Enhancing Mobile Security Through Haptic Feedback: A Multi-Participant Investigation into Mitigating Social Engineering Attacks on Android Devices (Published)
Social engineering attacks, particularly SMS phishing (SMiShing), continue to exploit human vulnerabilities and pose substantial risks to mobile users. This study investigated the effectiveness of a haptic feedback system integrated within an Android application designed to detect and mitigate social engineering threats on mobile devices. Building on original experimentation, this study evaluates the system’s usability and impact by incorporating qualitative and quantitative data from twelve participants of varied demographics, selected for their relevance to social engineering susceptibility. Through interviews and controlled usage, the app demonstrated a detection accuracy of 91.89%, a 3.00% false positive rate, and an average response time of five seconds. Participants reported increased awareness, improved reaction times, and greater confidence in handling suspicious messages. This paper contributes to the human-centred cybersecurity domain by validating the integration of tactile feedback as a viable intervention against deception-based attacks. The study supports the hypothesis that haptic interaction fosters user attentiveness and proactive threat response, offering practical insights for future mobile security innovations.
Keywords: Android Application, Phishing, SMS threat detection, haptic feedback, mobile security, social engineering, usability study
Runtime Detection of Phising Attack Using Syntactic Verification through Web Services (Published)
Providing a secure service in web applications is a growing concern and real challenge in web security. Among the various types of web application attacks, phishing is the most common type of attack. It often direct the users to enter details at a fake website whose look and feel are almost identical to the legitimate site. Present tools are cannot completely detect the phishing attacks, that leverage vulnerabilities in trusted web applications. This paper attributes to identify phishing web sites by analyzing and validating the Uniform Resource Locator (URL), Hyperlink in web pages and syntactic verification of Hyperlink. As URLs are following the common standard RFC 1738, we have developed a schema for converting the URL into XML for verifying the URL. The detection of Phishing web sites implemented by means of two layered web services. Our web services are an independent layered module in a web application and detect and prevent the phishing attacks.
Keywords: Hyperlink, IP Address, Input Validation, Phishing, Scammer, URL, Web Service, XML Schema.