LASIGE alumni João Janeiro, PhD student Sérgio Alves, and Tiago Guerreiro published a paper at IEEE Security and Privacy on “Understanding Phishing Experiences of Screen Reader Users“. We regularly encounter phishing attempts and pay attention to visual details to detect the attacks. Current defenses are also made of warnings and icons placed somewhere in a browser or a webpage. How are attacks and defenses experienced by people with visual impairments that have a sequential, most times with abrupt jumps to specific sections, consumption of digital content through screen readers? Hypothetically, some attacks may be easier to detect (e.g., when an URL is spelled out, a wrong character may be easier to detect) while others may be harder (e.g., a visual change on the page, or a visual warning not high above in the DOM tree that may be missed). In this paper, we interviewed screen reader users about their awareness and experiences with phishing, and performed a second laboratory study where we exposed participants to fabricated examples of webpages with and without phishing attempts, and report both their strategies and assessment to detect and avoid attacks.

The paper was a product of a collaboration between LASIGE and Florian Alt and Verena Distler, at the Usable Security and Privacy Group at the University of the Bundeswehr, Munich, and is available here.