Loading...
Publication
AparĂȘncias enganam? O papel da familiaridade visual no phishing
| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 13.07 MB | Adobe PDF |
Advisor(s)
Abstract(s)
O phishing continua a representar uma das mais comuns e eficazes formas de ameaça no panorama da cibersegurança nacional. Esta ameaça explora as vulnerabilidades humanas atravĂ©s de manipulação visual, textual e contextual. Esta dissertação teve como objetivo, compreender o papel do design e da familiaridade visual na perceção de segurança dos utilizadores perante e-mails de phishing. Para tal, foram identificadas estratĂ©gias psicolĂłgicas, grĂĄficas e tĂ©cnicas presentes na literatura, e, desenvolvido um questionĂĄrio estruturado em diferentes secçÔes, que incluiu a caracterização sociodemogrĂĄfica, a avaliação de literacia digital e cibersegurança, e uma componente experimental baseada na anĂĄlise de trĂȘs casos prĂĄticos comparativos de e-mails legĂtimos e fraudulentos.
A amostra foi constituĂda por participantes de diferentes geraçÔes digitais, dividida em nativos digitais e imigrantes digitais, permitindo analisar variĂĄveis como literacia digital, experiĂȘncia prĂ©via com phishing e pertença geracional. De forma geral, verificou-se que a familiaridade com marcas reconhecidas constitui o fator mais determinante para a perceção de legitimidade, mesmo quando associada a mensagens fraudulentas com baixo nĂvel de sofisticação visual. A literacia digital revelou-se igualmente relevante, estando associada a uma maior capacidade de identificar corretamente e-mails de phishing, independentemente da geração. Por outro lado, a presença de elementos grĂĄficos isolados nĂŁo aumentou a confiança dos utilizadores, e a condição de cliente das marcas imitadas nĂŁo se traduziu em maior vulnerabilidade. A experiĂȘncia prĂ©via com phishing esteve fortemente associada ao aumento da autoconfiança dos participantes, mas nĂŁo ao desempenho objetivo, sugerindo uma dissociação entre perceção subjetiva e eficĂĄcia real.
Os resultados, permitem concluir que a vulnerabilidade ao phishing decorre sobretudo da interação entre atalhos cognitivos associados Ă familiaridade e nĂvel de competĂȘncia digital, reforçando a necessidade de estratĂ©gias de sensibilização e formação que nĂŁo apenas aumentem a literacia digital, mas que promovam tambĂ©m o pensamento crĂtico perante mensagens aparentemente legĂtimas, de modo a mitigar açÔes impulsivas perante e-mails familiares.
Phishing remains one of the most common and effective forms of threat in the national cybersecurity landscape. This threat exploits human vulnerabilities through visual and contextual manipulation. The aim of this dissertation was to understand the role of design and visual familiarity in users' perception of security when faced with phishing e-mails. To be able to achieve this, the study looked at psychological, graphic, and technical strategies found in the literature and developed a questionnaire with different sections, including sociodemographic characterization, digital literacy awareness, cybersecurity awareness, and an experimental approach based on analyzing three comparative scenarios of legitimate and fraudulent emails. The sample consisted of participants from different digital generations, divided into digital natives and digital immigrants, allowing for the analysis of variables such as digital literacy, previous experience with phishing, and generational affiliation. In general, it was found that familiarity with recognized brands is the most decisive factor in the perception of legitimacy, even when associated with fraudulent messages with a low level of visual sophistication. Digital literacy proved to be equally relevant, being linked to a greater ability to correctly identify phishing e-mails, regardless of generation. On the other hand, the isolated presence of graphic elements did not increase user confidence, and being a customer of the imitated brands did not translate into greater vulnerability. Previous experience with phishing was significantly associated with increased self-confidence among participants, but not with objective performance, suggesting a disconnect between subjective perception and actual effectiveness. The findings lead to conclude that vulnerability to phishing is mainly due to the interaction between familiarity-based cognitive shortcuts and digital proficiency, reinforcing the need for awareness-raising and training strategies that not only increase digital literacy but also promote critical thinking when faced with seemingly legitimate messages, to mitigate impulsive actions when dealing with familiar e-mails.
Phishing remains one of the most common and effective forms of threat in the national cybersecurity landscape. This threat exploits human vulnerabilities through visual and contextual manipulation. The aim of this dissertation was to understand the role of design and visual familiarity in users' perception of security when faced with phishing e-mails. To be able to achieve this, the study looked at psychological, graphic, and technical strategies found in the literature and developed a questionnaire with different sections, including sociodemographic characterization, digital literacy awareness, cybersecurity awareness, and an experimental approach based on analyzing three comparative scenarios of legitimate and fraudulent emails. The sample consisted of participants from different digital generations, divided into digital natives and digital immigrants, allowing for the analysis of variables such as digital literacy, previous experience with phishing, and generational affiliation. In general, it was found that familiarity with recognized brands is the most decisive factor in the perception of legitimacy, even when associated with fraudulent messages with a low level of visual sophistication. Digital literacy proved to be equally relevant, being linked to a greater ability to correctly identify phishing e-mails, regardless of generation. On the other hand, the isolated presence of graphic elements did not increase user confidence, and being a customer of the imitated brands did not translate into greater vulnerability. Previous experience with phishing was significantly associated with increased self-confidence among participants, but not with objective performance, suggesting a disconnect between subjective perception and actual effectiveness. The findings lead to conclude that vulnerability to phishing is mainly due to the interaction between familiarity-based cognitive shortcuts and digital proficiency, reinforcing the need for awareness-raising and training strategies that not only increase digital literacy but also promote critical thinking when faced with seemingly legitimate messages, to mitigate impulsive actions when dealing with familiar e-mails.
Description
Keywords
Phishing Engenharia social Cibersegurança Comportamento do consumidor Perceção de segurança Design Familiaridade visual Nativos digitais Imigrantes digitais