A usability test of whitelist and blacklist-based anti-phishing application

Authors:
Linfeng Li;Marko Helenius;Eleni Berki
Affiliations:
University of Tampere, Kanslerinrinne, Tampere, Finland;Tampere University of Technology, Korkeakoulunkatu, Tampere, Finland;University of Tampere, Kanslerinrinne, Tampere, Finland
Venue:
Proceeding of the 16th International Academic MindTrek Conference
Year:
2012

Citing 12
Cited 0

The "magic number 5": is it enough for web testing?

CHI '03 Extended Abstracts on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Designing ethical phishing experiments: a study of (ROT13) rOnl query features

Proceedings of the 15th international conference on World Wide Web
Web wallet: preventing phishing attacks by revealing user intentions

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Usability testing: what have we overlooked?

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
You've been warned: an empirical study of the effectiveness of web browser phishing warnings

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Using reinforcement to strengthen users' secure behaviors

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Does MoodyBoard make internet use more secure?: evaluating an ambient security visualization tool

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Does domain highlighting help people identify phishing sites?

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
F for fake: four studies on how we fall for phish

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The state of phishing attacks

Communications of the ACM

Quantified Score

Hi-index	0.00

Visualization

Abstract

Anti-phishing tools on a web browser warn about spoofing pages or/and prompt to essential and necessary information that assists users to identify spoofing and potentially harmful pages. In order to discover how well users can identify phishing pages with these tools after they understand how the tools work, we designed and conducted usability tests for two detection mechanisms of anti-phishing tools: the blacklist-based and whitelist-based anti-phishing toolbars. As a result, we report that no significant performance differences between the blacklist-based and whitelist-based applications were found; but some other interesting findings and observations were collected. The most valuable observation is that due to the deficiency of existing web identities on the web pages and web browsers, e.g. abstract and professional web page security certificate information, anti-phishing toolbars need to be more illustrative and instructional in order to assist users to find reliable information for identifying the authenticity of the content on the web pages.