"Phishing for Billions: When Accuracy isn't Enough"

Users are still hesitant to use security software that can identify and delete phishing emails with near-perfect accuracy. Instead, they want to use their own discretion to detect digital deception. In the past decade, phishing attacks have resulted in billions of dollars in damages, leaving researchers baffled. In a paper titled "It's not just about accuracy: An investigation of the human factors in users' reliance on anti-phishing tools," Zachary Steelman, Sebastian Schuetz, and Rhonda Syler explore the variables that contribute to this hesitation. Not only do users want their tools to produce accurate results, but they also want to know how the tool operates. The researchers conducted two studies to gain a deeper understanding of what individuals expect from security tools. The first study demonstrated that greater tool accuracy does increase user reliance on tools. They also found that the frequency of warning alerts can affect a user's level of trust in the tool. People develop strong skepticism for programs that repeatedly mistakenly flag messages. In contrast, if a program is extremely accurate, users will have more trust in it if they receive regular alerts. People's dependence on something is heavily influenced by their level of trust. If security tools offer users accurate alerts on a regular basis, the person getting the alerts continually gains proof that they can rely on the program to direct them away from phishing attempts. If the user receives too many false alerts, the user will distrust the application and disregard the tool. This article continues to discuss the study of human factors contributing to users' reliance on anti-phishing tools. 

The University of Arkansas reports "Phishing for Billions: When Accuracy isn't Enough"