Please use this identifier to cite or link to this item:
Title: Does Domain Highlighting Help People Identify Phishing Sites
Authors: Lin, Eric
Greenberg, Saul
Trotter, Eileah
Ma, David
Aycock, John
Keywords: Phishing, domain highlighting
Issue Date: 5-Oct-2010
Abstract: Phishers are fraudsters that mimic legitimate websites to steal user’s credential information and exploit that information for identity theft and other criminal activities. Various anti-phishing techniques attempt to mitigate such attacks. Domain highlighting is one such approach recently incorporated by several popular web browsers. The idea is simple: the domain name of an address is highlighted in the address bar, so that users can inspect it to determine a web site’s legitimacy. Our research asks a basic question: how well does domain highlighting work? To answer this, we showed 22 participants 16 web pages typical of those targeted for phishing attacks, where participants had to determine the page’s legitimacy. In the first round, they judged the page’s legitimacy by whatever means they chose. In the second round, they were directed specifically to look at the address bar. We found that participants fell into 3 types in terms of how they determined the legitimacy of a web page; while domain highlighting was somewhat effective for one user type, it was much less effective for others. We conclude that domain highlighting, while providing some benefit, cannot be relied upon as the sole method to prevent phishing attacks.
Appears in Collections:Greenberg, Saul
Aycock, John

Files in This Item:
File Description SizeFormat 
2010-978-27.pdf422.41 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.