Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments

Yaman Yu; Saidivya Ashok; Smirity Kaushik; Yang Wang; Gang Wang

doi:10.1109/SP46215.2023.10179407

Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments

Yaman Yu, Saidivya Ashok, Smirity Kaushik, Yang Wang, Gang Wang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Due to the challenges to detect and filter phishing emails, it is inevitable that some phishing emails can still reach a user's inbox. As a result, email providers such as Gmail have implemented phishing warnings to help users to better recognize phishing attempts. Existing research has primarily focused on phishing warnings for sighted users and yet it is not well understood how people with visual impairments interact with phishing emails and warnings. In this paper, we worked with a group of users (N=41) with visual impairments to study the effectiveness of existing warnings and explore more inclusive designs (using Gmail warning designs as a baseline for comparison). We took a multipronged approach including an exploratory study (to understand the challenges faced by users), user-in-the-loop design and prototyping, and the main study (to assess the impact of design choices). Our results show that users with visual impairments often miss existing Gmail warnings because the current design (e.g., warning position, HTML tags used) does not match well with screen reader users' reading habits. The inconsistencies of the warnings (e.g., across the Standard and HTML view) also create obstacles to users. We show that an inclusive design (combining audio warning, shortcut key, and warning page overlay) can effectively increase the warning noticeability. Based on our results, we make a number of recommendations to email providers.

Original language	English (US)
Title of host publication	Proceedings - 44th IEEE Symposium on Security and Privacy, SP 2023
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	2885-2902
Number of pages	18
ISBN (Electronic)	9781665493369
DOIs	https://doi.org/10.1109/SP46215.2023.10179407
State	Published - 2023
Event	44th IEEE Symposium on Security and Privacy, SP 2023 - Hybrid, San Francisco, United States Duration: May 22 2023 → May 25 2023

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
Volume	2023-May
ISSN (Print)	1081-6011

Conference

Conference	44th IEEE Symposium on Security and Privacy, SP 2023
Country/Territory	United States
City	Hybrid, San Francisco
Period	5/22/23 → 5/25/23

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Software
Computer Networks and Communications

Online availability

10.1109/SP46215.2023.10179407

Library availability

Discover UIUC Full Text

Cite this

Yu, Y., Ashok, S., Kaushik, S., Wang, Y., & Wang, G. (2023). Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments. In Proceedings - 44th IEEE Symposium on Security and Privacy, SP 2023 (pp. 2885-2902). (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2023-May). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SP46215.2023.10179407

Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments. / Yu, Yaman; Ashok, Saidivya; Kaushik, Smirity et al.
Proceedings - 44th IEEE Symposium on Security and Privacy, SP 2023. Institute of Electrical and Electronics Engineers Inc., 2023. p. 2885-2902 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2023-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yu, Y, Ashok, S, Kaushik, S, Wang, Y & Wang, G 2023, Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments. in Proceedings - 44th IEEE Symposium on Security and Privacy, SP 2023. Proceedings - IEEE Symposium on Security and Privacy, vol. 2023-May, Institute of Electrical and Electronics Engineers Inc., pp. 2885-2902, 44th IEEE Symposium on Security and Privacy, SP 2023, Hybrid, San Francisco, United States, 5/22/23. https://doi.org/10.1109/SP46215.2023.10179407

Yu Y, Ashok S, Kaushik S, Wang Y , Wang G. Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments. In Proceedings - 44th IEEE Symposium on Security and Privacy, SP 2023. Institute of Electrical and Electronics Engineers Inc. 2023. p. 2885-2902. (Proceedings - IEEE Symposium on Security and Privacy). doi: 10.1109/SP46215.2023.10179407

@inproceedings{89709c3fd7764b57890138c035fb77c4,

title = "Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments",

abstract = "Due to the challenges to detect and filter phishing emails, it is inevitable that some phishing emails can still reach a user's inbox. As a result, email providers such as Gmail have implemented phishing warnings to help users to better recognize phishing attempts. Existing research has primarily focused on phishing warnings for sighted users and yet it is not well understood how people with visual impairments interact with phishing emails and warnings. In this paper, we worked with a group of users (N=41) with visual impairments to study the effectiveness of existing warnings and explore more inclusive designs (using Gmail warning designs as a baseline for comparison). We took a multipronged approach including an exploratory study (to understand the challenges faced by users), user-in-the-loop design and prototyping, and the main study (to assess the impact of design choices). Our results show that users with visual impairments often miss existing Gmail warnings because the current design (e.g., warning position, HTML tags used) does not match well with screen reader users' reading habits. The inconsistencies of the warnings (e.g., across the Standard and HTML view) also create obstacles to users. We show that an inclusive design (combining audio warning, shortcut key, and warning page overlay) can effectively increase the warning noticeability. Based on our results, we make a number of recommendations to email providers.",

author = "Yaman Yu and Saidivya Ashok and Smirity Kaushik and Yang Wang and Gang Wang",

note = "In this paper, we worked with a group of 41 users with visual impairments to examine the challenges they faced when interacting with phishing emails and phishing warnings. Using Gmail as a target platform, our study revealed a number of problems in the current design that made it difficult for screen reader users to notice the warning. Based on the results, we further introduced new designs to improve warning noticeability and help users recognize phishing attempts. We believe more work is needed in this research area to understand and address the challenges faced by people with visual impairments when using existing security and privacy mechanisms. Acknowledgments. We thank the anonymous reviewers for their constructive comments and suggestions. This work was supported in part by NSF grants 2030521 and 1652497 as well as a JUMP ARCHES award (P336).; 44th IEEE Symposium on Security and Privacy, SP 2023 ; Conference date: 22-05-2023 Through 25-05-2023",

year = "2023",

doi = "10.1109/SP46215.2023.10179407",

language = "English (US)",

series = "Proceedings - IEEE Symposium on Security and Privacy",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "2885--2902",

booktitle = "Proceedings - 44th IEEE Symposium on Security and Privacy, SP 2023",

address = "United States",

}

TY - GEN

T1 - Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments

AU - Yu, Yaman

AU - Ashok, Saidivya

AU - Kaushik, Smirity

AU - Wang, Yang

AU - Wang, Gang

N1 - In this paper, we worked with a group of 41 users with visual impairments to examine the challenges they faced when interacting with phishing emails and phishing warnings. Using Gmail as a target platform, our study revealed a number of problems in the current design that made it difficult for screen reader users to notice the warning. Based on the results, we further introduced new designs to improve warning noticeability and help users recognize phishing attempts. We believe more work is needed in this research area to understand and address the challenges faced by people with visual impairments when using existing security and privacy mechanisms. Acknowledgments. We thank the anonymous reviewers for their constructive comments and suggestions. This work was supported in part by NSF grants 2030521 and 1652497 as well as a JUMP ARCHES award (P336).

PY - 2023

Y1 - 2023

N2 - Due to the challenges to detect and filter phishing emails, it is inevitable that some phishing emails can still reach a user's inbox. As a result, email providers such as Gmail have implemented phishing warnings to help users to better recognize phishing attempts. Existing research has primarily focused on phishing warnings for sighted users and yet it is not well understood how people with visual impairments interact with phishing emails and warnings. In this paper, we worked with a group of users (N=41) with visual impairments to study the effectiveness of existing warnings and explore more inclusive designs (using Gmail warning designs as a baseline for comparison). We took a multipronged approach including an exploratory study (to understand the challenges faced by users), user-in-the-loop design and prototyping, and the main study (to assess the impact of design choices). Our results show that users with visual impairments often miss existing Gmail warnings because the current design (e.g., warning position, HTML tags used) does not match well with screen reader users' reading habits. The inconsistencies of the warnings (e.g., across the Standard and HTML view) also create obstacles to users. We show that an inclusive design (combining audio warning, shortcut key, and warning page overlay) can effectively increase the warning noticeability. Based on our results, we make a number of recommendations to email providers.

AB - Due to the challenges to detect and filter phishing emails, it is inevitable that some phishing emails can still reach a user's inbox. As a result, email providers such as Gmail have implemented phishing warnings to help users to better recognize phishing attempts. Existing research has primarily focused on phishing warnings for sighted users and yet it is not well understood how people with visual impairments interact with phishing emails and warnings. In this paper, we worked with a group of users (N=41) with visual impairments to study the effectiveness of existing warnings and explore more inclusive designs (using Gmail warning designs as a baseline for comparison). We took a multipronged approach including an exploratory study (to understand the challenges faced by users), user-in-the-loop design and prototyping, and the main study (to assess the impact of design choices). Our results show that users with visual impairments often miss existing Gmail warnings because the current design (e.g., warning position, HTML tags used) does not match well with screen reader users' reading habits. The inconsistencies of the warnings (e.g., across the Standard and HTML view) also create obstacles to users. We show that an inclusive design (combining audio warning, shortcut key, and warning page overlay) can effectively increase the warning noticeability. Based on our results, we make a number of recommendations to email providers.

UR - http://www.scopus.com/inward/record.url?scp=85166465850&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85166465850&partnerID=8YFLogxK

U2 - 10.1109/SP46215.2023.10179407

DO - 10.1109/SP46215.2023.10179407

M3 - Conference contribution

AN - SCOPUS:85166465850

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 2885

EP - 2902

BT - Proceedings - 44th IEEE Symposium on Security and Privacy, SP 2023

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 44th IEEE Symposium on Security and Privacy, SP 2023

Y2 - 22 May 2023 through 25 May 2023

ER -

Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments

Abstract

Publication series

Conference

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this