What makes Web sites credible?: a report on a large quantitative study
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Proceedings of the 11th USENIX Security Symposium
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
What do they "indicate?": evaluating security and privacy indicators
interactions - A contradiction in terms?
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Decision strategies and susceptibility to phishing
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Protecting people from phishing: the design and evaluation of an embedded training email system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Improving security decisions with polymorphic and audited dialogs
Proceedings of the 3rd symposium on Usable privacy and security
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish
Proceedings of the 3rd symposium on Usable privacy and security
Fighting phishing at the user interface
Fighting phishing at the user interface
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
iPhish: phishing vulnerabilities on consumer electronics
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Perspectives: improving SSH-style host authentication with multi-path probing
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Timing is everything?: the effects of timing and placement of online privacy indicators
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Security and usability research using a microworld environment
Proceedings of the 11th International Conference on Human-Computer Interaction with Mobile Devices and Services
Adaptive Security Dialogs for Improved Security Behavior of Users
INTERACT '09 Proceedings of the 12th IFIP TC 13 International Conference on Human-Computer Interaction: Part I
Enhancing research into usable privacy and security
Proceedings of the 27th ACM international conference on Design of communication
Mixed-initiative security agents
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Using reinforcement to strengthen users' secure behaviors
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Trained to accept?: a field experiment on consent dialogs
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Investigating an appropriate design for personal firewalls
CHI '10 Extended Abstracts on Human Factors in Computing Systems
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
Teaching Johnny not to fall for phish
ACM Transactions on Internet Technology (TOIT)
Proceedings of the Sixth Symposium on Usable Privacy and Security
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
On the design of a "moody" keyboard
Proceedings of the 8th ACM Conference on Designing Interactive Systems
The Wi-Fi privacy ticker: improving awareness & control of personal information exposure on Wi-Fi
Proceedings of the 12th ACM international conference on Ubiquitous computing
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Ethical concerns in computer security and privacy research involving human subjects
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
On the usability of user interfaces for secure website authentication in browsers
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Does MoodyBoard make internet use more secure?: evaluating an ambient security visualization tool
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Does domain highlighting help people identify phishing sites?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
CHI '11 Extended Abstracts on Human Factors in Computing Systems
Promoting a physical security mental model for personal firewall warnings
CHI '11 Extended Abstracts on Human Factors in Computing Systems
Data type based security alert dialogs
CHI '11 Extended Abstracts on Human Factors in Computing Systems
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Forcing johnny to login safely: long-term user study of forcing and training login mechanisms
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Improving computer security dialogs
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
Shining chrome: using web browser personas to enhance SSL certificate visualization
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
Communications of the ACM
The security cost of cheap user interaction
Proceedings of the 2011 workshop on New security paradigms workshop
An empirical study of visual security cues to prevent the SSLstripping attack
Proceedings of the 27th Annual Computer Security Applications Conference
A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings
Proceedings of the Seventh Symposium on Usable Privacy and Security
Using data type based security alert dialogs to raise online security awareness
Proceedings of the Seventh Symposium on Usable Privacy and Security
Proceedings of the Seventh Symposium on Usable Privacy and Security
Proceedings of the Seventh Symposium on Usable Privacy and Security
The sense of security and a countermeasure for the false sense
SP'11 Proceedings of the 19th international conference on Security Protocols
WebTicket: account management using printable tokens
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Using visual website similarity for phishing detection and reporting
CHI '12 Extended Abstracts on Human Factors in Computing Systems
Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
PKI as part of an integrated risk management strategy for web security
EuroPKI'11 Proceedings of the 8th European conference on Public Key Infrastructures, Services, and Applications
Designing the API for a cryptographic library: a misuse-resistant application programming interface
Ada-Europe'12 Proceedings of the 17th Ada-Europe international conference on Reliable Software Technologies
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
User interface toolkit mechanisms for securing interface elements
Proceedings of the 25th annual ACM symposium on User interface software and technology
Short paper: rethinking permissions for mobile web apps: barriers and the road ahead
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Short paper: location privacy: user behavior in the field
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Why eve and mallory love android: an analysis of android SSL (in)security
Proceedings of the 2012 ACM conference on Computer and communications security
OTO: online trust oracle for user-centric trust establishment
Proceedings of the 2012 ACM conference on Computer and communications security
Towards measuring warning readability
Proceedings of the 2012 ACM conference on Computer and communications security
A usability test of whitelist and blacklist-based anti-phishing application
Proceeding of the 16th International Academic MindTrek Conference
A Value Sensitive Design Investigation of Privacy Enhancing Tools in Web Browsers
Decision Support Systems
Beyond the blacklist: modeling malware spread and the effect of interventions
Proceedings of the 2012 workshop on New security paradigms
Proceedings of the 2012 workshop on New security paradigms
Understanding the weaknesses of human-protocol interaction
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Preventing the revealing of online passwords to inappropriate websites with logininspector
lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
SP'12 Proceedings of the 20th international conference on Security Protocols
ScreenPass: secure password entry on touchscreen devices
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
Supporting visual security cues for WebView-based Android apps
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Pirates of the search results page
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
PhishLive: a view of phishing and malware attacks from an edge router
PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
Towards preventing QR code based attacks on android phone using security warnings
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
TabShots: client-side detection of tabnabbing attacks
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Here's my cert, so trust me, maybe?: understanding TLS errors on the web
Proceedings of the 22nd international conference on World Wide Web
Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure
Proceedings of the 22nd international conference on World Wide Web
Proceedings of the Ninth Symposium on Usable Privacy and Security
Alice in warningland: a large-scale field study of browser security warning effectiveness
SEC'13 Proceedings of the 22nd USENIX conference on Security
Proceedings of International Conference on Advances in Mobile Computing & Multimedia
PhishSafe: leveraging modern JavaScript API's for transparent and robust protection
Proceedings of the 4th ACM conference on Data and application security and privacy
Monitoring web browsing behavior with differential privacy
Proceedings of the 23rd international conference on World wide web
Forcing Johnny to login safely
Journal of Computer Security - Research in Computer Security and Privacy: Emerging Trends
Hi-index | 0.03 |
Many popular web browsers are now including active phishing warnings after previous research has shown that passive warnings are often ignored. In this laboratory study we examine the effectiveness of these warnings and examine if, how, and why they fail users. We simulated a spear phishing attack to expose users to browser warnings. We found that 97% of our sixty participants fell for at least one of the phishing messages that we sent them. However, we also found that when presented with the active warnings, 79% of participants heeded them, which was not the case for the passive warning that we tested---where only one participant heeded the warnings. Using a model from the warning sciences we analyzed how users perceive warning messages and offer suggestions for creating more effective warning messages within the phishing context.