1.  Usability study of phishing attacks & browser anti-phishing defenses – extended validation certificate.  27 Users in 3 groups classified 12 web.

Slides:



Advertisements
Similar presentations
Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
Advertisements

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Users Are Not Dependable How to make security indicators that protect them better Min Wu, Simson Garfinkel, Robert Miller MIT Computer Science and Artificial.
Internet Phishing Not the kind of Fishing you are used to.
10/20/2009 Loomi Liao.  The problems  Some anti-phishing solutions  The Web Wallet solutions  The Web Wallet User Interface  User study  Discussion.
1. The VeriSign brand2. Extended Validation SSL
How It Applies In A Virtual World
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007 SSL Security with Alpha Five App Server Protecting sensitive or personal data.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
STAY SAFE ONLINE. STAY SAFE ONLINE! PLEASE MAKE SURE YOU LOGIN AT THE CORRECT BANK URL / ADDRESS 1.NEVER LOGIN VIA LINKS 2.NEVER REVEAL YOUR PIN.
Phishing Rising to the challenge Amy Marasco Microsoft.
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.
Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.
KAIST Web Wallet: Preventing Phishing Attacks by Revealing User Intentions Min Wu, Robert C. Miller and Greg Little Symposium On Usable Privacy and Security.
Web Security Tips Li-Chiou Chen & Mary Long Pace University September 1 st, 2010.
Reliability & Desirability of Data
Anti-Phishing Approaches Lifeng Hu
An Empirical Study of Visual Security Cues to Prevent the SSLstripping Attack Dongwan Shin and Rodrigo Lopes In Proc. 27 th Annual Computer Security Applications.
PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…
Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.
Internet and Social Media Security. Outline Statistics Facebook Hacking and Security Data Encryption Cell Phone Hacking.
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.
Phishing A practical case study. What is phishing? Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details.
How Phishing Works Prof. Vipul Chudasama.
The spoofed . The spoofing The link appears as (i.e NOODLEBANK.com) But actually it links to
A Quick Insight Paper about phishing attacks based on usability study Users required to classify websites as fraudulent/legitimate using security tools.
Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.
An Evaluation Of Extended Validation and Picture-in-Picture Phishing Attacks Presented by Hui (Henry) Fang Collin Jackson, Daniel R. Simon, Desney S. Tan,
C MU U sable P rivacy and S ecurity Laboratory Protecting People from Phishing: The Design and Evaluation of an Embedded Training.
Web SecurityIdentity Verification Services Signing Services Enterprise Security © 2007 GeoTrust, Inc. All rights reserved. How SSL is Changing to Increase.
An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks Collin Jackson et. all Presented by Roy Ford.
Slide 1 Phishing s CS 142 Lecture Notes: Security Attacks: Phishing.
PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.
Sybil Attacks VS Identity Clone Attacks in Online Social Networks Lei Jin, Xuelian Long, Hassan Takabi, James B.D. Joshi School of Information Sciences.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
“What the is That? Deception and Countermeasures in the Android User Interface” Presented by Luke Moors.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
The Secure Modern Desktop Keeping the Phish in the Sea.
WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE.
Agenda Spoofing Types of Spoofing o IP Spoofing o URL spoofing o Referrer spoofing o Caller ID spoofing o Address Spoofing.
Presentation By :- Krishna Sai Mulpuri
    Customer Profile: If you have tech savvy customers, having your site secured for mobile users is recommended. Business Needs: With the growing number.
Setting and Upload Products
presented by: Lingzi Hong
Social Engineering Charniece Craven COSC 316.
Simple Authentication for the Web
ISYM 540 Current Topics in Information System Management
Phishing is a form of social engineering that attempts to steal sensitive information.
How to Check if a site's connection is secure ?
Protect Your Computer Against Harmful Attacks!
IT Security awareness Training.
Information Technology Services Education and Awareness Team
Starter What is identity theft?
CS 142 Lecture Notes: Security Attacks: Phishing
CS 142 Lecture Notes: Security Attacks: Phishing
CS 142 Lecture Notes: Security Attacks: Phishing
Computer Security.
Teaching you NOT to fall for Phish
Information Technology Services Education and Awareness Team
Introduction to Let’s Encrypt
Chapter 9: Configuring Internet Explorer
Presentation transcript:

1

 Usability study of phishing attacks & browser anti-phishing defenses – extended validation certificate.  27 Users in 3 groups classified 12 web sites as fraudulent or legitimate using browser indicators.  Picture-in-picture attacks as effective as the homograph attack.  Extended validation did not help users identify either attack.  Reading help file makes real & fake websites seem legitimate when no phishing warning appears. 2 pgup014

 What are Phishing Attacks?  + Victim + Deceptive website login = Stolen info  Picture-in-Picture attack  Homograph attack vs. 3 pgup014

 Commercially available Security toolbars  HTTPS encryption (HTTP + SSL/TLS encryption)  Normal certificates – only indicates owner controls a domain name.  Extended validation certificates – also attest to the identity of a legitimate business 4 pgup014

 Familiarized users with 2 real websites. Classify random sequence of 12 websites as real or fake.  Divided 27 users into 3 groups:  Trained - about Extended Validation certificates & read IE 7 help file about address bar  Untrained – just shown Extended Validation certificates but no training  Controlled – Not shown extended validation certificates  Measured effect of:  extended validation certificates only at legitimate sites and  Reading a help file about security features in IE 7. 5 pgup014

6

 Untrained extended validation group performed similarly to the control group on all tasks  Across all groups: picture-in-picture attacks were as effective as the homograph attack.  Extended validation did not help users identify either attack  When NO phishing warnings appear - trained participants more likely to classify both real AND fake web sites as legitimate. 7 pgup014

 They say “extended validation could becomemore effective over time as it is adopted by more financial web sites and public awareness grows.“  Although at the time of study (September 2006) they did not observe that it had a significant effect on user behaviour.  No point stated on HOW extended validation could be a potential.  Instead stated wide spread use of extended validation is vulnerable to imitate its trust indicator. 8 pgup014

 Authors mentioned “participants were invited to participate in a study involving “usability of online banking,” but were not told ahead of time that the study involved security.”  Many real attacks exploit psychology as much as technology.  I believe results were not affected by such factors:  Paranoia from participants.  External learning about online security. 9 pgup014

 Is it advancement of a security mechanism OR  Users perception of a security mechanism over time that proves that given security mechanism is effective?  Thanks! 10 pgup014

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.