Phishing Attack Email and Web Prevention Tool: A Proposal; The Lack of Accessibility for Visually Impaired People to Prevent Phishing Attacks

Dealing with horrible software design is a draining and miserable experience. One of the worst experiences I had in recent memory was trying to get tickets for a basketball game for the first time using UVA SHOTS, where there was no proper indication or communication to me where the button to start purchasing tickets was on the website. This led me to consider how visually impaired people interact with software features and how they differentiate legitimate emails and websites from phishing attacks. How does an industry focused on capturing attention through visual cues and aesthetics protect those at a significant disadvantage? I delved into this issue with my STS and technical project from the perspective of human-computer interaction and accessibility to see how well visually impaired people protect themselves from phishing attacks. To explore this further, my STS project investigates how visually impaired individuals identify and respond to phishing attempts, drawing from accessibility research, user experience design, and interviews with affected users when using screen readers, websites, and phishing browser extensions. The technical research, as a natural extension of the STS research, proposed the design of a phishing detection browser extension that incorporates accessible features for visually impaired users.
The technical project addresses key shortcomings in current anti-phishing software by proposing an accessible browser extension tailored for the visually impaired. The detection algorithm uses a simple whitelist and blacklist to identify trustworthy and malicious sites. Accessibility is a core feature of the design, with audio feedback that includes distinct alert tones and text-to-speech explanations. The tool can also phonetically read URLs to help users detect subtle link discrepancies. Integrated keyboard shortcuts allow users to quickly respond to warnings or access guidance without relying on a mouse. Additionally, the browser extension includes a built-in, accessible guidelines section that educates users on phishing threats, alongside compatibility with screen readers.
In my STS research, I took multiple studies alongside independent research to identify key vulnerabilities created by software features that made visually impaired people more susceptible to phishing attacks. The studies and research specifically examined current website and app design, available cybersecurity software, and screen readers to see how they interact with each other and the visually impaired user when under threat of phishing. My analysis concluded that systematic ignorance of this disenfranchised group left them much more vulnerable to phishing attacks due to inaccessible features, software malfunctions, and poor, messy web design. This points to a broader issue within the software development and tech industry, where accessibility is often discouraged in favor of rapid innovation and profit, resulting in tools that serve the majority while neglecting the needs of marginalized users. This diagnosis highlights the systematic issues that disabled individuals face that software engineers need to address when building programs.
As I delved into the research for my STS project, the problems that visually impaired people had to deal with when trying to protect their money and data were deeply troubling. It became clear that the tools meant to safeguard users often fail those who need them most. What should be basic protections, such as clear warnings, accessible interfaces, and functional assistive technology, act as barriers. This realization pushed me to think critically about how design choices, often made without considering marginalized users, can have real and harmful consequences. My technical project reaffirmed the need for accessibility to be a foundational part of cybersecurity, not an afterthought, and inspired me to advocate for more inclusive software that empowers. The STS perspective helped me to understand that simple design decisions carry ethical implications as well, and that engineers should strive to consider differently-abled users. Without the STS perspective, I would simply be another cog in the systematic exclusion perpetuated by the fast-paced software development industry.

School of Engineering and Applied Science

Bachelor of Science in Computer Science

Technical Advisor: Briana Morrison

STS Advisor: William Davis, Gerard J. Fitzgerald