Keeping Users Away from Clickbait
Social media sites such as Facebook are popular platforms for spreading clickbait, links with misleading titles that do not deliver on their promises. Not only does clickbait waste users' time, it often directs users to phishing sites and sites containing spyware and malware. In this project, we study users' clicking behavior and corresponding security mental models to better understand their vulnerability to clickbait and examine the effects of a wide range of social engineering techniques used to attract clicks from users. Our findings inform how to develop usable and effective interventions to protect users from clickbait.
Users' Awareness of, and Protection against Cyber Attacks
In this project, we investigate users' perceptions of adversaries' strategies to gain access to their devices and accounts containing personal information and sensitive credentials. We examine how users identify an unauthorized access and protect their information from cyber attacks. Our analysis reveals the gaps between users' protection techniques and recommended best practices, leading to the design of usable tools and technologies to address these gaps in users' security behavior.
Mahdi Nasrullah Al-Ameen, Huzeyfe Kocabas. ``I cannot do anything'': User's Behavior and Protection Strategy upon Losing, or Identifying Unauthorized Access to Online Account. In Symposium on Usable Privacy and Security (SOUPS). August 2020. [sp]
Sovantharith Seng, Mahdi Nasrullah Al-Ameen, Matthew Wright. Understanding Users' Decision of Clicking on Posts in Facebook with Implications for Phishing. In IEEE S&P Workshop on Technology and Consumer Protection (ConPro). May 2018.
Sovantharith Seng, Huzeyfe Kocabas, Mahdi Nasrullah Al-Ameen, Matthew Wright. Understanding User’s Decision to Interact with Potential Phishing Posts on Facebook using a Vignette Study. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). November 2019. [sp]
Sovantharith Seng, Mahdi Nasrullah Al-Ameen, Matthew Wright. Phishing on Facebook. In IEEE Symposium on Security and Privacy (IEEE S&P). May 2017. [sp]
*sp: short paper/poster session