Abstract:

You just received an email with the subject: “Password check required immediately”. You’re surprised, curious, maybe anxious even. You open the email and see that your ULB account has been compromised and you need to change it immediately for security reason. You click on the link http://password.ulb.oc.be/reset, you enter your credentials and you change your password. You’re safe now… or you just have been phished. Some of you, most of you, would not have gone through the entire scenario and will have detected the malicious intent of this email. But if you didn’t, you’re not alone. This scenario fooled 15% of the person who received it. During the 3rd quarter of 2017, 9,49% of a population of 400 million users were targeted by a phishing email.

Although phishing emails target the human brain, most of the research on the subject has been made by computer scientists. What makes the difference between a phishing email that will trick 4% of its targeted population and the one that hooked 38% of it? How does our brain process information in a digital context? What will trigger our vigilance? Do we need to be an expert in cyber security to avoid beeing phished? Will some trigger prevent us to be affected by common influence techniques? How can we get better at it? That’s some of the question that I will try to answer in the framework of my PhD.

As I’m just at the start of this research, my presentation will be:

– a short  review of the little I (we) know on how we process emails and how we can detect the malicious one,

– how I plan, so far, to improve our knowledge and, hopefully,

– a lot of questions and discussions to make this research better.