does domain highlighting help people identify phishing sites?
DESCRIPTION
Does Domain Highlighting Help People Identify Phishing Sites?. Eric Lin, Saul Greenberg Eileah Trotter, David Ma & John Aycock University of Calgary. Phishers. Fraudsters who steal user’s credentials . Login: Saul Password HCIisReallyCool Bank Bank of Antarctica - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/1.jpg)
Does Domain Highlighting Help People Identify Phishing Sites?
Eric Lin, Saul Greenberg Eileah Trotter, David Ma & John Aycock
University of Calgary
![Page 2: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/2.jpg)
Phishers
Fraudsters who steal user’s credentials
Login: SaulPassword HCIisReallyCoolBank Bank of Antarctica Account # 3444 555 6677
![Page 3: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/3.jpg)
Phishing SitesFraudulent web sites used to steal user’s credentials
![Page 4: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/4.jpg)
You’ve got mail
![Page 5: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/5.jpg)
Image modified from: http://www.briancuban.com/the-science-of-intelligent-design/
I’m way too smart for that!!!
Hah
![Page 6: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/6.jpg)
Delete
![Page 7: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/7.jpg)
You’ve got mail
![Page 8: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/8.jpg)
Let me check
![Page 9: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/9.jpg)
![Page 10: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/10.jpg)
Phishing site?
![Page 11: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/11.jpg)
![Page 12: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/12.jpg)
![Page 13: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/13.jpg)
![Page 14: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/14.jpg)
![Page 15: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/15.jpg)
![Page 16: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/16.jpg)
![Page 17: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/17.jpg)
Legitimate
www1.royalbank.com
![Page 18: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/18.jpg)
Fraudulent
www.paypa1.ca
![Page 19: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/19.jpg)
Fraudulent
www.amazon.ca.checkingoutbookonline.ca
![Page 20: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/20.jpg)
Legitimate
Websms.fido.page.ca
![Page 21: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/21.jpg)
Common URL Obfuscations
Similar name amazon.checkingoutbooksonline.ca
Letter substitution www.paypa1.com
IP addresses 192.168.111.112/login
Complex URLs www.login.xyz.flikr.net/config/login/ src-flickr.domain=secure.access 324a568x-pictauthor=frodo…
![Page 22: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/22.jpg)
Phishing site?
![Page 23: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/23.jpg)
www.sxwrestling.com/e107_lang...
![Page 24: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/24.jpg)
Domain name highlighting
![Page 25: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/25.jpg)
Does it work?
![Page 26: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/26.jpg)
Method
16 legitimate & fraudulent real web pages 4 different obfuscation methods used
22 participants
Phase 1. Rate safety of these web pages
Phase 2: Look at address bar for additional cues Redo safety ratings.
![Page 27: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/27.jpg)
‘Best case’ for domain highlighting
Participants • heavy internet users, university educated• heightened sense of security• rating security, not browsing, was primary task • directed to look at address bar (phase 2)
BUT• not instructed about domain names
![Page 28: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/28.jpg)
Phase 1
participants
leastcorrect
mostcorrect
![Page 29: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/29.jpg)
Phase 1
Legitimate pages54% correct31% unsure15% incorrect
![Page 30: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/30.jpg)
Phase 1
Legitimate pages54% correct31% unsure15% incorrect
Consequence
doesn’t enter legitimate site
![Page 31: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/31.jpg)
Phase 1
Legitimate pages54% correct31% unsure15% incorrect
Fraudulent pages25% correct18% unsure57% incorrect
![Page 32: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/32.jpg)
Phase 1
Legitimate pages54% correct31% unsure15% incorrect
Fraudulent pages25% correct18% unsure57% incorrect
Consequenceenters site,
vulnerable to identity theft
![Page 33: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/33.jpg)
Don’t be a fool, look at the address bar!!!
![Page 34: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/34.jpg)
Phase 2
![Page 35: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/35.jpg)
Phase 1
![Page 36: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/36.jpg)
Phase 2 changes
Changes
more correct
unchanged
more wrong
![Page 37: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/37.jpg)
Phase 2 changes
Legitimate pagesno significantdifferences in overall ratings
![Page 38: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/38.jpg)
Phase 2 changes
Legitimate pagesno significantdifferences in overall ratings
Fraudulent pages25→34 % correct
18→23% unsure
57→44 % incorrect
![Page 39: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/39.jpg)
Phase 2
Legitimate pagesno significantdifferences in overall ratings
Fraudulent pages25→34 % correct
18→23% unsure
57→44 % incorrect
ConsequenceSomewhat better, but still vulnerable
to identity theft
![Page 40: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/40.jpg)
How do people judge legitimacy?
Institutional brand• some brands considered more ‘trustworthy’
The page• content including professional layout• reviews suggesting others had visited it• security / privacy information
Information requested• sensitivity, quantity…
Address bar • URLs• security indicators
![Page 41: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/41.jpg)
Typology of Users
Type A • content and brand
Type B• address bar, security indicators, information requested
Type AB• mostly like Type A• occasionally like Type B
![Page 42: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/42.jpg)
participants leastcorrect
mostcorrect
Type B
A A A A A A A A A
B B B B B B B
AB AB AB AB AB AB
Type A
![Page 43: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/43.jpg)
Summary
Good news for phishers!– phishing web sites work– domain name highlighting only works somewhat
• best case: only ¼ - ⅓ of phishing pages detected
Phishers can target specific user groups– Type A & A/B
• very high risk for perfectly copied pages– Type B
• you can still fool them • domain name obfuscation works even better
![Page 44: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/44.jpg)
Summary
Good news for anti-phishing researchers! • lots to do: the phishing problem isn’t solved
Strategies?• education• UI redesign
– to get people to attend domain name– to highlight common spoofing methods within the domain name– …
![Page 45: Does Domain Highlighting Help People Identify Phishing Sites?](https://reader036.vdocuments.net/reader036/viewer/2022062501/56816863550346895ddeb37c/html5/thumbnails/45.jpg)
Does Domain Highlighting Help People Identify Phishing Sites?
Somewhat, but not enough