Abstract:

This paper presents a study of the Human Computer Interaction (HCI) in the web browsing domain while users are under the strain of a real life phishing attack as a security risk. It focuses on the natural and spontaneous behavior of the victim’s eyes areas of interest and flows in web browsers interface. An eye tracking experiment and its results provide quantitative evidence of the usability of visual security indicators and design vulnerability in web browsers. We first categorized a large set of websites and created phishing Webpages using most known phishing techniques, and then a group of users took the real life phishing experiment on eye tracking machine. We found that the simplicity approach in web design causes more damage rather than helping in online security, and that the current sleek design of web browsers acts like a funnel that traps users into providing their credentials and overlook the security indicators. The results also show the security certificate cues was not looked by the participants to determine the legitimacy of the presented websites. Our main contribution is the user-centric definition of HCI in cyber security and to help prepare for the next generation of web browser