“My religious aunt asked why I was trying to sell her viagra”: Experiences with account hijacking

Richard Shay
Iulia Ion
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: CHI '14, ACM, New York, NY, USA (2014), pp. 2657-2666
Google Scholar

Abstract

With so much of our lives digital, online, and not entirely under our control, we risk losing access to our communications, reputation, and data. Recent years have brought a rash of high-profile account compromises, but account hijacking is not limited to high-profile accounts. In this paper, we report results of a survey about people’s experiences with and attitudes toward account hijacking. The problem is widespread; 30% of our 294 participants had an email or social networking account accessed by an unauthorized party. Five themes emerged from our results: (1) compromised accounts are often valuable to victims, (2) attackers are mostly unknown, but sometimes known, to victims, (3) users acknowledge some responsibility for keeping their accounts secure, (4) users’ understanding of important security measures is incomplete, and (5) harm from account hijacking is concrete and emotional. We discuss implications for designing security mechanisms to improve chances for user adoption.