Two-factor authentication: too little, too late
Communications of the ACM - Transforming China
A convenient method for securely managing passwords
WWW '05 Proceedings of the 14th international conference on World Wide Web
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
An Antiphishing Strategy Based on Visual Similarity Assessment
IEEE Internet Computing
Can machine learning be secure?
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Decision strategies and susceptibility to phishing
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Web wallet: preventing phishing attacks by revealing user intentions
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Cantina: a content-based approach to detecting phishing web sites
Proceedings of the 16th international conference on World Wide Web
Learning to detect phishing emails
Proceedings of the 16th international conference on World Wide Web
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
A usability study and critique of two password managers
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Password rescue: a new approach to phishing prevention
HOTSEC'06 Proceedings of the 1st USENIX Workshop on Hot Topics in Security
Communications of the ACM
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
A comparison of Asian e-government websites quality: using a non-parametric test
International Journal of Business Information Systems
An efficient phishing webpage detector
Expert Systems with Applications: An International Journal
SUT: Quantifying and mitigating URL typosquatting
Computer Networks: The International Journal of Computer and Telecommunications Networking
Phishing detection with popular search engines: simple and effective
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Using automated individual white-list to protect web digital identities
Expert Systems with Applications: An International Journal
Hi-index | 0.00 |
Despite the many solutions proposed by industry and the research community to address phishing attacks, this problem continues to cause enormous damage. Because of our inability to deter phishing attacks, the research community needs to develop new approaches to anti-phishing solutions. Most of today's anti-phishing technologies focus on automatically detecting and preventing phishing attacks. While automation makes anti-phishing tools user-friendly, automation also makes them suffer from false positives, false negatives, and various practical hurdles. As a result, attackers often find simple ways to escape automatic detection. This paper presents iTrustPage - an anti-phishing tool that does not rely completely on automation to detect phishing. Instead, iTrustPage relies on user input and external repositories of information to prevent users from filling out phishing Web forms. With iTrustPage, users help to decide whether or not a Web page is legitimate. Because iTrustPage is user-assisted, iTrustPage avoids the false positives and the false negatives associated with automatic phishing detection. We implemented iTrustPage as a downloadable extension to FireFox. After being featured on the Mozilla website for FireFox extensions, iTrustPage was downloaded by more than 5,000 users in a two week period. We present an analysis of our tool's effectiveness and ease of use based on our examination of usage logs collected from the 2,050 users who used iTrustPage for more than two weeks. Based on these logs, we find that iTrustPage disrupts users on fewer than 2% of the pages they visit, and the number of disruptions decreases over time.