“My religious aunt asked why I was trying to sell her viagra”: Experiences with account hijacking
Venue
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: CHI '14, ACM, New York, NY, USA (2014), pp. 2657-2666
Publication Year
2014
Authors
Richard Shay, Iulia Ion, Robert W. Reeder, Sunny Consolvo
BibTeX
Abstract
With so much of our lives digital, online, and not entirely under our control, we
risk losing access to our communications, reputation, and data. Recent years have
brought a rash of high-profile account compromises, but account hijacking is not
limited to high-profile accounts. In this paper, we report results of a survey
about people’s experiences with and attitudes toward account hijacking. The problem
is widespread; 30% of our 294 participants had an email or social networking
account accessed by an unauthorized party. Five themes emerged from our results:
(1) compromised accounts are often valuable to victims, (2) attackers are mostly
unknown, but sometimes known, to victims, (3) users acknowledge some responsibility
for keeping their accounts secure, (4) users’ understanding of important security
measures is incomplete, and (5) harm from account hijacking is concrete and
emotional. We discuss implications for designing security mechanisms to improve
chances for user adoption.
