The Security and Privacy Experiences (SPEX) research group focuses on people as risk navigators within a web of social relationships, systems, and computation-in-the-loop.

To improve understanding of people's lived experiences and empower users to keep themselves and their loved ones safe, we draw on methods from human-computer interaction, design, software engineering, data science + applied statistics, and social psychology.

Find us on the 3rd floor of Woodward Hall in the Department of Software and Information Systems, College of Computing and Informatics, University of North Carolina at Charlotte. We also are on Facebook, Mastodon and Twitter.

Research Areas + Current Projects

Empirical Research

  • Improving usability of professional security tools
  • Who falls for SMS text message scams ("SMiShing") and why [Preprint]
  • Phishing and ransomware attacks on distributed energy resources [Poster]
  • Security + privacy concerns for vulnerable users of social media
  • Categorizing "dangerous" vs. hateful memes at scale

Human-Centered Systems Solutions

  • Human factors of safe, secure, and trustworthy large language models (LLMs)
  • Cybersecurity Buddy program and human-in-the-loop AI app [Poster]
  • Security/Privacy "Fitness" Tracker
  • Privacy Harms Research Infrastructure planning

Adoption Strategies

Research Papers

  • Cori Faklaris, Laura Dabbish, and Jason I. Hong. 2024. A Framework for Reasoning about Social Influences on Security and Privacy Adoption. In Extended Abstracts of the ACM Conference on Human Factors in Computing Systems (CHI EA 2024), May 11-16, 2024, Honolulu, HI, USA. ACM, New York, NY, USA, 13 pages. Available at: https://corifaklaris.com/files/framework_chi2024.pdf
  • Cori Faklaris, Heather Richter Lipford, and Sarah Tabassum. 2023. Preliminary Results from a U.S. Demographic Analysis of SMiSh Susceptibility. arXiv [cs.HC] preprint and white paper, 29 pages. University of North Carolina at Charlotte. Available at: https://arxiv.org/abs/2309.06322
  • Sauvik Das, Cori Faklaris, Jason I. Hong, and Laura A. Dabbish. 2022. The Security & Privacy Acceptance Framework (SPAF). Foundations and TrendsĀ® in Privacy and Security (December 2022): Vol. 5: No. 1-2, pp 1-143. http://dx.doi.org/10.1561/3300000026. Available at: https://corifaklaris.com/files/spaf_preprint.pdf
  • Serena Wang, Cori Faklaris, Junchao Lin, Jason I. Hong, and Laura Dabbish. 2022. "It's Problematic but I'm not Concerned": University Perspectives on Account Sharing. In Proc. ACM Hum.-Comput. Interact. 6, CSCW1, Article 68 (April 2022), 27 pages. ACM, New York, NY, USA. Available at: https://corifaklaris.com/files/campus_sharing.pdf
  • Cori Faklaris, Laura Dabbish, and Jason I. Hong. 2022. Do They Accept or Resist Cybersecurity Measures? Development and Validation of the 13-Item Security Attitude Inventory (SA-13). arxiv [cs.CR] preprint and white paper, 55 pages. Carnegie Mellon University. Available at: https://socialcybersecurity.org/files/SA13paper.pdf
  • Cori Faklaris, Laura Dabbish, and Jason I. Hong. 2022. Experimental Evidence for Using a TTM Stages of Change Model in Boosting Progress Toward 2FA Adoption. arxiv [cs.HC] preprint and white paper, 41 pages. Carnegie Mellon University. Available at: https://arxiv.org/abs/2205.06937
  • Yunpeng Song, Cori Faklaris, Zhongmin Cai, Jason I. Hong, and Laura Dabbish. 2019. Normal and Easy: Account Sharing Practices in the Workplace. In Proceedings of the ACM: Human-Computer Interaction, Vol. 3, Issue CSCW, November 2019. ACM, New York, NY, USA. Available at: https://socialcybersecurity.org/files/CSCW2019_NormalAndEasy.pdf
  • Cori Faklaris, Laura Dabbish and Jason I. Hong. 2019. A Self-Report Measure of End-User Security Attitudes (SA-6). In Proceedings of the Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association, Berkeley, CA, USA. Available at: https://www.usenix.org/system/files/soups2019-faklaris.pdf
  • Cheul Young Park, Cori Faklaris, Siyan Zhao, Alex Sciuto, Laura Dabbish and Jason I. Hong. 2018. Share and Share Alike? An Exploration of Secure Behaviors in Romantic Relationships. In Proceedings of the Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). USENIX Association, Berkeley, CA, USA. Available at: https://www.usenix.org/system/files/conference/soups2018/soups2018-park.pdf
  • Cori Faklaris. 2018. Social Cybersecurity and the Help Desk: New Ideas for IT Professionals to Foster Secure Workgroup Behaviors. Workshop paper in the Proceedings of the 4th Workshop on Security Information Workers (WSIW 2018), Aug. 12, 2018,in Baltimore, MD, USA. USENIX Association, Berkeley, CA, USA. DOI: https://doi. org/10.13140/RG.2.2.35580.23686

Research Posters

  • Matthew De La Rosa, Islam Obaidat, Cori Faklaris, and Meera Sridhar. 2023. Phishing and Ransomware Attacks in DERs. Poster and abstract for the "Smart and Secure Future Computing" Research Experiences for Undergraduates program, July 28, 2023, in Charlotte, NC, USA. Available at: https://spexlab.org/files/reuDer_poster.pdf
  • Akash Rajeev Bhatia and Cori Faklaris. 2023. Exploring the Impact of a Cybersecurity Buddy for Improving Attack Vulnerability. Poster and abstract for the UNC Charlotte Graduate Research Symposium, March 24, 2023, in Charlotte, NC, USA. (Second-place award, CCI.) Available at: https://spexlab.org/files/cybersecBuddy_poster.pdf
  • Cori Faklaris, Laura Dabbish and Jason Hong. 2018. Adapting the Transtheoretical Model for the Design of Security Interventions. Poster and abstract for the Fourteenth Symposium on Usable Privacy and Security Adjunct (SOUPS 2018), Aug. 12-14, 2018,in Baltimore, MD, USA. USENIX Association, Berkeley, CA, USA. DOI: https://doi.org/10.13140/RG.2.2.15447.57760