Does domain highlighting help people identify phishing sites
Download
1 / 45

Does Domain Highlighting Help People Identify Phishing Sites? - PowerPoint PPT Presentation


  • 121 Views
  • Uploaded on

Does Domain Highlighting Help People Identify Phishing Sites?. Eric Lin, Saul Greenberg Eileah Trotter, David Ma & John Aycock University of Calgary. Phishers. Fraudsters who steal user’s credentials . Login: Saul Password HCIisReallyCool Bank Bank of Antarctica

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Does Domain Highlighting Help People Identify Phishing Sites?' - mayten


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Does domain highlighting help people identify phishing sites

Does Domain Highlighting Help People Identify Phishing Sites?

Eric Lin, Saul GreenbergEileah Trotter, David Ma & John Aycock

University of Calgary


Phishers

Phishers Sites?

Fraudsters who steal user’s credentials

Login: Saul

Password HCIisReallyCool

Bank Bank of Antarctica

Account # 3444 555 6677


Phishing sites

Phishing Sites Sites?

Fraudulent web sites used to steal user’s credentials



I’m way too smart for that!!! Sites?

Hah

Image modified from: http://www.briancuban.com/the-science-of-intelligent-design/


Delete Sites?



Let me check Sites?



www1.royalbank.com Sites?

Legitimate


www.paypa Sites?1.ca

Fraudulent


www.amazon.ca. Sites?checkingoutbookonline.ca

Fraudulent


Websms.fido.page.ca Sites?

Legitimate


Common url obfuscations
Common URL Obfuscations Sites?

Similar name amazon.checkingoutbooksonline.ca

Letter substitution www.paypa1.com

IP addresses 192.168.111.112/login

Complex URLs www.login.xyz.flikr.net/config/login/ src-flickr.domain=secure.access 324a568x-pictauthor=frodo…



www.sxwrestling.com Sites?/e107_lang...




Method
Method Sites?

16 legitimate & fraudulent real web pages

4 different obfuscation methods used

22 participants

Phase 1. Rate safety of these web pages

Phase 2: Look at address bar for additional cues Redo safety ratings.


Best case for domain highlighting
‘Best case’ for domain highlighting Sites?

Participants

  • heavy internet users, university educated

  • heightened sense of security

  • rating security, not browsing, was primary task

  • directed to look at address bar (phase 2)

    BUT

  • not instructed about domain names


Phase 1
Phase 1 Sites?

mostcorrect

leastcorrect

participants


Phase 11
Phase 1 Sites?

Legitimate pages

54% correct

31% unsure

15% incorrect


Phase 12
Phase 1 Sites?

Legitimate pages

54% correct

31% unsure

15% incorrect

Consequence

doesn’t enter legitimate site


Phase 13
Phase 1 Sites?

Legitimate pages

54% correct

31% unsure

15% incorrect

Fraudulent pages

25% correct

18% unsure

57% incorrect


Phase 14
Phase 1 Sites?

Legitimate pages

54% correct

31% unsure

15% incorrect

Fraudulent pages

25% correct

18% unsure

57% incorrect

Consequence

enters site, vulnerable to identity theft


Don’t be a fool, Sites?

look at the address bar!!!


Phase 2
Phase 2 Sites?


Phase 15
Phase 1 Sites?


Phase 2 changes
Phase 2 changes Sites?

Changes

more correct

unchanged

more wrong


Phase 2 changes1
Phase 2 changes Sites?

Legitimate pages

no significantdifferences in overall ratings


Phase 2 changes2
Phase 2 changes Sites?

Legitimate pages

no significantdifferences in overall ratings

Fraudulent pages

25→34 % correct

18→23% unsure

57→44 % incorrect


Phase 21
Phase 2 Sites?

Legitimate pages

no significantdifferences in overall ratings

Fraudulent pages

25→34 % correct

18→23% unsure

57→44 % incorrect

Consequence

Somewhat better, but stillvulnerable to identity theft


How do people judge legitimacy
How do people judge legitimacy? Sites?

Institutional brand

  • some brands considered more ‘trustworthy’

    The page

  • content including professional layout

  • reviews suggesting others had visited it

  • security / privacy information

    Information requested

  • sensitivity, quantity…

    Address bar

  • URLs

  • security indicators


Typology of users
Typology of Users Sites?

Type A

  • content and brand

    Type B

  • address bar, security indicators, information requested

    Type AB

  • mostly like Type A

  • occasionally like Type B


most Sites?correct

leastcorrect

participants

Type B

A

B

B

B

B

B

A

A

AB

B

AB

A

A

A

A

A

A

B

AB

AB

AB

AB

Type A


Summary
Summary Sites?

Good news for phishers!

  • phishing web sites work

  • domain name highlighting only works somewhat

    • best case: only ¼ - ⅓ of phishing pages detected

      Phishers can target specific user groups

  • Type A & A/B

    • very high risk for perfectly copied pages

  • Type B

    • you can still fool them

    • domain name obfuscation works even better


Summary1
Summary Sites?

Good news for anti-phishing researchers!

  • lots to do: the phishing problem isn’t solved

    Strategies?

  • education

  • UI redesign

    • to get people to attend domain name

    • to highlight common spoofing methods within the domain name



ad