Eye-Tracking Phishing E-mails

Queensland University of Technology’s Nir Mazor put phishing to the test with eye tracking. Using Tobii eye trackers, Mazor set out to identify how where we look when we evaluate an e-mail relates to our susceptibility to falling for these phishing traps.


Social engineering attacks are more prevalent than ever and the fiscal damage which they cause is of enormous proportion. The most prevalent of such attacks is phishing – an attack (usually in a form of an e-mail) which aims at compromising the victim’s personal information by means of psychological manipulation (such as authoritative and urgent tone of persuasion) in conjunction with an interaction with a malicious link. Developed solutions are mostly technical rather than human-oriented ones. Unfortunately, these solutions do little to eliminate or at least reduce the rate of and damage caused by phishing e-mails.

This study focuses on examining the visual way in which users interact with phishing e-mails to try and establish a recommended visual pattern of e-mail inspection. This understanding may contribute to insights on how to improve inbox UI design in a way which will effectively highlight informative components. To achieve such an insight, the study employed an eye-tracker named Tobii Glasses 2, which recorded the gazes of subjects while making “safe”/”unsafe” decisions in regards to 20 e-mail samples, our of which 80% were phishing e-mails. The collected data had been analyzed through visual heat maps and gaze plots.

The results showed that participants who are more susceptible to phishing focus mainly on the content of the e-mail and its image (if present) while resilient participants focus more on the sender’s address and the URL (if present). Moreover, not only is the attention of the former diverted to less informative components, but their total number of gazes is generally lower.

These outcomes may lead to designing more effective user awareness training and improving the UI of e-mail services. Most importantly, it will provide a theoretical framework for future studies of this nature.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s