Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CHI
2006
ACM
2006
ACM
Why phishing works
To build systems shielding users from fraudulent (or phishing) websites, designers need to know which attack strategies work and why. This paper provides the first empirical evidence about which malicious strategies are successful at deceiving general users. We first analyzed a large set of captured phishing attacks and developed a set of hypotheses about why these strategies might work. We then assessed these hypotheses with a usability study in which 22 participants were shown 20 web sites and asked to determine which ones were fraudulent. We found that 23% of the participants did not look at browser-based cues such as the address bar, status bar and the security indicators, leading to incorrect choices 40% of the time. We also found that some visual deception attacks can fool even the most sophisticated users. These results illustrate that standard security indicators are not effective for a substantial fraction of users, and suggest that alternative approaches are needed. Author K...
Real-time TrafficCHI 2006 | Human Computer Interaction | Keywords Security Usability | Standard Security Indicators | Systems Shielding Users |
Related Content
| Added | 30 Nov 2009 |
| Updated | 30 Nov 2009 |
| Type | Conference |
| Year | 2006 |
| Where | CHI |
| Authors | Rachna Dhamija, J. D. Tygar, Marti A. Hearst |
Comments (0)
Researcher Info
|
