More Web Proxy on the site http://driver.im/

Article

Do security toolbars actually prevent phishing attacks?

Authors:

Robert C. Miller,

Simson L. GarfinkelAuthors Info & Claims

CHI '06: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Pages 601 - 610

https://doi.org/10.1145/1124772.1124863

Published: 22 April 2006 Publication History

Abstract

Security toolbars in a web browser show security-related information about a website to help users detect phishing attacks. Because the toolbars are designed for humans to use, they should be evaluated for usability -- that is, whether these toolbars really prevent users from being tricked into providing personal information. We conducted two user studies of three security toolbars and other browser security indicators and found them all ineffective at preventing phishing attacks. Even though subjects were asked to pay attention to the toolbar, many failed to look at it; others disregarded or explained away the toolbars' warnings if the content of web pages looked legitimate. We found that many subjects do not understand phishing attacks or realize how sophisticated such attacks can be.

References

[1]

Anti-Phishing Working Group. eBay -- NOTICE eBay Obligatory Verifying - Invalid User Information. March 9, 2004. http://www.antiphishing.org/phishing_archive/ eBay_03-09-04.htm

[2]

Anti-Phishing Working Group. Phishing Activity Trends Report, March 2005. http://antiphishing.org/ APWG_Phishing_Activity_Report_March_2005.pdf

[3]

Bank, D. 'Spear Phishing' Tests Educate People About Online Scams. The Wall Street Journal. August 17, 2005.

[4]

BBC News. Passwords revealed by sweet deal. http://news.bbc.co.uk/1/hi/technology/3639679.stm

[5]

Chou, N., Ledesma, R., Teraguchi, Y., Mitchell, J.C. Client-Side Defense Against Web-Based Identity Theft. 11th Annual Network and Distributed System Security Symposium (2004).

[6]

Dhamija, R. Tygar, J.D. The Battle Against Phishing: Dynamic Security Skins. Symposium on Usable Privacy and Security (2005), pp. 77--88.

Digital Library

[7]

eBay Toolbar and Account Guard. http://pages. ebay.com/help/confidence/account-guard.html

[8]

Emigh, A. Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures. ITTC Report on Online Identity Theft Technology and Countermeasures. October 3, 2005. http://www.antiphishing.org/Phishing-dhs-report.pdf

[9]

Federal Bureau of Investigation, Department of Justice. FBI Says Web 'Spoofing' Scams are a Growing Problem. 2003. http://www.fbi.gov/pressrel/pressrel03 /spoofing072103.htm

[10]

Fluendy, S. Phishing targeting online outlets. Computer Crime Research Center. March 16, 2005. http://www. crime-research.org/news/03.16.2005/1050/

[11]

Fogg, B.J, et al. What makes Web sites credible?: a report on a large quantitative study. CHI 2001, pp. 61--68.

Digital Library

[12]

Google Safe Browsing for Firefox. 2005. http://www.google.com/tools/firefox/safebrowsing/.

[13]

Herzberg, A., Gbara, A. TrustBar: Protecting (even Naïve) Web Users from Spoofing and Phishing Attacks. 2004. http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm.

[14]

Jagatic, T., Johnson, N., Jakobsson, M., Menczer, F. Social Phishing. School of Informatics & Dept. of Computer Science, Indiana University. 2005. http:// informatics.indiana.edu/fil/Net/social_phishing.pdf

[15]

Leyden, J. US phishing losses hit $500m. The Register. September 29, 2004.

[16]

Netcraft Toolbar. 2004. http://toolbar.netcraft.com/.

[17]

Norman, D. A. Design rules based on analyses of human error. CACM, v26 n4 (April 1983), pp. 254--258.

Digital Library

[18]

PassMark. 2005. http://www.passmarksecurity.com/

[19]

Sharif, T. Phishing Filter in IE7, September 9, 2006. http://blogs.msdn.com/ie/archive/2005/09/09/463204.aspx

[20]

SpoofStick. 2004. http://www.spoofstick.com/.

[21]

Sullivan, B. Consumers still falling for phish. MSNBC. July 28, 2004. http://www.msnbc.msn.com/id/5519990/

[22]

Whalen, T., Inkpen, K. Gathering Evidence: Use of Visual Security Cues in Web Browsing. Graphics Interface 2005.

Digital Library

[23]

Whitten, A., Tygar, J.D. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. 8th Usenix Security Symposium, 1999, pp. 169--184.

Digital Library

[24]

Wu, M., Garfinkel, S., Miller, R. Secure Web Authentication with Mobile Phones. DIMACS Workshop on Usable Privacy and Security Software, 2004.

Cited By

Li KRamokapane KRashid A(2024)Usability Study of Security Features in Programmable Logic ControllersProceedings of the 2024 European Symposium on Usable Security10.1145/3688459.3688471(200-219)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3688459.3688471
Sun ZKokulu FZhang POest AStringhini GBao TWang RShoshitaishvili YDoupé AAhn G(2024)From Victims to Defenders: An Exploration of the Phishing Attack Reporting EcosystemProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678926(49-64)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678926
Hoad TKarafili E(2024)A Web Browser Plugin for Users' Security AwarenessProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670439(1-7)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670439
Show More Cited By

Index Terms

Do security toolbars actually prevent phishing attacks?
1. Human-centered computing
  1. Human computer interaction (HCI)
2. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Web wallet: preventing phishing attacks by revealing user intentions
SOUPS '06: Proceedings of the second symposium on Usable privacy and security

We introduce a new anti-phishing solution, the Web Wallet. The Web Wallet is a browser sidebar which users can use to submit their sensitive information online. It detects phishing attacks by determining where users intend to submit their information ...
Circumventing security toolbars and phishing filters via rogue wireless access points

One of the solutions that has been widely used by naive users to protect against phishing attacks is security toolbars or phishing filters in web browsers. The present study proposes a new attack to bypass security toolbars and phishing filters via ...
Phishing and Penetrating Attacks Volume 1 Anti Phishing Training CyberE-security: Cyber E-security Level 101 Make yourself safe on the internet

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI '06: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

April 2006

1353 pages

ISBN:1595933727

DOI:10.1145/1124772

Editors:
Rebecca Grinter
Georgia Institute of Technology, USA
,
Thomas Rodden
University of Nottingham, UK
,
Paul Aoki
Intel, USA
,
Ed Cutrell
Microsoft, USA
,
Robin Jeffries
Google, USA
,
Gary Olson
University of Michigan, USA

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 April 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CHI06

Sponsor:

CHI06: CHI 2006 Conference on Human Factors in Computing Systems

April 22 - 27, 2006

Québec, Montréal, Canada

Acceptance Rates

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

365
Total Citations
View Citations
5,040
Total Downloads

Downloads (Last 12 months)132
Downloads (Last 6 weeks)18

Reflects downloads up to 30 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li KRamokapane KRashid A(2024)Usability Study of Security Features in Programmable Logic ControllersProceedings of the 2024 European Symposium on Usable Security10.1145/3688459.3688471(200-219)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3688459.3688471
Sun ZKokulu FZhang POest AStringhini GBao TWang RShoshitaishvili YDoupé AAhn G(2024)From Victims to Defenders: An Exploration of the Phishing Attack Reporting EcosystemProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678926(49-64)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678926
Hoad TKarafili E(2024)A Web Browser Plugin for Users' Security AwarenessProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670439(1-7)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670439
Burda PAllodi LZannone N(2024)Cognition in Social Engineering Empirical Research: A Systematic Literature ReviewACM Transactions on Computer-Human Interaction10.1145/363514931:2(1-55)Online publication date: 29-Jan-2024
https://dl.acm.org/doi/10.1145/3635149
Berens BSchaub FMossano MVolkamer M(2024)Better Together: The Interplay Between a Phishing Awareness Video and a Link-centric Phishing Support ToolProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642843(1-60)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642843
Wang ZKulkarni CWilcox LTerry MMadaio M(2024)Farsight: Fostering Responsible AI Awareness During AI Application PrototypingProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642335(1-40)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642335
Shrestha AFlood ASohrawardi SWright MAl-Ameen M(2024)A First Look into Targeted Clickbait and its Countermeasures: The Power of StorytellingProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642301(1-23)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642301
Konstantinou LPanos DKarapanos E(2024)Exploring the Design of Technology-Mediated Nudges for Online MisinformationInternational Journal of Human–Computer Interaction10.1080/10447318.2023.2301265(1-28)Online publication date: 17-Jan-2024
https://doi.org/10.1080/10447318.2023.2301265
Lau EPeterson ZCalandrino JTroncoso C(2023)A research framework and initial study of browser security for the visually impairedProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620499(4679-4696)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620499
Bhawna Bisman S(2023)An extensive overview on dark webi-manager's Journal on Digital Forensics & Cyber Security10.26634/jdf.1.2.194591:2(36)Online publication date: 2023
https://doi.org/10.26634/jdf.1.2.19459
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents