PRODUCT: Website ROLE: UX DESIGNER YEAR: 2017/2018
What is phishing?
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim. According to the Microsoft Computing Safety Index, the annual worldwide impact of phishing could be as high as US$5 billion.
Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate one and the only difference is the URL of the website in concern. Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with malware.
Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
Business need to adopt anti-phishing strategies to safeguard confidential information from competitors. One strategy for combating phishing is to train people to recognise phishing attempts, and to deal with them. Education can be effective, especially where training emphasises conceptual knowledge and provides direct feedback.
What is O’Phish? Top
O’phish is a platform that can be used to train employees of a company against phishing. O’phish is a Phishing Simulator and it delivers a complete solution to assess, train, and test employee vigilance across a company.
The main objective of this project is to create ux design deliverables to guide the team to improve the current user experience available on http://client.ophish.com/. O’phish interface must be intuitive and user friendly. The business goal being to attract and retain O’phish customers.
Project management and client relationship Top
We have a team of three people. A product owner, a developer and me. We work remotely. We have an open channel of communication and cooperative work. I suggest the plan and schedule, we defined the work process, prioritisation and milestones.
The opportunity Top
Discover what the user needs in order to plan and conduct successful training strategies agains phishing.
1. DISCOVERY Top
During this stage I conduct the research. I look at the competitive landscape and interview potential users.
Who are we Designing for Top
As part of the user research I define three personas who will be the primary users of O’phish:
1.1 Understanding the users Top
Methods: user interviews
During the research I conduct interviews and user tests to gain insight into what people experience when using O’phish website:
A) The user doesn’t know about the opportunities offered by O’phish
B) The users have problems signing in, creating a campaign and they don’t know what’s the outcome.
C) The users think phishing their employees for training purposes is useful. They have to trust O’phish not to use their personal information in an inappropriate way
“It would be great to find out who are the weak links in the company and offer them special training”.
1.2 What is currently out there Top
Methods: competitive analysis
We have conducted an extensive competitive research among direct competitors. Here’s a short summary that highlights a selection of competitors and the key findings that are relevant to our project.
Looking on what the competitors websites, their landing page is clear. They clearly explain the methods they use to tackle phishing. They offer demos, have testimonials and present the number of satisfied users.
1.3 Identify the best way to make O’phish user friendly Top
Methods: user flow
Current user flow to achieve the main objective on the website: create a campaign.
2. DEFINITION Top
2.1 What are the current pain points? Top
Determine how people approach O’phishing and what are the current pain points.
The pain points are related to filling up forms. Users don’t like forms because it takes time. Users don’t like :
· forms that ask questions you don’t know how to answer
· forms with multiple-choice questions that don’t have the choice you want
· forms that ask for too much information, or information you’d rather not give
· forms with huge quantities of information or confusing instructions
Estabilish trust: We must declare the purpose of the form. Why they should fill it, what benefits will they get by doing so and most importantly, how will the provided information be used by O’phish.
Reward the user: Everybody likes to be rewarded after completing a process. Sometimes a smaller yet immediate reward can be more motivating, than a bigger in the future. This can be done with simple feedback messages that the user has done a good job. We have to choose a reward that covers the effort of filling out the form.
3. DESIGN Top
Test initial ideas, create paper prototypes and digital wireframes
3.1 Idea generation Top
Methods: design studio
I brainstorm ideas around such topics as how the user can approach a phishing simulator, understand the results and analyse data. I test the current website with users and identify usability problems.
3.2 Testing initial ideas Top
Methods: rapid paper prototype, user testing
Based on the ideas generated during the brainstorm, I create rapid paper prototypes and test it with users. I go through several rounds of iterations to ensure that users could complete the tasks and understand the functionality behind the features.
3.3 Iterative evolution Top
Methods: paper prototypes, digital wireframes, user testing, clickable prototype in InVision.