SoK: Still Plenty of Phish in the Sea — A Taxonomy of User-Oriented Phishing Interventions and Avenues for Future Research

Authors: 

Anjuli Franz, Verena Zimmermann, Gregor Albrecht, Katrin Hartwig, Christian Reuter, Alexander Benlian, and Joachim Vogt, Technical University of Darmstadt

Abstract: 

Phishing is a prevalent cyber threat, targeting individuals and organizations alike. Previous approaches on anti-phishing measures have started to recognize the role of the user, who, at the center of the target, builds the last line of defense. However, user-oriented phishing interventions are fragmented across a diverse research landscape, which has not been systematized to date. This makes it challenging to gain an overview of the various approaches taken by prior works. In this paper, we present a taxonomy of phishing interventions based on a systematic literature analysis. We shed light on the diversity of existing approaches by analyzing them with respect to the intervention type, the addressed phishing attack vector, the time at which the intervention takes place, and the required user interaction. Furthermore, we highlight shortcomings and challenges emerging from both our literature sample and prior meta-analyses, and discuss them in the light of current movements in the field of usable security. With this article, we hope to provide useful directions for future works on phishing interventions.

SOUPS 2021 Open Access Videos Sponsored by
Ethyca

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {274447,
author = {Anjuli Franz and Verena Zimmermann and Gregor Albrecht and Katrin Hartwig and Christian Reuter and Alexander Benlian and Joachim Vogt},
title = {{SoK}: Still Plenty of Phish in the Sea {\textemdash} A Taxonomy of {User-Oriented} Phishing Interventions and Avenues for Future Research},
booktitle = {Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021)},
year = {2021},
isbn = {978-1-939133-25-0},
pages = {339--358},
url = {https://www.usenix.org/conference/soups2021/presentation/franz},
publisher = {USENIX Association},
month = aug
}

Presentation Video