1 / 45

Does Domain Highlighting Help People Identify Phishing Sites?

Does Domain Highlighting Help People Identify Phishing Sites?. Eric Lin, Saul Greenberg Eileah Trotter, David Ma & John Aycock University of Calgary. Phishers. Fraudsters who steal user’s credentials . Login: Saul Password HCIisReallyCool Bank Bank of Antarctica

mayten
Download Presentation

Does Domain Highlighting Help People Identify Phishing Sites?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Does Domain Highlighting Help People Identify Phishing Sites? Eric Lin, Saul GreenbergEileah Trotter, David Ma & John Aycock University of Calgary

  2. Phishers Fraudsters who steal user’s credentials Login: Saul Password HCIisReallyCool Bank Bank of Antarctica Account # 3444 555 6677

  3. Phishing Sites Fraudulent web sites used to steal user’s credentials

  4. You’ve got mail

  5. I’m way too smart for that!!! Hah Image modified from: http://www.briancuban.com/the-science-of-intelligent-design/

  6. Delete

  7. You’ve got mail

  8. Let me check

  9. Phishing site?

  10. www1.royalbank.com Legitimate

  11. www.paypa1.ca Fraudulent

  12. www.amazon.ca.checkingoutbookonline.ca Fraudulent

  13. Websms.fido.page.ca Legitimate

  14. Common URL Obfuscations Similar name amazon.checkingoutbooksonline.ca Letter substitution www.paypa1.com IP addresses 192.168.111.112/login Complex URLs www.login.xyz.flikr.net/config/login/ src-flickr.domain=secure.access 324a568x-pictauthor=frodo…

  15. Phishing site?

  16. www.sxwrestling.com/e107_lang...

  17. Domain name highlighting

  18. Does it work?

  19. Method 16 legitimate & fraudulent real web pages 4 different obfuscation methods used 22 participants Phase 1. Rate safety of these web pages Phase 2: Look at address bar for additional cues Redo safety ratings.

  20. ‘Best case’ for domain highlighting Participants • heavy internet users, university educated • heightened sense of security • rating security, not browsing, was primary task • directed to look at address bar (phase 2) BUT • not instructed about domain names

  21. Phase 1 mostcorrect leastcorrect participants

  22. Phase 1 Legitimate pages 54% correct 31% unsure 15% incorrect

  23. Phase 1 Legitimate pages 54% correct 31% unsure 15% incorrect Consequence doesn’t enter legitimate site

  24. Phase 1 Legitimate pages 54% correct 31% unsure 15% incorrect Fraudulent pages 25% correct 18% unsure 57% incorrect

  25. Phase 1 Legitimate pages 54% correct 31% unsure 15% incorrect Fraudulent pages 25% correct 18% unsure 57% incorrect Consequence enters site, vulnerable to identity theft

  26. Don’t be a fool, look at the address bar!!!

  27. Phase 2

  28. Phase 1

  29. Phase 2 changes Changes more correct unchanged more wrong

  30. Phase 2 changes Legitimate pages no significantdifferences in overall ratings

  31. Phase 2 changes Legitimate pages no significantdifferences in overall ratings Fraudulent pages 25→34 % correct 18→23% unsure 57→44 % incorrect

  32. Phase 2 Legitimate pages no significantdifferences in overall ratings Fraudulent pages 25→34 % correct 18→23% unsure 57→44 % incorrect Consequence Somewhat better, but stillvulnerable to identity theft

  33. How do people judge legitimacy? Institutional brand • some brands considered more ‘trustworthy’ The page • content including professional layout • reviews suggesting others had visited it • security / privacy information Information requested • sensitivity, quantity… Address bar • URLs • security indicators

  34. Typology of Users Type A • content and brand Type B • address bar, security indicators, information requested Type AB • mostly like Type A • occasionally like Type B

  35. mostcorrect leastcorrect participants Type B A B B B B B A A AB B AB A A A A A A B AB AB AB AB Type A

  36. Summary Good news for phishers! • phishing web sites work • domain name highlighting only works somewhat • best case: only ¼ - ⅓ of phishing pages detected Phishers can target specific user groups • Type A & A/B • very high risk for perfectly copied pages • Type B • you can still fool them • domain name obfuscation works even better

  37. Summary Good news for anti-phishing researchers! • lots to do: the phishing problem isn’t solved Strategies? • education • UI redesign • to get people to attend domain name • to highlight common spoofing methods within the domain name • …

  38. Does Domain Highlighting Help People Identify Phishing Sites? Somewhat, but not enough

More Related