Explanations in warning dialogs to help users defend against phishing attacks

Phishing, the deceptive act of stealing personal and sensitive information by sending messages that seem to come from trusted entities, is one of the most widespread and effective cyberattacks. Automated defensive techniques against these attacks have been widely investigated. These solutions often exploit AI-based systems that, when a suspect website is detected, show a dialog that warns users about the potential risk. Despite significant advances in creating warning dialogs for phishing, this type of attack is still very effective. To overcome the limitations of existing warning dialogs and better defend users from phishing attacks, this article presents a novel technique to create warning dialogs that not only warn users about a possible attack, as in traditional solutions, but also explain why a website is suspicious, addressing in the explanation the most malicious feature of the suspect website. An experimental study that consisted of a remote survey and analyzed data from 150 participants is reported. The goal was to evaluate the proposed warning dialogs with explanations and to compare them with the dialogs presented by Chrome, Firefox, and Edge. The study revealed interesting results: most explanations were understandable and familiar to users; they also showed some potential of diverting users from visiting malicious sites. However, more attention should be devoted to aspects such as features to be explained, as well as user interest and trust in warning dialogs. The lessons learned that might drive the design of more powerful warning dialogs are provided.