Existing trust indicators—such as the HTTPS padlock—are ineffective for both adult and older smartphone users in detecting phishing websites, with 100% of participants failing to identify phishing sites; usability scores were also significantly low. Method: Through an age-inclusive user study (contextual tasks + interviews), usability evaluation, and comparative analysis, we identified that older adults heavily rely on social cues for trust assessment. Contribution/Results: We propose the first age-inclusive, multimodal trust decision framework, integrating social verification, community feedback, and lightweight AI assistance to support personalized trust judgments. Empirical evaluation demonstrates that our framework significantly improves older adults’ accuracy in trust decisions and their subjective perception of trustworthiness, validating a user-cognition–driven paradigm for designing cybersecurity mechanisms.

Owing to the increase in 'certified' phishing websites, there is a steady increase in the number of phishing cases and general susceptibility to phishing. Trust mechanisms (e.g., HTTPS Lock Indicators, SSL Certificates) that help differentiate genuine and phishing websites should therefore be evaluated for their effectiveness in preventing vulnerable users from accessing phishing websites. In this article, we present a study involving 18 adults (male-6; female-12) and 12 older adults (male-4; female-8) to understand the usability of current trust mechanisms and preferred modalities in a conceptualized mechanism. In the first part of the study, using Chrome browser on Android, we asked the participants to browse a banking website and a government website for digital particulars. We asked them to identify which one of the two was a phishing website, rate the usability of both websites and provide qualitative feedback on the trust mechanisms. In the second part, we conceptualized an alternative trust mechanism, which allows seeking social, community and AI-based support to make website trust-related decisions. Herein, we asked the participants as to which modality (social, community or AI) they prefer to seek support from and why it is preferred. Using the current trust mechanisms, none of the participants were able to identify the phishing website. As the participants rated the current mechanisms poorly in terms of usability, they expressed various difficulties that largely did not differ between adults and older adults. In the conceptualized mechanism, we observed a notable difference in the preferred modalities, in that, older adults primarily preferred social support. In addition to these overall findings, specific observations suggest that future trust mechanisms should not only consider age-specific needs but also incorporate substantial improvement in terms of usability.