IMPROVING PHISHING REPORTING IN HIGHER EDUCATION: A USER-CENTERED DESIGN APPROACH

Abstract

Phishing attacks are a persistent cybersecurity challenge, leveraging human psychology and technological gaps to exploit unsuspecting users. Higher education institutions (HEIs) face unique vulnerabilities due to their decentralized structures, diverse user populations, and dynamic environments. This literature review examines existing phishing reporting technologies in HEIs, highlighting deficiencies in usability, user engagement, and systemic support. Despite advancements in automated detection and awareness training, user interaction with reporting tools remains underexplored, limiting their effectiveness. Drawing on research and practical experience at the University of Arizona's Security Operations Center (SOC), this work identifies key barriers to phishing reporting, including inconsistent interfaces, psychological deterrents, and limited user knowledge. It emphasizes the importance of user-centered design in reporting mechanisms, proposing that intuitive, accessible tools (such as single-button reporting systems) can significantly enhance user participation and institutional defenses. The study also evaluates behavioral and demographic factors influencing phishing susceptibility and reporting, noting gaps in targeted awareness initiatives. To address these challenges, a two-phase experiment is proposed, combining surveys and focus groups to analyze user interactions with phishing reporting systems. This approach seeks to uncover actionable insights for improving reporting rates and cybersecurity outcomes. By bridging the gap between technical solutions and user behaviors, this research contributes to the development of effective phishing mitigation strategies tailored to the needs of HEIs. Its findings have broader implications, offering a framework for enhancing user engagement and institutional resilience in combating phishing across diverse sectors.