Expert and Non-Expert Viewing Patterns When Seeking Secuity Cues

Previous research studies have shown that people with technical knowledge are more likely to identify malicious websites. With my project, I will be running eyetracking experiments on experts and novices as they perform a series of tasks on the web to determine exactly where people are looking. We want to find the differences between the viewing behaviors of these two groups of people. Where do non-experts usually look? What exactly do experts look at to help them determine whether a website is malicious? Are they looking at the web browser's security cues or using implicit knowledge, noticing things like misspellings or the lack of ads? Our goal is not to determine whether people are able to identify malicious websites. Rather, we are interested to observe where people look.

We are also interested in observing the differences between self-reported evlautions of participants' use of security cues and actual recorded observations. To do this, we will be asking our participants to fill out a survey after completing the eyetracking tasks.

The findings from this study will inform us about what we could do to improve the design of security cues so that they will be more useful and usable to all users.