PhishTracker : Exploiting Eye-Tracking to Analyze User Behavior Under Phishing Attacks

In our increasingly digital world, phishing attacks pose a persistent threat that requires enhanced cybersecurity measures. This thesis addresses the urgent need for better cybersecurity measures against persistent phishing threats, highlighting a gap in our understanding of how users cognitively and behaviorally respond to phishing emails. By analyzing users’ visual and cognitive reactions to potential phishing content through two separate tests, this study aims to clarify the changes in behavior caused by malicious emails and the criteria for determining their legitimacy. Users interact with email content sequentially until suspicion triggers a shift to a more discrete investigative approach, particularly on phishing indicators. Additionally, participants who accurately identified the emails as legitimate evaluated them holistically by analyzing all components of the email. In contrast, participants who misclassified emails tended to focus on particular elements, such as URLs, suggesting a targeted but narrower detection strategy. Nevertheless, our study’s findings highlight the differences in decision criteria among all users, demonstrating that the decision-making process is inherently subjective. As a result of these insights, as well as the limitations of the study, including its controlled environment and the narrow range of email types, future research should focus on improving cybersecurity measures by studying more natural email interactions across a broader spectrum of email types to develop nuanced prevention strategies against phishing.