Sciweavers

FC
2007
Springer

An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks

14 years 5 months ago
An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks
Abstract. In this usability study of phishing attacks and browser antiphishing defenses, 27 users each classified 12 web sites as fraudulent or legitimate. By dividing these users into three groups, our controlled study measured both the effect of extended validation certificates that appear only at legitimate sites and the effect of reading a help file about security features in Internet Explorer 7. Across all groups, we found that picturein-picture attacks showing a fake browser window were as effective as the best other phishing technique, the homograph attack. Extended validation did not help users identify either attack. Additionally, reading the help file made users more likely to classify both real and fake web sites as legitimate when the phishing warning did not appear.
Collin Jackson, Daniel R. Simon, Desney S. Tan, Ad
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Where FC
Authors Collin Jackson, Daniel R. Simon, Desney S. Tan, Adam Barth
Comments (0)