Students create app to help visually impaired identify email phishing attacks

Daniel Tkacik

Jan 19, 2017

Thanks to screen readers, 285 million visually impaired people worldwide are able to browse the Internet by responding to audio readings of image descriptions and text on websites. But how can these unique users avoid phishing attacks, malicious links disguised as innocuous ones? As one group of CyLab students will tell you: there’s an app for that, and they’re creating it.

“Phishing is a significant issue for both sighted people and visually impaired people, and thwarting phishing attacks is so heavily reliant upon a user’s ability to identify the attack,” says Amanda Holt, a Master’s student in the Human-Computer Interaction Institute in Carnegie Mellon’s School of Computer Science. “Usability is crucial, and those who are visually impaired are at a greater disadvantage because they cannot utilize visual cues the way a sighted individual could to identify phishing.”

Usability is crucial, and those who are visually impaired are at a greater disadvantage because they cannot utilize visual cues the way a sighted individual could to identify phishing.

Amanda Holt, Master's student, Human-Computer Interaction Institute, Carnegie Mellon University

The app, which is in the early stages of design and has not yet been released, scans emails and verbally prompts users if an email contains one or more external links. Behind the scenes, the app tests the link, and if it leads to a website that has been placed on a phishing blacklist, users hear: “The following website has been reported as a phishing website.” Otherwise, the app informs users that the website is probably safe to visit.

The app is currently undergoing user-testing.

“This tool needs to be usable if it is to be accepted and used,” says Holt. “Thus, several stages of user-testing and iteration are extremely important.”

Holt’s team also consisted of Business Administration junior Thomas Koike and Software Engineering Ph.D. student Roykrong Sukkerd. The team executed much of the work on the app in Computer Science professor Norman Sadeh’s Information Security & Privacy course in the Fall semester of 2016.