Usability evaluation of anti-phishing toolbars
详细信息    查看全文
  • 作者:Linfeng Li ; Marko Helenius
  • 刊名:Journal of Computer Virology and Hacking Techniques
  • 出版年:2007
  • 出版时间:June 2007
  • 年:2007
  • 卷:3
  • 期:2
  • 页码:163-184
  • 全文大小:1,334 KB
  • 参考文献:1.Anti-phishing working group (APWG): Phishing attack Trends Report鈥擬arch 2006 (2006). http://鈥媤ww.鈥媋ntiphishing.鈥媜rg/鈥媟eports/鈥媋pwg_鈥媟eport_鈥媘ar_鈥?6.鈥媝df.鈥?Cited 9 Nov 2006
    2.Chou, N., Ledesma, R., Teraguchi, Y., Boneh, D., Mitchell, J.C.: SpoofGuard (2004). http://鈥媍rypto.鈥媠tanford.鈥媏du/鈥婼poofGuard/鈥?鈥?Cited 27 July 2006
    3.Downs, J., Holbrook, M., Cranor, L.: Decision strategies and susceptibility to phishing. In: Proceedings of the 2006 symposium On usable privacy and security, pp. 79鈥?0 (2006)
    4.Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: The proceedings of the conference on human factors in computing systems (2006). http://鈥媝eople.鈥媎eas.鈥媓arvard.鈥媏du/鈥媬rachna/鈥媝apers/鈥媤hy_鈥媝hishing_鈥媤orks.鈥媝df.鈥?Cited 11 Nov 2006
    5.Dinev T. (2006). Why spoofing is serious internet fraud. Commun. ACM, 49(10): 76鈥?2 CrossRef
    6.FBI National Press Office: Web 鈥楽poofing鈥?Scams Are a Growing Problem. In: Press Release, Washington D.C. (2003) http://鈥媤ww.鈥媐bi.鈥媑ov/鈥媝ressrel/鈥媝ressrel03/鈥媠poofing072103.鈥媓tm.鈥?Cited 10 Nov 2006
    7.Gartner Inc.: Gartner survey shows frequent data security lapses and increased cyber attacks damage consumer trust in online commerce (2005). http://鈥媤ww.鈥媑artner.鈥媍om/鈥媝ress_鈥媟eleases/鈥媋sset_鈥?29754_鈥?1.鈥媓tml Cited 22 November 2006
    8.Google: Google safe browsing (2006). http://鈥媤ww.鈥媑oogle.鈥媍om/鈥媠upport/鈥媐irefox/鈥媌in/鈥媠tatic.鈥媝y?鈥媝age=鈥媐eatures.鈥媓tml&鈥媣=鈥?.鈥?f.鈥?Cited 10 Oct 2006
    9.Gutmann P., Grigg I. (2005). Security usability. Secur. Priv. Mag. IEEE, 3(4): 56鈥?8 CrossRef
    10.Jakobsson, M.: Modeling and preventing phishing attacks. In: Phishing panel of financial cryptography (2005). http://鈥媤ww.鈥媔nformatics.鈥媔ndiana.鈥媏du/鈥媘arkus/鈥媝apers/鈥媝hishing_鈥媕akobsson.鈥媝df.鈥?Cited 1 Nov 2006
    11.Jakobsson, M., Ratkiewicz, J.: Designing ethical phishing experiments: a study of (ROT13) rOnl auction query features. In: Proceedings of the 15th annual World Wide Web conference, pp. 513鈥?22 (2006)
    12.Li, L., Helenius, M.: Anti-phishing IEPlug (2006). http://鈥媤ww.鈥媍s.鈥媢ta.鈥媐i/鈥媬ll79452/鈥媋p.鈥媓tml.鈥?Cited 1 Sep 2006
    13.Netcraft: Netcraft anti-phishing toolbar (2006). http://鈥媡oolbar.鈥媙etcraft.鈥媍om/鈥?鈥?Cited 18 November 2006
    14.Nielsen, J.: Heuristic evaluation online writings (1994). http://鈥媤ww.鈥媢seit.鈥媍om/鈥媝apers/鈥媓euristic/鈥?鈥?Cited 18 October 2006
    15.Pierotti, D.: Usability techniques: heuristic evaluation鈥攁 system checklist (1998). http://鈥媤ww.鈥媠tcsig.鈥媜rg/鈥媢sability/鈥媡opics/鈥媋rticles/鈥媓e-checklist.鈥媓tml.鈥?Cited 18 October 2006
    16.PhishTank: PhishTank鈥攋oin the fight against phishing (2006). http://鈥媤ww.鈥媝hishtank.鈥媍om/鈥?鈥?Cited 5 Nov 2006
    17.Stop-phishing group (2006). http://鈥媤ww.鈥媔ndiana.鈥媏du/鈥媬phishing/鈥?鈥媝eople=鈥媏xternal.鈥?Cited 20 Oct 2006
    18.Wu, M., Miller, R., Garfinkel, S.: Do security toolbars actually prevent phishing attacks? In: Proceedings of the CHI 2006. 22鈥?7 April 2006 Montr茅al, pp. 601鈥?10 (2006)
    19.Zhang, Y., Egelman, S., Cranor, L., Hong, J.: Phinding Phish: evaluating anti-phishing toolbars. In: Carnegie Mellon University, CyLab Technical Report. CMU-CyLab-06-018 (2006). http://鈥媤ww.鈥媍ylab.鈥媍mu.鈥媏du/鈥媎efault.鈥媋spx?鈥媔d=鈥?255.鈥?Cited 15 Nov 2006
  • 作者单位:Linfeng Li (1)
    Marko Helenius (1)

    1. Department of Computer Sciences, University of Tampere, Kanslerinrinne 1, 33014, Tampere, Finland
  • 刊物类别:Computer Science, general;
  • 刊物主题:Computer Science, general;
  • 出版者:Springer Paris
  • ISSN:2263-8733
文摘
Phishing is considered as one of the most serious threats for the Internet and e-commerce. Phishing attacks abuse trust with the help of deceptive e-mails, fraudulent web sites and malware. In order to prevent phishing attacks some organizations have implemented Internet browser toolbars for identifying deceptive activities. However, the levels of usability and user interfaces are varying. Some of the toolbars have obvious usability problems, which can affect the performance of these toolbars ultimately. For the sake of future improvement, usability evaluation is indispensable. We will discuss usability of five typical anti-phishing toolbars: built-in phishing prevention in the Internet Explorer 7.0, Google toolbar, Netcraft Anti-phishing toolbar and SpoofGuard. In addition, we included Internet Explorer plug-in we have developed, Anti-phishing IEPlug. Our hypothesis was that usability of anti-phishing toolbars, and as a consequence also security of the toolbars, could be improved. Indeed, according to the heuristic usability evaluation, a number of usability issues were found. In this article, we will describe the anti-phishing toolbars, we will discuss anti-phishing toolbar usability evaluation approach and we will present our findings. Finally, we will propose advices for improving usability of anti-phishing toolbars, including three key components of anti-phishing client side applications (main user interface, critical warnings and the help system). For example, we found that in the main user interface it is important to keep the user informed and organize settings accordingly to a proper usability design. In addition, all the critical warnings an anti-phishing toolbar shows should be well designed. Furthermore, we found that the help system should be built to assist users to learn about phishing prevention as well as how to identify fraud attempts by themselves. One result of our research is also a classification of anti-phishing toolbar applications. Linfeng Li is a student at the University of Tampere, Finland. Marko Helenius is Assistant Professor at the Department of Computer Sciences, University of Tampere, Finland.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700