Guide
Kat Gibbs, Sophie Nightingale
Multimodal biometrics: A better security system?
Guide |
5 min read
Report
John Blythe, Alan Gray, Francesca Willis, Emily Collins
Simulated Phishing And Employee Cybersecurity Behaviour (SPEC)
Report |
2 min read
Article
David Buil-Gil, Jose Pina-Sánchez, Ian Brunton-Smith, Alexandru Cernat
Bad Data, Worse Predictions
Article |
4 min read
Article
Oli Buckley, Heather Shaw, Leon Reicherts, Richard Philpot, Mark Levine
Technology Lightning Articles
Article |
7 min read
Article
Sophie Nightingale
Identity fraud in the digital age
Article |
4 min read
Article
Marion Oswald
‘Give Me a Ping, Vasili. One Ping Only’ Why the Success of Machine Learning Depends on Empowered People
Article |
6 min read
Article
Emma Boakes
Converging security
Article |
4 min read
Article
Carl Miller
China’s Digital Diplomacy
Article |
10 min read
Article
Ben Marshall
Putting the Behaviour into Behavioural Analytics
Article |
4 min read
Article
Jason Nurse
Balancing Cybersecurity and Privacy in the Remote Workforce
Article |
4 min read
Guide
Chris Baber, Ian Apperly, Emily McCormick
AI and System Developers
Guide |
4 min read
Article
Emily Collins, Phillip Morgan, Dylan Jones
If This Then…What? Security And Privacy In Trigger-Action Systems
Article |
3 min read
Report
Emma Slade, Emma Williams, Duncan Hodges, Phillip Morgan, Dylan Jones, Bill Macken, Emily Collins, Tasos Spiliotopoulos
Individual Differences in the Adoption, Secure Use, and Exploitation of Smart Home Technology
Report |
4 min read
Article
Emma Williams, Emma Slade
What Influences Consumer Adoption and Secure Use of Smart Home Technology?
Article |
3 min read
Article
Duncan Hodges
Mapping Smart Home Vulnerabilities to Cyber-Enabled Crime
Article |
3 min read
Report
Nick Neave, Pam Briggs, Liz Sillence, Kerry McKellar (Lakey)
Cybersecurity risks of digital hoarding behaviours
Report |
1 min read
Policy brief
John Blythe
Phishing your staff: A double-edged sword?
Policy brief |
5 min read
Article
Nick Neave
The Risks of Digital Hoarding
Article |
3 min read
Article
Kristoffer Geyer
Understanding digital traces
Article |
4 min read
Article
Emma Boakes
How Do Security Teams Collaborate To Understand Threats to Their Building Management Systems?
Article |
4 min read
Article
Jason Nurse
Cyber Resilience: What Is It and How Do We Get It?
Article |
5 min read
Article
Aaron Roberts, Neville Stanton
Go with the (Information) Flow? How to Develop more Resilient Sociotechnical Systems
Article |
4 min read
Article
Pip Thornton
Words as Data: The Vulnerability of Language in an Age of Digital Capitalism
Article |
5 min read
Policy brief
Martin Innes
Russian influence and interference measures following the 2017 UK terrorist attacks
Policy brief |
1 min read
Article
Awais Rashid, Sylvain Frey
Cyber security decisions: how do you make yours?
Article |
3 min read
Article
Thilo Gross
Things that spread: Epidemics on networks
Article |
4 min read
Poster
Adam Joinson
Mind Map: The Bluffers Guide To Networks
Poster |
3 min read
Article
Emma Williams
What Makes People Susceptible to Malevolent Influence Online?
Article |
3 min read
Article
Emma Williams, Debi Ashenden
Phishing Scams Are Becoming Ever More Sophisticated And Firms Are Struggling To Keep Up
Article |
4 min read
Article
Matthew Williams, Pete Burnap
Cyber crime and the social web
Article |
3 min read
Article
René Rydhof Hansen, Lizzie Coles-Kemp
Everyday Security: A Manifesto for New Approaches to Security Modelling
Article |
3 min read
Article
Tim Stevens
Cyber security and the politics of time
Article |
4 min read
Article
Marcus Rogers
Hacker Mindset
Article |
3 min read
Article
Jeremy Watson, Emil Lupu
PETRAS: Cyber Security of the Internet of Things
Article |
3 min read
Article
Debi Ashenden
Fact Check: The Cyber Security Attack Surface
Article |
4 min read
Article
Debi Ashenden
Creativity and Cyber Security
Article |
2 min read
Article
Joanne Hinds
How Does Phishing Work?
Article |
3 min read
Guide
Adam Joinson, Joanne Hinds
Introductory Guide to Phishing
Guide |
1 min read
Article
Emma Barrett, Matthew Francis
Terrorists’ use of messaging applications
Article |
3 min read
Article
Debi Ashenden
Your Employees: The Front Line in Cyber Security
Article |
10 min read
Article
Debi Ashenden
TalkTalk Data Breach Is a Wake Up Call for CEOs
Article |
3 min read
Fuzzy constructs in technology usage scales

The mass adoption of digital technologies raises questions about how they impact people and society. Associations between technology use and negative correlates (e.g., depression and anxiety) remain common. However, pre-registered studies have failed to replicate these findings. Regardless of direction, many designs rely on psychometric scales that claim to define and quantify a construct associated with technology engagement. These often suggest clinical manifestations present as disorders or addictions. Given their importance for research integrity, we consider what these scales might be measuring. Across three studies, we observe that many psychometric scales align with a single, identical construct despite claims they capture something unique. We conclude that many technology measures appear to measure a similar, poorly defined construct that sometimes overlaps with pre-existing measures of well-being. Social scientists should critically consider how they proceed methodologically and conceptually when developing psychometric scales in this domain to ensure research findings sit on solid foundations.


Brittany I. Davidson, Heather Shaw, David A. Ellis, (2022) Fuzzy constructs in technology usage scales, Computers in Human Behavior, Volume 133,

Authors: Brittany Davidson, Heather Shaw, David Ellis
https://doi.org/10.1016/j.chb.2022.107206
Cyber-enabled burglary of smart homes

Over the last few years, there has been a steady increase in smart home technology's pervasiveness, to the degree where consumer IoT is part of many homes. As our homes become complex cyber-physical spaces, the risk to our physical security from attacks originating in cyberspace becomes much more significant. Within the literature, there is much discussion about the technical vulnerabilities within the smart home. However, this is often not linked to a rich understanding of how an attacker could exploit them. In this paper, we focus on residential burglary and develop a rich understanding of the process by which residential burglary is committed and the effect of the smart home on this process. By combining two areas of the academic literature, residential burglary and smart-home security, this paper provides an academically grounded discussion that places the nascent vulnerabilities associated with the smart-home into the context of the process by which burglary is committed. The commission of residential burglary is a complex decision-making process, which the public often simplifies into planned or unplanned crimes; this is a dangerous oversimplification. The analysis identifies some increased risk during the target selection stage phase. However, in the short term, residential burglars are unlikely to exploit smart home technology routinely.


Hodges, Duncan. (2021). Cyber-Enabled Burglary of Smart Homes. Computers & Security. 110. 102418

Author: Duncan Hodges
https://doi.org/10.1016/j.cose.2021.102418
Quantifying smartphone “use”: Choice of measurement impacts relationships between “usage” and health

Problematic smartphone scales and duration estimates of use dominate research that considers the impact of smartphones on people and society. However, issues with conceptualization and subsequent measurement can obscure genuine associations between technology use and health. Here, we consider whether different ways of measuring “smartphone use,” notably through problematic smartphone use (PSU) scales, subjective estimates, or objective logs, lead to contrasting associations between mental and physical health. Across two samples including iPhone (n = 199) and Android (n = 46) users, we observed that measuring smartphone interactions with PSU scales produced larger associations between mental health when compared with subjective estimates or objective logs. Notably, the size of the relationship was fourfold in Study 1, and almost three times as large in Study 2, when relying on a PSU scale that measured smartphone “addiction” instead of objective use. Further, in regression models, only smartphone “addiction” scores predicted mental health outcomes, whereas objective logs or estimates were not significant predictors. We conclude that addressing people’s appraisals including worries about their technology usage is likely to have greater mental health benefits than reducing their overall smartphone use. Reducing general smartphone use should therefore not be a priority for public health interventions at this time.

(From the journal abstract)


Shaw, H., Ellis, D. A., Geyer, K., Davidson, B. I., Ziegler, F. V., & Smith, A. (2020). Quantifying smartphone “use”: Choice of measurement impacts relationships between “usage” and health. Technology, Mind, and Behavior, 1(2).

https://doi.org/10.1037/tmb0000022
Understanding the Psychological Process of Avoidance-Based Self-Regulation on Facebook

In relation to social network sites, prior research has evidenced behaviors (e.g., censoring) enacted by individuals used to avoid projecting an undesired image to their online audiences. However, no work directly examines the psychological process underpinning such behavior. Drawing upon the theory of self-focused attention and related literature, a model is proposed to fill this research gap. Two studies examine the process whereby public self-awareness (stimulated by engaging with Facebook) leads to a self-comparison with audience expectations and, if discrepant, an increase in social anxiety, which results in the intention to perform avoidance-based self-regulation. By finding support for this process, this research contributes an extended understanding of the psychological factors leading to avoidance-based regulation when online selves are subject to surveillance.

(From the journal abstract)


Marder, B., Houghton, D., Joinson, A., Shankar, A., & Bull, E. (2016). Understanding the Psychological Process of Avoidance-Based Self-Regulation on Facebook. Cyberpsychology, Behavior, and Social Networking, 19(5), 321–327.

https://doi.org/10.1089/cyber.2015.0564
Measurement practices exacerbate the generalizability crisis: Novel digital measures can help

Psychology’s tendency to focus on confirmatory analyses before ensuring constructs are clearly defined and accurately measured is exacerbating the generalizability crisis. Our growing use of digital behaviors as predictors has revealed the fragility of subjective measures and the latent constructs they scaffold. However, new technologies can provide opportunities to improve conceptualizations, theories, and measurement practices.

(From the journal abstract)


Davidson, B. I., Ellis, D. A., Stachl, C., Taylor, P., & Joinson, A. (2021). Measurement practices exacerbate the generalizability crisis: Novel digital measures can help [Preprint]. PsyArXiv.

https://doi.org/10.31234/osf.io/8abzy
What demographic attributes do our digital footprints reveal? A systematic review

To what extent does our online activity reveal who we are? Recent research has demonstrated that the digital traces left by individuals as they browse and interact with others online may reveal who they are and what their interests may be. In the present paper we report a systematic review that synthesises current evidence on predicting demographic attributes from online digital traces. Studies were included if they met the following criteria: (i) they reported findings where at least one demographic attribute was predicted/inferred from at least one form of digital footprint, (ii) the method of prediction was automated, and (iii) the traces were either visible (e.g. tweets) or non-visible (e.g. clickstreams). We identified 327 studies published up until October 2018. Across these articles, 14 demographic attributes were successfully inferred from digital traces; the most studied included gender, age, location, and political orientation. For each of the demographic attributes identified, we provide a database containing the platforms and digital traces examined, sample sizes, accuracy measures and the classification methods applied. Finally, we discuss the main research trends/findings, methodological approaches and recommend directions for future research.

(From the journal abstract)


Hinds, J., & Joinson, A. N. (2018). What demographic attributes do our digital footprints reveal? A systematic review. PLOS ONE, 13(11), e0207112.

Authors: Joanne Hinds, Adam Joinson
https://doi.org/10.1371/journal.pone.0207112
An evidence synthesis of strategies, enablers and barriers for keeping secrets online regarding the procurement and supply of illicit drugs

This systematic review attempts to understand how people keep secrets online, and in particular how people use the internet when engaging in covert behaviours and activities regarding the procurement and supply of illicit drugs.

With the Internet and social media being part of everyday life for most people in western and non-western countries, there are ever-growing opportunities for individuals to engage in covert behaviours and activities online that may be considered illegal or unethical.

A search strategy using Medical Subject Headings terms and relevant key words was developed. A comprehensive literature search of published and unpublished studies in electronic databases was conducted.

Additional studies were identified from reference lists of previous studies and (systematic) reviews that had similar objectives as this search, and were included if they fulfilled our inclusion criteria. Two researchers independently screened abstracts and full-texts for study eligibility and evaluated the quality of included studies. Disagreements were resolved by a consensus procedure. The systematic review includes 33 qualitative studies and one cross-sectional study, published between 2006 and 2018.

Five covert behaviours were identified: the use of communication channels; anonymity; visibility reduction; limited posts in public; following forum rules and recommendations. The same technologies that provide individuals with easy access to information, such as social networking sites and forums, digital devices, digital tools and services, also increase the prevalence of inaccurate information, loss of privacy, identity theft and disinhibited communication.

This review takes a rigorous interdisciplinary approach to synthesising knowledge on the strategies adopted by people in keeping secrets online. Whilst the focus is on the procurement and supply of illicit drugs, this knowledge is transferrable to a range of contexts where people keep secrets online. It has particular significance for those who design online/social media applications, and for law enforcement and security agencies.

(From the journal abstract)


Aikaterini Grimani, Anna Gavine and Wendy Moncur, 2020. An evidence synthesis of strategies, enablers and barriers for keeping secrets online regarding the procurement and supply of illicit drugs. International Journal of Drug Policy.  https://doi.org/10.1016/j.drugpo.2019.102621

Authors: Aikaterini Grimani, Wendy Moncur, Anna Gavine
Countering Violent Extremism Online: The Experiences of Informal Counter Messaging Actors

The online space is a haven for extremists of all kinds. Although efforts to remove violent and extremist content are increasing, there is a widely accepted need to also contest extremist messages with counter messages designed to undermine and disrupt extremist narratives.

While the majority of academic focus has been on large and well‐funded efforts linked to governments, this article considers the experiences of informal actors who are active in contesting extremist messaging but who lack the support of large institutions.

Informal actors come without some of the baggage that accompanies formal counter message campaigns, which have been attacked as lacking in credibility and constituting “just more government propaganda.” This has been noted by some of the wider countering violent extremism industry and the appetite for incorporating “real‐world” content in their campaigns seems to be rising.

This article fills a gap in our knowledge of the experiences of informal counter messaging actors. Through a series of in‐depth qualitative interviews it demonstrates that, despite the potentially serious risks of incorporating greater levels of informal content, there is an appetite among informal actors to engage with formal campaigns where they can be selective over who they work with and maintain a degree of control.

(From the journal abstract)


Benjamin Lee, 2019. Countering Violent Extremism Online: The Experiences of Informal Counter Messaging Actors. Policy & Internet. https://doi.org/10.1002/poi3.210

Author: Ben Lee
Exploring Susceptibility to Phishing in the Workplace

Phishing emails provide a means to infiltrate the technical systems of organisations by encouraging employees to click on malicious links or attachments. Despite the use of awareness campaigns and phishing simulations, employees remain vulnerable to phishing emails. The present research uses a mixed methods approach to explore employee susceptibility to targeted phishing emails, known as spear phishing. In study one, nine spear phishing simulation emails sent to 62,000 employees over a six-week period were rated according to the presence of authority and urgency influence techniques. Results demonstrated that the presence of authority cues increased the likelihood that a user would click a suspicious link contained in an email. In study two, six focus groups were conducted in a second organisation to explore whether additional factors within the work environment impact employee susceptibility to spear phishing. We discuss these factors in relation to current theoretical approaches and provide implications for user communities.

Highlights

  • Susceptibility to phishing emails is explored in an ecologically valid setting.
  • Authority and urgency techniques are found to impact employee susceptibility.
  • Context-specific factors are also likely to impact employee susceptibility.
  • A range of targeted initiatives are required to address susceptibility factors.

(From the journal abstract)


Emma Williams, Joanne Hinds, and Adam N. Joinson. 2018. ‘Exploring Susceptibility to Phishing in the Workplace’. International Journal of Human-Computer Studies, 120 (December): 1–13. https://doi.org/10.1016/j.ijhcs.2018.06.004.

Digital Hoarding Behaviours: Measurement and Evaluation

The social and psychological characteristics of individuals who hoard physical items are quite well understood, however very little is known about the psychological characteristics of those who hoard digital items and the kinds of material they hoard. In this study, we designed a new questionnaire (Digital Behaviours Questionnaire: DBQ) comprising 2 sections: the Digital Hoarding Questionnaire (DHQ) assessing two key components of physical hoarding (accumulation and difficulty discarding); and the second measuring the extent of digital hoarding in the workplace (Digital Behaviours in the Workplace Questionnaire: DBWQ).

In an initial study comprising 424 adults we established the psychometric properties of the questionnaires. In a second study, we presented revised versions of the questionnaires to a new sample of 203 adults, and confirmed their validity and reliability. Both samples revealed that digital hoarding was common (with emails being the most commonly hoarded items) and that hoarding behaviours at work could be predicted by the 10 item DHQ. Digital hoarding was significantly higher in employees who identified as having ‘data protection responsibilities’, suggesting that the problem may be influenced by working practices. In sum, we have validated a new psychometric measure to assess digital hoarding, documented some of its psychological characteristics, and shown that it can predict digital hoarding in the workplace.

(From the journal abstract)


Nick Neave, Pam Briggs, Kerry McKellar, and Elizabeth Sillence. 2019. ‘Digital Hoarding Behaviours: Measurement and Evaluation’. Computers in Human Behavior, 96 (July): 72–77. https://doi.org/10.1016/j.chb.2019.01.037.

Individual Differences in Susceptibility to Online Influence: A Theoretical Review

Scams and other malicious attempts to influence people are continuing to proliferate across the globe, aided by the availability of technology that makes it increasingly easy to create communications that appear to come from legitimate sources. The rise in integrated technologies and the connected nature of social communications means that online scams represent a growing issue across society, with scammers successfully persuading people to click on malicious links, make fraudulent payments, or download malicious attachments.

However, current understanding of what makes people particularly susceptible to scams in online contexts, and therefore how we can effectively reduce potential vulnerabilities, is relatively poor. So why are online scams so effective? And what makes people particularly susceptible to them? This paper presents a theoretical review of literature relating to individual differences and contextual factors that may impact susceptibility to such forms of malicious influence in online contexts.

A holistic approach is then proposed that provides a theoretical foundation for research in this area, focusing on the interaction between the individual, their current context, and the influence message itself, when considering likely response behaviour.

(From the journal abstract)


Williams, Emma J., Amy Beardmore, and Adam N. Joinson. 2017. ‘Individual Differences in Susceptibility to Online Influence: A Theoretical Review’. Computers in Human Behavior 72 (July): 412–21. https://doi.org/10.1016/j.chb.2017.03.002.

Press Accept to Update Now: Individual Differences in Susceptibility to Malevolent Interruptions

Increasingly, connected communication technologies have resulted in people being exposed to fraudulent communications by scammers and hackers attempting to gain access to computer systems for malicious purposes. Common influence techniques, such as mimicking authority figures or instilling a sense of urgency, are used to persuade people to respond to malevolent messages by, for example, accepting urgent updates. An ‘accept’ response to a malevolent influence message can result in severe negative consequences for the user and for others, including the organisations they work for.

This paper undertakes exploratory research to examine individual differences in susceptibility to fraudulent computer messages when they masquerade as interruptions during a demanding memory recall primary task compared to when they are presented in a post-task phase. A mixed-methods approach was adopted to examine when and why people choose to accept or decline three types of interrupting computer update message (genuine, mimicked, and low authority) and the relative impact of such interruptions on performance of a serial recall memory primary task.

Results suggest that fraudulent communications are more likely to be accepted by users when they interrupt a demanding memory-based primary task, that this relationship is impacted by the content of the fraudulent message, and that influence techniques used in fraudulent communications can over-ride authenticity cues when individuals decide to accept an update message. Implications for theories, such as the recently proposed Suspicion, Cognition and Automaticity Model and the Integrated Information Processing Model of Phishing Susceptibility, are discussed.

(From the journal abstract)


Williams, Emma J., Phillip L. Morgan, and Adam N. Joinson. 2017. ‘Press Accept to Update Now: Individual Differences in Susceptibility to Malevolent Interruptions’. Decision Support Systems 96 (April): 119–29. https://doi.org/10.1016/j.dss.2017.02.014.

Employees: The Front Line in Cyber Security

What happens if you lose trust in the systems on which you rely? If the displays and dashboards tell you everything is operating normally but, with your own eyes, you can see that this is not the case? This is what apparently happened with the Stuxnet virus attack on the Iranian nuclear programme in 2010.

Dr Debi Ashenden, CREST lead on protective security and risk assessment, writes that with cyber attacks set to rise, it’s important that we empower employees to defend our front line.

(From the journal abstract)


Ashenden, Debi. 2017. ‘Employees: The Front Line in Cyber Security’. The Chemical Engineer, February 2017, 908 edition. https://crestresearch. ac.uk/comment/employees-front-line-cyber-security/.

 

Radicalization, the Internet and Cybersecurity: Opportunities and Challenges for HCI

The idea that the internet may enable an individual to become radicalized has been of increasing concern over the last two decades. Indeed, the internet provides individuals with an opportunity to access vast amounts of information and to connect to new people and new groups.

Together, these prospects may create a compelling argument that radicalization via the internet is plausible. So, is this really the case? Can viewing ‘radicalizing’ material and interacting with others online actually cause someone to subsequently commit violent and/or extremist acts? In this article, we discuss the potential role of the internet in radicalization and relate to how cybersecurity and certain HCI ‘affordances’ may support it.

We focus on how the design of systems provides opportunities for extremist messages to spread and gain credence, and how an application of HCI and user-centered understanding of online behavior and cybersecurity might be used to counter extremist messages.

By drawing upon existing research that may be used to further understand and address internet radicalization, we discuss some future research directions and associated challenges.

(From the journal abstract)


Hinds, Joanne, and Adam Joinson. 2017. 'Radicalization, the Internet and Cybersecurity: Opportunities and Challenges for HCI'. In Human Aspects of Information Security, Privacy and Trust, 481–93. Lecture Notes in Computer Science. Springer, Cham. https://researchportal.bath.ac.uk/en/publications/radicalization-the-internet-and-cybersecurity-opportunities-and-c

Subscribe to the CREST newsletter.

Get the latest news, events and research into security threats delivered directly to your inbox.
Sign up now
Back to top