An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks

Collin Jackson, Daniel R. Simon, Desney S. Tan and Adam Barth

View Related Documents

Book Chapter
Extended Web Site Security Functionality
2007, Practical Internet Security, Part XI, Pages 325-329
- Download PDF (54.8 KB)
Journal Article
Usability evaluation of anti-phishing toolbars
Linfeng Li and Marko Helenius
Journal in Computer Virology, 2007, Volume 3, Number 2, Pages 163-184
- Download PDF (1.3 MB)
- View HTML
Book Chapter
Phoolproof Phishing Prevention
Bryan Parno, Cynthia Kuo and Adrian Perrig
Lecture Notes in Computer Science, 2006, Volume 4107, Financial Cryptography and Data Security, Pages 1-19
- Download PDF (394.3 KB)
Book Chapter
On the Effectiveness of Techniques to Detect Phishing Sites
Christian Ludl, Sean McAllister, Engin Kirda and Christopher Kruegel
Lecture Notes in Computer Science, 2007, Volume 4579, Detection of Intrusions and Malware, and Vulnerability Assessment, Pages 20-39
- Download PDF (414.5 KB)
Book Chapter
Exploring User Reactions to New Browser Cues for Extended Validation Certificates
Jennifer Sobey, Robert Biddle, P. C. van Oorschot and Andrew S. Patrick
Lecture Notes in Computer Science, 2008, Volume 5283, Computer Security - ESORICS 2008, Pages 411-427
- Download PDF (567.1 KB)
Book Chapter
What Instills Trust? A Qualitative Study of Phishing
Markus Jakobsson, Alex Tsow, Ankur Shah, Eli Blevis and Youn-Kyung Lim
Lecture Notes in Computer Science, 2007, Volume 4886, Financial Cryptography and Data Security, Pages 356-361
- Download PDF (230.0 KB)
Book Chapter
Cross-Domain Security in Web Applications
2007, Foundations of Security, Part 2, Pages 155-196
- Download PDF (270.0 KB)
Book Chapter
Analysis and Improvement of Anti-Phishing Schemes
Dinei Florêncio and Cormac Herley
IFIP International Federation for Information Processing, 2006, Volume 201, Security and Privacy in Dynamic Environments, Pages 148-157
- Download PDF (630.3 KB)
Book Chapter
WSKE: Web Server Key Enabled Cookies
Chris Masone, Kwang-Hyun Baek and Sean Smith
Lecture Notes in Computer Science, 2007, Volume 4886, Financial Cryptography and Data Security, Pages 294-306
- Download PDF (1.4 MB)
Journal Article
Evolution of cross site request forgery attacks
Renaud Feil and Louis Nyffenegger
Journal in Computer Virology, 2008, Volume 4, Number 1, Pages 61-71
- Download PDF (599.6 KB)

Abstract

In this usability study of phishing attacks and browser anti-phishing defenses, 27 users each classified 12 web sites as fraudulent or legitimate. By dividing these users into three groups, our controlled study measured both the effect of extended validation certificates that appear only at legitimate sites and the effect of reading a help file about security features in Internet Explorer 7. Across all groups, we found that picture-in-picture attacks showing a fake browser window were as effective as the best other phishing technique, the homograph attack. Extended validation did not help users identify either attack. Additionally, reading the help file made users more likely to classify both real and fake web sites as legitimate when the phishing warning did not appear.

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks

View Related Documents

Abstract

Fulltext Preview