Reading this may harm your computer: The psychology of malware warnings

• Effectiveness of browser malware warnings was tested.
• We confirmed the existence of status quo bias in browser usage.
• Psychology of persuasion findings were used to increase warnings effectiveness.
• We confirmed that individuals tend to ignore browser warnings.
• Many individuals rely on advice from friends when it comes to security.

Internet users face large numbers of security warnings, which they mostly ignore. To improve risk communication, warnings must be fewer but better. We report an experiment on whether compliance can be increased by using some of the social-psychological techniques the scammers themselves use, namely appeal to authority, social compliance, concrete threats and vague threats. We also investigated whether users turned off browser malware warnings (or would have, had they known how).