An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks

13 years 10 months ago

Download www.usablesecurity.org

Abstract. In this usability study of phishing attacks and browser antiphishing defenses, 27 users each classiﬁed 12 web sites as fraudulent or legitimate. By dividing these users into three groups, our controlled study measured both the eﬀect of extended validation certiﬁcates that appear only at legitimate sites and the eﬀect of reading a help ﬁle about security features in Internet Explorer 7. Across all groups, we found that picturein-picture attacks showing a fake browser window were as eﬀective as the best other phishing technique, the homograph attack. Extended validation did not help users identify either attack. Additionally, reading the help ﬁle made users more likely to classify both real and fake web sites as legitimate when the phishing warning did not appear.

Collin Jackson, Daniel R. Simon, Desney S. Tan, Ad

Real-time Traffic

Browser Antiphishing Defenses | FC 2007 | Phishing | Web Sites |

claim paper

» Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis

» On DataCentric Trust Establishment in Ephemeral Ad Hoc Networks

» A Proxy View of Quality of Domain Name Service

» Checking threat modeling data flow diagrams for implementation conformance and security

» Enterprise Security A Community of Interest Based Approach

Post Info
More Details (n/a)

Added	07 Jun 2010
Updated	07 Jun 2010
Type	Conference
Year	2007
Where	FC
Authors	Collin Jackson, Daniel R. Simon, Desney S. Tan, Adam Barth

Comments (0)

Sciweavers

An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks

Browser Antiphishing Defenses | FC 2007 | Phishing | Web Sites |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers