Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Evaluation Of Extended Validation and Picture-in-Picture Phishing Attacks Presented by Hui (Henry) Fang Collin Jackson, Daniel R. Simon, Desney S. Tan,

Published byLiliana Preston Modified over 9 years ago

Similar presentations

Presentation on theme: "An Evaluation Of Extended Validation and Picture-in-Picture Phishing Attacks Presented by Hui (Henry) Fang Collin Jackson, Daniel R. Simon, Desney S. Tan,"— Presentation transcript:

1 An Evaluation Of Extended Validation and Picture-in-Picture Phishing Attacks Presented by Hui (Henry) Fang Collin Jackson, Daniel R. Simon, Desney S. Tan, and Adam Barth Financial Cryptography and Data Security, 2007

2 Certificates 1. Normal Certificate Domain name 2. Extended Validation Certificate Domain name Identity of a legitimate business

3 Homograph Attack Similar domain names It may be Https enabled https://www.bankofthevvest.com/

4 Picture-in-Picture Attack Mismatched chrome Focus Dragging Maximizing

5 Experiment Design Before the task – Familiarization (Play with two real web sites)

6 Experiment Design Real site Real, but confusing, site Homograph attack Homograph with warming Picture-in-Picture attack Mismatched Picture-in-Picture attack IP address blocked by phishing filter During the task – 12 web sites (randomly)

7 Study Result

8 Findings Picture-in-Picture attacks were as effective as homograph attacks Extended validation did not help users defend against either attack Extended validation did not help untrained users classify a legitimate site Training caused more real and fraudulent sites to be classified as legitimate site

9 Appreciation Experiment Design: Participants were divided into three groups for comparison.

10 Criticism The number of participants was very small – 27 participants only. The task involved 7 types of websites, and 12 websites were tested. But we don’t know the distribution of those 12 websites.

11 Question Does the Picture-in-Picture attack work in mobile browsers ? What improvements we can make to browsers in order to defend against Picture-in-Picture attack ?

Download ppt "An Evaluation Of Extended Validation and Picture-in-Picture Phishing Attacks Presented by Hui (Henry) Fang Collin Jackson, Daniel R. Simon, Desney S. Tan,"

Similar presentations

Browser Security Modes Alex Crowell and James Kasten.

Browser Security Modes Alex Crowell and James Kasten.
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2015/7/181Data Mining & Machine Learning Lab.

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.

Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.

C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
10/20/2009 Loomi Liao.  The problems  Some anti-phishing solutions  The Web Wallet solutions  The Web Wallet User Interface  User study  Discussion.

10/20/2009 Loomi Liao.  The problems  Some anti-phishing solutions  The Web Wallet solutions  The Web Wallet User Interface  User study  Discussion.
Does Domain Highlighting Help People Identify Phishing Sites? Eric Lin, Saul Greenberg Eileah Trotter, David Ma & John Aycock University of Calgary.

Does Domain Highlighting Help People Identify Phishing Sites? Eric Lin, Saul Greenberg Eileah Trotter, David Ma & John Aycock University of Calgary.
Detecting Fraudulent Clicks From BotNets 2.0 Adam Barth Joint work with Dan Boneh, Andrew Bortz, Collin Jackson, John Mitchell, Weidong Shao, and Elizabeth.

Detecting Fraudulent Clicks From BotNets 2.0 Adam Barth Joint work with Dan Boneh, Andrew Bortz, Collin Jackson, John Mitchell, Weidong Shao, and Elizabeth.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Beware of Finer-Grained Origins

Beware of Finer-Grained Origins
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
STAY SAFE ONLINE. STAY SAFE ONLINE! PLEASE MAKE SURE YOU LOGIN AT THE CORRECT BANK URL / ADDRESS 1.NEVER LOGIN VIA EMAIL LINKS 2.NEVER REVEAL YOUR PIN.

STAY SAFE ONLINE. STAY SAFE ONLINE! PLEASE MAKE SURE YOU LOGIN AT THE CORRECT BANK URL / ADDRESS 1.NEVER LOGIN VIA LINKS 2.NEVER REVEAL YOUR PIN.
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

Similar presentations

Ads by Google