Billions of smartphones and their users are vulnerable to various cyber-attacks such as phishing, man-in-the-middle, and malware. Among notable reasons for these vulnerabilities are the lack of cybersecurity knowledge, lack of effective cybersecurity legislation, sociocultural, socio-economic and mainly outdated (obsolete) software applications such as Operating System (OS). The desire of users to update their devices might significantly vary among users of different demographics and users in different geographic locations. However, in some attacks such as phishing users may fall victim not only because of lack of knowledge and awareness, but also because they are not attentive enough to security indicators and visual abnormalities on the webpages they visit. This is also probably why smart device users, who have limited screen size and device capabilities than desktop users, are three times more likely to fall victim to phishing attacks.
This dissertation aims to assert the aforementioned claims by first investigating OS update behaviours and general phishing and cybersecurity awareness among different groups of smartphone users. Then using smart eyeglasses (electro-oculographic) to experimentally measure the mental effort and vigilance exhibited by users while surfing a website and while playing an Android phishing game that was developed. Based on the findings, the assertion is that users are more likely to continue falling victim to phishing and other attacks due to insecure behaviours, unless persuasive designs for update compliance and tools to lessen phishing identification burden are provided. We thus recommend implementing a lightweight algorithm into a custom Android browser for detecting phishing sites deceptively without a user interaction. We then propose and evaluate the acceptability of various persuasive designs for devices’ updating compliance.