Security toolbars in a web browser show security-related information about a website to help users detect phishing attacks. Because the toolbars are designed for humans to use, they should be evaluated for usability – that is, whether these toolbars really prevent users from being tricked into providing personal information. We conducted two user studies of three security toolbars and other browser security indicators and found them all ineffective at preventing phishing attacks. Even though subjects were asked to pay attention to the toolbar, many failed to look at it; others disregarded or explained away the toolbars ’ warnings if the content of web pages looked legitimate. We found that many subjects do not understand phishing attacks or realize how sophisticated such attacks can be.

Automation is often problematic because people fail to rely upon it appropriately. Because people respond to technology socially, trust influences reliance on automation. In particular, trust guides reliance when complexity and unanticipated situations make a complete understanding of the automation impractical. This review considers trust from the organizational, sociological, interpersonal, psychological, and neurological perspectives. It considers how the context, automation characteristics, and cognitive processes affect the appropriateness of trust. The context in which the automation is used influences automation performance and provides a goal-oriented perspective to assess automation characteristics along a dimension of attributional abstraction. These characteristics can influence trust through analytic, analogical, and affective processes. The challenges of extrapolating the concept of trust in people to trust in automation are discussed. A conceptual model integrates research regarding trust in automation and describes the dynamics of trust, the role of context, and the influence of display characteristics. Actual or potential applications of this research include improved designs of systems that require people to manage imperfect automation.

Many popular web browsers now include active phishing warnings since research has shown that passive warnings are often ignored. In this laboratory study we examine the effectiveness of these warnings and examine if, how, and why they fail users. We simulated a spear phishing attack to expose users to browser warnings. We found that 97% of our sixty participants fell for at least one of the phishing messages that we sent them. However, we also found that when presented with the active warnings, 79 % of participants heeded them, which was not the case for the passive warning that we tested—where only one participant heeded the warnings. Using a model from the warning sciences we analyzed how users perceive warning messages and offer suggestions for creating more effective phishing warnings. Figure 1. The active Internet Explorer 7.0 phishing warning. Author Keywords Phishing, warning messages, mental models, usable privacy

Web users are shown an invalid certificate warning when their browser cannot validate the identity of the websites they are visiting. While these warnings often appear in benign situations, they can also signal a man-in-the-middle attack. We conducted a survey of over 400 Internet users to examine their reactions to and understanding of current SSL warnings. We then designed two new warnings using warnings science principles and lessons learned from the survey. We evaluated warnings used in three popular web browsers and our two warnings in a 100participant, between-subjects laboratory study. Our warnings performed significantly better than existing warnings, but far too many participants exhibited dangerous behavior in all warning conditions. Our results suggest that, while warnings can be improved, a better approach may be to minimize the use of SSL warnings altogether by blocking users from making unsafe connections and eliminating warnings in benign situations. 1

This paper identifies hyperlink network analysis (HNA) as a newly emerging methodology. It suggests that social (or communication) structures on the web may be analyzed based on the hyperlinks among websites. Hyperlink network analysis has advantages in describing emerging structures among social actors on the web. In order to examine what constitutes hyperlink network analysis, this paper reviews prior research on the topic. Further, it describes the data-gathering techniques for those interested in hyperlink network analysis.

This research examines the pattern of Web information seeking in four groups of nurses with different combinations of domain expertise and Web expertise. Protocols were gathered as the nurses carried out information-seeking tasks in the domain of osteoporosis. Domain and Web novices searched breadth-first and did little or no evaluation of the results. Domain expert/Web novices also searched breadth-first but evaluated information more thoroughly using osteoporosis knowledge. Domain novice/Web experts searched in a mixed, breadth-first/depth-first pattern and attempted to evaluate information using general criteria. Domain expert/Web experts carried out depth-first searches, following deep trails of information and evaluated information based on the most varied and sophisticated criteria. The results suggest that there are distinct differences in searching patterns related to expertise. Implications of these findings and suggestions for future research are provided.

Through iterative design and testing, we developed a procedure for conducting online experiments. Using this research method, we conducted two recent studies on Web credibility. The data from the first study suggest that Web banner ads reduce the perceived credibility of a Web page’s content. The data from the second study show that attribution elements—in this case, author photographs—can also affect the credibility of Web content. This research method and our early results have implications for both HCI researchers and Web site designers.

An understanding of how people allocate their visual attention when viewing Web pages is very important for Web authors, interface designers, advertisers, etc. Such an understanding could open the door to a variety of innovations, ranging from improved Web page design to the creation of compact, yet recognizable, visual representations of long pages. We present an eye-tracking study in which 20 users viewed 361 Web pages while conducting both information foraging and page recognition tasks. We introduce the concept of fixation impact, a new method motivated by findings in vision research for mapping gaze data to Web page elements. Based on the recorded eye-tracking data, we describe general locationbased characteristics of visual attention for Web pages dependent on different tasks and demographics, and generate a model for predicting the visual attention that individual page elements may receive.

Many commerce websites post privacy policies to address Internet shoppers ’ privacy concerns. However, few users read or understand them. Iconic privacy indicators may make privacy policies more accessible and easier for users to understand: in this paper, we examine whether the timing and placement of online privacy indicators impact Internet users’ browsing and purchasing decisions. We conducted a laboratory study where we controlled the placement of privacy information, the timing of its appearance, the privacy level of each website, and the price and items being purchased. We found that the timing of privacy information had a significant impact on how much of a premium users were willing to pay for privacy. We also found that timing had less impact when users were willing to examine multiple websites. Finally, we found that users paid more attention to privacy indicators when purchasing privacy-sensitive items than when purchasing items that raised minimal privacy concerns. Author Keywords Privacy, privacy policies, website indicators, mental models,

This chapter reviews the theoretical and empirical literature on the concept of credibility