This paper reports on a study exploring user experiences with suspicious emails and associated warnings when accessed through virtual reality (VR) headsets in realistic settings. A group of (n=20) Apple Vision Pro and another group of (n=20) Meta Quest 3 users were invited to sort through their own selection of Google mail suspicious emails through the VR headset. We asked them to verbalize the experience relative to how they assess the emails, what cues they use to determine their legitimacy, and what actions they would take for each suspicious email of their choice. We covertly sent a "false positive" suspicious email containing either a URL or an attachment (an email that is assigned a suspicious email warning but, in reality, is a legitimate one) and observed how participants would interact with it. Two participants clicked on the link (Apple Vision Pro), and one participant opened the attachment (Meta Quest 3). Upon close inspection, in all three instances, the participant "fell" for the phish because of the VR headsets' hypersensitive clicking and lack of ergonomic precision during the routine email sorting task. These and the other participants thus offered recommendations for implementing suspicious email warnings in VR environments, considerate of the immersiveness and ergonomics of the headsets' interface.

翻译：本文报告了一项研究，探讨用户在真实环境中通过虚拟现实（VR）头戴设备访问可疑邮件及相关警告时的体验。我们邀请了一组（n=20）Apple Vision Pro用户和另一组（n=20）Meta Quest 3用户，通过VR头戴设备筛选他们自己选择的Gmail可疑邮件。我们要求他们口头描述评估邮件的过程、判断邮件合法性所依据的线索，以及对他们选定的每封可疑邮件可能采取的行动。我们暗中发送了一封包含URL或附件的“误报”可疑邮件（即被标记为可疑警告但实际为合法的邮件），并观察参与者如何与之互动。两名参与者点击了链接（Apple Vision Pro），一名参与者打开了附件（Meta Quest 3）。经仔细分析，在这三起案例中，参与者“中招”的原因在于VR头戴设备在常规邮件筛选任务中存在的点击过度敏感及人体工学精度不足问题。基于这些发现及其他参与者的反馈，本文提出了在VR环境中实施可疑邮件警告的建议，这些建议充分考虑了头戴设备界面的沉浸特性与人体工学设计。