Kami Vaniea

Kami Vaniea

Associate Professor, University of Waterloo

presentation

Fighting Phishing Together

The Power of AI-Human Collaboration

IMPACT2025 logo white

Presentation overview

Phishing messages aimed at stealing facts, resources, and money from people have long plagued our inboxes, leading to time spent on security education and screen space lost to “don’t click on links” warnings. People talk about how obvious such messages are, while at the same time filters can’t seem to catch even seemingly blatant extortion schemes demanding bitcoin. While many scams can seem obvious or simply annoying, the wrong scam at the wrong time can seem amazingly realistic and be very expensive for consumers and businesses alike.

Addressing phishing means accepting that the effectiveness of phishing is really an authentication issue. Identifying if the true source of an email is the same as the claimed source is challenging for both humans and computers, though for different reasons. Phishing is also a particularly AI-hostile environment where the attacker is actively trying to present the communication one way to the computer/AI and a different way to the human recipient.

But there is good news: humans, unlike computers, are not deterministic. So while a phishing email might be designed to fool a computer system 100% of the time, it will perform very differently on people with some of them engaging and others identifying its phishing nature. Solving phishing requires an acceptance of the differing skills of computers and humans and finding ways for them to work together in partnership. Not just with humans error-checking computer output, but true partnership where each contributes to a combined safer outcome.

Biography

Kami Vaniea is an esteemed Associate Professor in Usable Security and Privacy at the University of Waterloo’s Department of Electrical and Computer Engineering. With a keen interest in the human factors of security and privacy, her research spans a wide range of topics including phishing scam protection, software update challenges, developer-centered security, and social media privacy.

Through her extensive research and academic endeavors, Kami has made significant contributions to the field of usable security and privacy, continuously exploring the challenges and solutions that arise in the dynamic landscape of cybersecurity.