on Social Networking Sites Among Canadian Teenagers
The widespread popularity of social networking sites (SNSs) among teenagers continually raises concerns over their safety among parents, educators, and policy makers. Although a teen’s use of such...
View ArticleAmazon vs. My Brother: How Users of Shared Smart Speakers Perceive and Cope...
With the rapid adoption of smart speakers in people’s homes, there is a corresponding increase in users’ privacy and security concerns. In contrast to previous studies of users’ concerns about smart...
View ArticleThe Burden of Ending Online Account Sharing
Many people share online accounts, even in situations where high privacy and security are expected. Naturally, the sharing of these accounts does not endure forever. This paper reports the privacy and...
View ArticleSurviving the Cryptojungle: Perception and Management of Risk Among North...
With the massive growth of cryptocurrency markets in recent years has come an influx of new users and investors, pushing the overall number of owners into the millions. At the same time, the number of...
View ArticleTowards Understanding Privacy and Trust in Online Reporting of Sexual Assault
According to the United States Department of Justice, every 73 seconds, an American is sexually assaulted. However, sexual assault is under-reported. Globally, 95% of sexual assault cases are...
View Article
