As people have more information about themselves available online, and with more data breaches occurring, it is simple for scammers to use credible information to build trust and initiate spear phishing attacks. The victims are then left with their personal identity information compromised and/or financially distressed. Social engineering attacks are difficult to combat, and especially difficult to recover from in terms of financially, psychologically, and more. How might we help consumers protect themselves from these phishing scams—specifically ones that occur over the phone and particularly when they use social engineering tactics? We aim to explore potential solutions to better protect consumers based on data we collect on phone phishing attacks, or known as vishing. The first phase of our research involves information gathering through in-depth interviews and scraping online sources to build an understanding of social engineering tactics in vishing attacks. The second phase then uses the information to design a prototype of a tool for consumers to protect themselves against social engineering tactics. Our human-centered design approach aims to produce a solution through design iterations and usability testing, given the current lack of effective resources available for consumers to combat social engineering tactics through vishing.
Grant / August 2019