Does Domain Highlighting Help People Identify Phishing Sites
Date
2010-10-05T14:52:52Z
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Phishers are fraudsters that mimic legitimate websites to
steal user’s credential information and exploit that
information for identity theft and other criminal activities.
Various anti-phishing techniques attempt to mitigate such
attacks. Domain highlighting is one such approach recently
incorporated by several popular web browsers. The idea is
simple: the domain name of an address is highlighted in the
address bar, so that users can inspect it to determine a web
site’s legitimacy. Our research asks a basic question: how
well does domain highlighting work? To answer this, we
showed 22 participants 16 web pages typical of those
targeted for phishing attacks, where participants had to
determine the page’s legitimacy. In the first round, they
judged the page’s legitimacy by whatever means they
chose. In the second round, they were directed specifically
to look at the address bar. We found that participants fell
into 3 types in terms of how they determined the legitimacy
of a web page; while domain highlighting was somewhat
effective for one user type, it was much less effective for
others. We conclude that domain highlighting, while
providing some benefit, cannot be relied upon as the sole
method to prevent phishing attacks.
Description
Keywords
Phishing, domain highlighting