In a cognitive analysis of university students' responses to cyber-attacks performed by Saldaña Salguero et al. (2024), RealEye was used to track eye movements and understand decision-making processes in real-time. The study aimed to identify how different cognitive biases influenced students' vulnerability to cyber threats, such as phishing, password leaks, and unsafe open Wi-Fi networks. RealEye’s eye-tracking technology provided researchers with rich visual data that exposed how attention was distributed across elements of the screen, revealing how users interact with potentially malicious content.
One of the primary scenarios in which RealEye was used was a phishing email simulation. In this test, participants were presented with a seemingly normal email containing a malicious link. RealEye recorded the Average Time to First Fixation (Avg. TTFF) on crucial elements such as the sender’s email address, the subject line, and the link embedded in the body of the email. The data revealed that while participants initially focused on the sender's name—a potential indicator of phishing—many failed to scrutinize the body of the email. This behavior suggests that students were susceptible to cognitive biases, where they trusted the appearance of official communication without proper verification.
Heatmaps generated from the eye-tracking data vividly illustrated these tendencies. The email subject and the sender's name received the most concentrated attention, while the malicious link went largely unnoticed by a significant portion of the group. This failure to engage with the entire content of the message highlights a critical security gap—users are often too focused on peripheral elements, ignoring key indicators of risk.
Another component of the study usied RealEye to track participant behavior in response to open Wi-Fi network simulations. Students were shown a list of available Wi-Fi networks, including a legitimate university network and several suspicious, open networks. The eye-tracking data revealed that students overwhelmingly focused on the university's network, often disregarding the open, potentially harmful networks listed alongside it.
This phenomenon, explained by authority bias, showed that the participants placed undue trust in the university network due to its familiarity and perceived reliability, even though the study intentionally simulated insecure environments. RealEye data, including fixation counts and gaze duration, indicated that very little attention was paid to security-related elements, such as encryption types or network safety warnings.
In the password leak scenario, RealEye captured how students interacted with a page simulating a data breach. Participants were shown a warning message that their password may have been compromised, followed by fields prompting them to change their credentials. The eye-tracking analysis revealed that participants primarily focused on input fields for the new password and submit buttons, largely ignoring surrounding information about the breach’s details or recommended security measures.
This lack of attention to essential security instructions could be attributed to anchoring and Dunning–Kruger bias, wherein participants believed they already understood the necessary steps to secure their account, thereby ignoring critical details. The heatmaps from RealEye confirmed that participants’ focus was overwhelmingly directed toward action-oriented elements, such as buttons and text fields, rather than privacy warnings or further recommendations.
RealEye was also applied during a bait attack test. In this scenario, participants were presented with an offer to download a seemingly attractive resource, such as a free book or software, which was embedded with harmful malware. The bait test was designed to exploit Authority, Herd, and Urgency biases.
RealEye's tracking data revealed that a large number of students focused heavily on the “Download” button without fully examining the surrounding text that included suspicious indicators, such as unrealistic promises or unverified sources. Heatmaps demonstrated that attention was centered on the call-to-action areas, highlighting how curiosity can override caution. This failure to consider potential security risks aligns with the optimism bias, where users believe they are less likely to be victims of such attacks.
Through the application of RealEye’s eye-tracking technology, this study uncovered critical insights into how cognitive biases affect user behavior during cybersecurity threats. The detailed data on attention distribution across the user interface helped researchers understand where users are most and least likely to focus during moments of decision-making, offering a clearer picture of the psychological factors that make students vulnerable to cyber-attacks.
The findings emphasize the need for improved user education on cybersecurity practices. RealEye's data was fundamental in exposing these vulnerabilities, providing a roadmap for designing more effective security awareness programs and user interfaces that can help mitigate the influence of cognitive biases in cybersecurity scenarios.
Follow the steps below to start your own experiment with RealEye:
Account Creation and License Activation
Ready to set up your own study? Visit RealEye Support page to learn more and keep us posted on your results! 🚀
.png)
