The Security and Privacy Experiences (SPEX) research group focuses on people as risk navigators within a web of social relationships, systems, and computation-in-the-loop.

To improve understanding of people's lived experiences and empower users to keep themselves and their loved ones safe, we draw on methods from human-computer interaction, design, software engineering, data science + applied statistics, and social psychology.

Find us on the 3rd floor of Woodward Hall in the Department of Software and Information Systems, College of Computing and Informatics, University of North Carolina at Charlotte. We also are on Facebook, Mastodon and Twitter.

Research Areas + Current Projects

Empirical Research

  • Improving usability of professional security tools [Workshop preprint]
  • Who falls for SMS text message scams ("SMiShing") and why [Survey preprint] [Interview paper]
  • Phishing and ransomware attacks on distributed energy resources [Poster]
  • Security + privacy concerns for vulnerable users of social media [Workshop preprint]
  • Categorizing "dangerous" vs. hateful memes at scale
  • U.S. and N.C. public opinion about AI and AI regulation [May 2024 survey]

Human-Centered Systems Solutions

  • Human factors of safe, secure, and trustworthy large language models (LLMs)
  • Cybersecurity Buddy program and human-in-the-loop AI app [Poster]
  • Security/Privacy "Fitness" Tracker
  • Privacy Harms Research Infrastructure planning

Adoption Strategies

Conference and Journal Papers

  • Jacob Hopkins, Carlos Rubio Medrano, and Cori Faklaris. 2025. The Price Should Be Right: Exploring User Perspectives on Data Sharing Negotiations. To appear in Proceedings of the Fifteenth Usable Security and Privacy Symposium (USEC 2025), Feb. 24, 2025, in San Diego, CA, USA. Internet Society, Reston, VA, and Geneva, Switzerland. Preprint to come.
  • Sarah Tabassum, Cori Faklaris, and Heather Richter Lipford. 2024. What Drives SMiShing Susceptibility? A U.S. Interview Study of How and Why Mobile Phone Users Judge Text Messages to be Real or Fake. In Proceedings of the Twentieth Symposium on Usable Privacy and Security (SOUPS 2024). USENIX Association, Berkeley, CA, USA. Preprint: https://spexlab.org/files/soups2024_smishing.pdf
  • Cori Faklaris, Laura Dabbish, and Jason I. Hong. 2024. A Framework for Reasoning about Social Influences on Security and Privacy Adoption. In Extended Abstracts of the ACM Conference on Human Factors in Computing Systems (CHI EA 2024), May 11-16, 2024, Honolulu, HI, USA. ACM, New York, NY, USA, 13 pages. Available at: https://corifaklaris.com/files/framework_chi2024.pdf
  • Sauvik Das, Cori Faklaris, Jason I. Hong, and Laura A. Dabbish. 2022. The Security & Privacy Acceptance Framework (SPAF). Foundations and TrendsĀ® in Privacy and Security (December 2022): Vol. 5: No. 1-2, pp 1-143. http://dx.doi.org/10.1561/3300000026. Available at: https://corifaklaris.com/files/spaf_preprint.pdf
  • Serena Wang, Cori Faklaris, Junchao Lin, Jason I. Hong, and Laura Dabbish. 2022. "It's Problematic but I'm not Concerned": University Perspectives on Account Sharing. In Proc. ACM Hum.-Comput. Interact. 6, CSCW1, Article 68 (April 2022), 27 pages. ACM, New York, NY, USA. Available at: https://corifaklaris.com/files/campus_sharing.pdf
  • Yunpeng Song, Cori Faklaris, Zhongmin Cai, Jason I. Hong, and Laura Dabbish. 2019. Normal and Easy: Account Sharing Practices in the Workplace. In Proceedings of the ACM: Human-Computer Interaction, Vol. 3, Issue CSCW, November 2019. ACM, New York, NY, USA. Available at: https://socialcybersecurity.org/files/CSCW2019_NormalAndEasy.pdf
  • Cori Faklaris, Laura Dabbish and Jason I. Hong. 2019. A Self-Report Measure of End-User Security Attitudes (SA-6). In Proceedings of the Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association, Berkeley, CA, USA. Available at: https://www.usenix.org/system/files/soups2019-faklaris.pdf
  • Cheul Young Park, Cori Faklaris, Siyan Zhao, Alex Sciuto, Laura Dabbish and Jason I. Hong. 2018. Share and Share Alike? An Exploration of Secure Behaviors in Romantic Relationships. In Proceedings of the Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). USENIX Association, Berkeley, CA, USA. Available at: https://www.usenix.org/system/files/conference/soups2018/soups2018-park.pdf

Workshop Papers and Technical Reports

  • Prakruthi Reddy and Cori Faklaris. 2024. Usability for Digital Forensics Professionals (Work in Progress). Workshop paper in the Proceedings of the 10th Workshop on Security Information Workers (WSIW 2024), Aug. 11, 2024,in Philadelphia, PA, USA. USENIX Association, Berkeley, CA, USA. Available at: https://spexlab.org/files/WSIW2024_dfir.pdf
  • Sarah Tabassum and Cori Faklaris. 2024. Understanding Privacy and Security Challenges of First-Generation Educational Migrants in the USA: A Proposal for Research. Workshop paper in the Proceedings of the 9th Workshop on Inclusive Privacy and Security (WIPS 2024), Aug. 9, 2024, remote. USENIX Association, Berkeley, CA, USA. Available at: https://spexlab.org/files/wips2024_students.pdf
  • Cori Faklaris, Heather Richter Lipford, and Sarah Tabassum. 2023. Preliminary Results from a U.S. Demographic Analysis of SMiSh Susceptibility. arXiv [cs.HC] preprint and white paper, 29 pages. University of North Carolina at Charlotte. Available at: https://arxiv.org/abs/2309.06322
  • Cori Faklaris, Laura Dabbish, and Jason I. Hong. 2022. Do They Accept or Resist Cybersecurity Measures? Development and Validation of the 13-Item Security Attitude Inventory (SA-13). arxiv [cs.CR] preprint and white paper, 55 pages. Carnegie Mellon University. Available at: https://socialcybersecurity.org/files/SA13paper.pdf
  • Cori Faklaris, Laura Dabbish, and Jason I. Hong. 2022. Experimental Evidence for Using a TTM Stages of Change Model in Boosting Progress Toward 2FA Adoption. arxiv [cs.HC] preprint and white paper, 41 pages. Carnegie Mellon University. Available at: https://arxiv.org/abs/2205.06937
  • Cori Faklaris. 2018. Social Cybersecurity and the Help Desk: New Ideas for IT Professionals to Foster Secure Workgroup Behaviors. Workshop paper in the Proceedings of the 4th Workshop on Security Information Workers (WSIW 2018), Aug. 12, 2018,in Baltimore, MD, USA. USENIX Association, Berkeley, CA, USA. DOI: https://doi. org/10.13140/RG.2.2.35580.23686

Research Posters

  • Matthew De La Rosa, Islam Obaidat, Cori Faklaris, and Meera Sridhar. 2023. Phishing and Ransomware Attacks in DERs. Poster and abstract for the "Smart and Secure Future Computing" Research Experiences for Undergraduates program, July 28, 2023, in Charlotte, NC, USA. Available at: https://spexlab.org/files/reuDer_poster.pdf
  • Akash Rajeev Bhatia and Cori Faklaris. 2023. Exploring the Impact of a Cybersecurity Buddy for Improving Attack Vulnerability. Poster and abstract for the UNC Charlotte Graduate Research Symposium, March 24, 2023, in Charlotte, NC, USA. (Second-place award, CCI.) Available at: https://spexlab.org/files/cybersecBuddy_poster.pdf
  • Cori Faklaris, Laura Dabbish and Jason Hong. 2018. Adapting the Transtheoretical Model for the Design of Security Interventions. Poster and abstract for the Fourteenth Symposium on Usable Privacy and Security Adjunct (SOUPS 2018), Aug. 12-14, 2018,in Baltimore, MD, USA. USENIX Association, Berkeley, CA, USA. DOI: https://doi.org/10.13140/RG.2.2.15447.57760