Redesigning Phishing Defense with Phriendly Personalization

Monday, February 01, 2021 - 2:15 pm2:45 pm

Sanchari Das, Assistant Professor, University of Denver


Phishing is one of the most well-known cybersecurity threats. However, every day, we witness reports on several phishing attacks despite the availability of solutions, such as training and automatic warnings. Such attacks are detrimental not only to an individual but also to the data of associated people or organizations. Phishing training has been widely adopted by academia and industry without verification that such testing works. The most significant predictor that an employee will fall for a phishing attempt in real life is that they failed the training. This means that people who are not resilient against phishing before training are not resilient during or after training. We propose a radically different human-centered approach, where the interaction focuses on distinguishing the new from the familiar, and the functionality of unfamiliar websites is limited. Our research and open code pilot implements risk-limiting on websites and concurrent risk communication, taking a cue from safety engineering. The goal is to prevent instant catastrophic losses due to phishing attacks. To accomplish this, we build a functional crumple zone that slows decision time, allowing individuals who would otherwise fall for phishing to walk away unscathed. Our work not only focuses on humans but also provides the technical tools that will help build a phishing-resilient workspace.

Sanchari Das, University of Denver

Sanchari Das is an Assistant Professor at the Department of Computer Science in the Ritchie School of Engineering and Computer Science at the University of Denver. Her research lab - Security and Privacy Research in New-Age Technology (SPRINT) focuses on computer security, privacy, education, human-computer interaction, social computing, accessibility, and sustainability of new-age technologies.

She received her Ph.D. from Indiana University Bloomington under the supervision of Dr. L. Jean Camp. Her dissertation focused on understanding users' risk mental models to help in secure decision-making for authentication technologies. She has also worked on projects related to social media privacy, privacy policies, the economics of security, IoT device security, electronic waste security, the security of AR/VR/MR devices, and others.

She is also working as a User Experience Consultant for the secure technologies at Parity Technology and as a Global Privacy Adviser at

Earlier she has completed Masters in Security Informatics from Indiana University Bloomington, Masters in Computer Applications from Jadavpur University, Bachelors in Computer Applications from The Heritage Academy. She has previously worked as a Security and Software Engineer for American Express, Infosys Technologies, and HCL Technologies.

Sanchari's research work has been published in several top-tier academic venues, including CHI, FC, SOUPS, etc. She has also presented at several security conferences, including BlackHat, RSA, BSides, Enigma, and others. These works have also received media coverage in CNET, The Register, VentureBeat, PC Magazine, Iron Geek, and other venues.

@conference {264114,
author = {Sanchari Das},
title = {Redesigning Phishing Defense with Phriendly Personalization},
year = {2021},
address = {Oakland, CA},
publisher = {{USENIX} Association},
month = feb,