Communications of the ACM - Ontology: different ways of representing the same concept
A convenient method for securely managing passwords
WWW '05 Proceedings of the 14th international conference on World Wide Web
ACM Transactions on Information and System Security (TISSEC)
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Gathering evidence: use of visual security cues in web browsers
GI '05 Proceedings of Graphics Interface 2005
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Cache Cookies for Browser Authentication (Extended Abstract)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
The methodology and an application to fight against Unicode attacks
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Web wallet: preventing phishing attacks by revealing user intentions
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A usability study and critique of two password managers
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
ACM SIGACT News
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
RUST: a retargetable usability testbed for website authentication technologies
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
A user study design for comparing the security of registration protocols
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Security and identification indicators for browsers against spoofing and phishing attacks
ACM Transactions on Internet Technology (TOIT)
Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin Policy
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Exploring User Reactions to New Browser Cues for Extended Validation Certificates
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
There is no free phish: an analysis of "free" and live phishing kits
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
Security and usability: the gap in real-world online banking
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Risks of the CardSpace Protocol
ISC '09 Proceedings of the 12th International Conference on Information Security
Browser interfaces and extended validation SSL certificates: an empirical study
Proceedings of the 2009 ACM workshop on Cloud computing security
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Teaching Johnny not to fall for phish
ACM Transactions on Internet Technology (TOIT)
SSLock: sustaining the trust on entities brought by SSL
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Sensitive data requests: do sites ask correctly?
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Towards understanding ATM security: a field study of real world ATM use
Proceedings of the Sixth Symposium on Usable Privacy and Security
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
On the usability of user interfaces for secure website authentication in browsers
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Informing security indicator design in web browsers
Proceedings of the 2011 iConference
Communications of the ACM
Trusted computing enhanced user authentication with OpenID and trustworthy user interface
International Journal of Internet Technology and Secured Transactions
An empirical study of visual security cues to prevent the SSLstripping attack
Proceedings of the 27th Annual Computer Security Applications Conference
Proceedings of the 2012 ACM conference on Computer and communications security
Measuring SSL indicators on mobile browsers: extended life, or end of the road?
ISC'12 Proceedings of the 15th international conference on Information Security
Protecting sensitive web content from client-side vulnerabilities with CRYPTONS
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
No attack necessary: the surprising dynamics of SSL trust relationships
Proceedings of the 29th Annual Computer Security Applications Conference
Alice in warningland: a large-scale field study of browser security warning effectiveness
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.02 |
In this usability study of phishing attacks and browser antiphishing defenses, 27 users each classified 12 web sites as fraudulent or legitimate. By dividing these users into three groups, our controlled study measured both the effect of extended validation certificates that appear only at legitimate sites and the effect of reading a help file about security features in Internet Explorer 7. Across all groups, we found that picture-in-picture attacks showing a fake browser window were as effective as the best other phishing technique, the homograph attack. Extended validation did not help users identify either attack. Additionally, reading the help file made users more likely to classify both real and fake web sites as legitimate when the phishing warning did not appear.