Holding Your Hand on the Danger Button: Observing User Phish Detection Strategies Across Mobile and Desktop.

AbstractPhishing emails continue to be a major cause of cybersecurity breaches despite the development of technical measures designed to thwart these attacks. Most phishing studies have investigated desktop email platforms, but the use of mobile devices for email exchanges has soared in recent years, especially amongst young adults. In this paper, we explore how the digital platform (desktop vs. mobile) influences users' phish detection strategies. Twenty-one young adults (18-25 years) were asked to rate the legitimacy of emails using a live inbox test while using a think-aloud protocol on both platforms. Our results suggest that a lack of knowledge about key defence information on the mobile platform results in weak phish detection. We discuss the implications of these findings and offer design recommendations to support effective phish detection by smartphone users.