Volkamer, Melanie ; Renaud, Karen ; Gerber, Paul (2016)
Spot the phish by checking the pruned URL.
In: Information and Computer Security, 24 (4)
doi: 10.1108/ICS-07-2015-0032
Artikel, Bibliographie
Kurzbeschreibung (Abstract)
Purpose Phishing is still a very popular and effective security threat and it takes, on average, more than a day to detect new Phish websites. Protection by purely technical means is hampered by this vulnerability window. During this window users need to act to protect themselves. To support users in doing so, we propose to first make users aware of the need to consult the address bar. Moreover, we propose to prune URL displayed in the address bar. We report on an evaluation of this proposal. Design/methodology/approach The paper opted for an online study with 411 participants, judging 16 websites - all with authentic design: half with legitimate and half with Phish URLs. We applied four popular widely-used types of URL manipulation techniques. We conducted a within-subject and between-subject study with participants randomly assigned to one of two groups (domain highlighting or pruning). We tested both proposals a repeated measures multivariate analysis of variance (MANOVA). Findings Our analysis shows a significant improvement in terms of Phish detection after providing the hint to check the address bar. Furthermore, our analysis shows a significant improvement in terms of Phish detection after the hint to check the address bar for uninitiated participants in the pruning group, as compared to those in the highlighting group. Research limitations/implications Because of the chosen research approach, the research results may lack generalisability. Therefore, researchers are encouraged to test the proposed propositions further. Practical implications This paper confirms the efficacy of URL pruning and of prompting users to consult the address bar for Phish detection. Originality/value This paper confirms the efficacy of URL pruning and of prompting users to consult the address bar for Phish detection.
| Typ des Eintrags: | Artikel |
|---|---|
| Erschienen: | 2016 |
| Autor(en): | Volkamer, Melanie ; Renaud, Karen ; Gerber, Paul |
| Art des Eintrags: | Bibliographie |
| Titel: | Spot the phish by checking the pruned URL |
| Sprache: | Englisch |
| Publikationsjahr: | September 2016 |
| Titel der Zeitschrift, Zeitung oder Schriftenreihe: | Information and Computer Security |
| Jahrgang/Volume einer Zeitschrift: | 24 |
| (Heft-)Nummer: | 4 |
| DOI: | 10.1108/ICS-07-2015-0032 |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | Purpose Phishing is still a very popular and effective security threat and it takes, on average, more than a day to detect new Phish websites. Protection by purely technical means is hampered by this vulnerability window. During this window users need to act to protect themselves. To support users in doing so, we propose to first make users aware of the need to consult the address bar. Moreover, we propose to prune URL displayed in the address bar. We report on an evaluation of this proposal. Design/methodology/approach The paper opted for an online study with 411 participants, judging 16 websites - all with authentic design: half with legitimate and half with Phish URLs. We applied four popular widely-used types of URL manipulation techniques. We conducted a within-subject and between-subject study with participants randomly assigned to one of two groups (domain highlighting or pruning). We tested both proposals a repeated measures multivariate analysis of variance (MANOVA). Findings Our analysis shows a significant improvement in terms of Phish detection after providing the hint to check the address bar. Furthermore, our analysis shows a significant improvement in terms of Phish detection after the hint to check the address bar for uninitiated participants in the pruning group, as compared to those in the highlighting group. Research limitations/implications Because of the chosen research approach, the research results may lack generalisability. Therefore, researchers are encouraged to test the proposed propositions further. Practical implications This paper confirms the efficacy of URL pruning and of prompting users to consult the address bar for Phish detection. Originality/value This paper confirms the efficacy of URL pruning and of prompting users to consult the address bar for Phish detection. |
| Freie Schlagworte: | Security, Usability and Society;Secure Data |
| ID-Nummer: | TUD-CS-2016-14684 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik > SECUSO - Security, Usability and Society LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra Profilbereiche > Cybersicherheit (CYSEC) LOEWE > LOEWE-Zentren 20 Fachbereich Informatik Profilbereiche LOEWE |
| Hinterlegungsdatum: | 11 Okt 2016 08:41 |
| Letzte Änderung: | 30 Mai 2018 13:00 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum