Design rules based on analyses of human error
Communications of the ACM
What makes Web sites credible?: a report on a large quantitative study
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Gathering evidence: use of visual security cues in web browsers
GI '05 Proceedings of Graphics Interface 2005
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
What do they "indicate?": evaluating security and privacy indicators
interactions - A contradiction in terms?
An Antiphishing Strategy Based on Visual Similarity Assessment
IEEE Internet Computing
Decision strategies and susceptibility to phishing
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
The methodology and an application to fight against Unicode attacks
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Web wallet: preventing phishing attacks by revealing user intentions
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Protecting people from phishing: the design and evaluation of an embedded training email system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Security user studies: methodologies and best practices
CHI '07 Extended Abstracts on Human Factors in Computing Systems
Cantina: a content-based approach to detecting phishing web sites
Proceedings of the 16th international conference on World Wide Web
Tracking website data-collection and privacy practices with the iWatch web crawler
Proceedings of the 3rd symposium on Usable privacy and security
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish
Proceedings of the 3rd symposium on Usable privacy and security
Examining the impact of website take-down on phishing
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Evaluating a trial deployment of password re-use for phishing prevention
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Behavioral response to phishing risk
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
A comparison of machine learning techniques for phishing detection
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
ACM SIGACT News
Itrustpage: a user-assisted anti-phishing tool
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
International Journal of Applied Cryptography
Sesame: informing user security decisions with system visualization
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Proceedings of the 7th symposium on Identity and trust on the Internet
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Using salience differentials to making visual cues noticeable
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
iPhish: phishing vulnerabilities on consumer electronics
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
RUST: a retargetable usability testbed for website authentication technologies
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
A user study design for comparing the security of registration protocols
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Security and identification indicators for browsers against spoofing and phishing attacks
ACM Transactions on Internet Technology (TOIT)
Analyzing websites for user-visible security design flaws
Proceedings of the 4th symposium on Usable privacy and security
Phishwish: A Stateless Phishing Filter Using Minimal Rules
Financial Cryptography and Data Security
Threat Modelling in User Performed Authentication
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Involuntary Information Leakage in Social Network Services
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
There is no free phish: an analysis of "free" and live phishing kits
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
Trust modelling for online transactions: a phishing scenario
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Timing is everything?: the effects of timing and placement of online privacy indicators
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
"When I am on Wi-Fi, I am fearless": privacy concerns & practices in eeryday Wi-Fi use
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Fraudulent and malicious sites on the web
Applied Intelligence
E-Mail Classification for Phishing Defense
ECIR '09 Proceedings of the 31th European Conference on IR Research on Advances in Information Retrieval
Security and usability: the gap in real-world online banking
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Enhancing research into usable privacy and security
Proceedings of the 27th ACM international conference on Design of communication
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Investigating user account control practices
CHI '10 Extended Abstracts on Human Factors in Computing Systems
Detecting visually similar Web pages: Application to phishing detection
ACM Transactions on Internet Technology (TOIT)
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
Teaching Johnny not to fall for phish
ACM Transactions on Internet Technology (TOIT)
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Phishing IQ tests measure fear, not ability
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Exposing homograph obfuscation intentions by coloring unicode strings
APWeb'08 Proceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development
Mitigating man in the middle attack over secure sockets layer
IMSAA'09 Proceedings of the 3rd IEEE international conference on Internet multimedia services architecture and applications
Intelligent phishing detection system for e-banking using fuzzy data mining
Expert Systems with Applications: An International Journal
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
OpenIDemail enabled browser: towards fixing the broken web single sign-on triangle
Proceedings of the 6th ACM workshop on Digital identity management
A billion keys, but few locks: the crisis of web single sign-on
Proceedings of the 2010 workshop on New security paradigms
Identifying and resolving hidden text salting
IEEE Transactions on Information Forensics and Security
Informing security indicator design in web browsers
Proceedings of the 2011 iConference
Does MoodyBoard make internet use more secure?: evaluating an ambient security visualization tool
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Augmenting web pages and search results to support credibility assessment
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Does domain highlighting help people identify phishing sites?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
F for fake: four studies on how we fall for phish
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Data type based security alert dialogs
CHI '11 Extended Abstracts on Human Factors in Computing Systems
Using one-time passwords to prevent password phishing attacks
Journal of Network and Computer Applications
An efficient phishing webpage detector
Expert Systems with Applications: An International Journal
Interface design elements for anti-phishing systems
DESRIST'11 Proceedings of the 6th international conference on Service-oriented perspectives in design science research
Evaluating a semisupervised approach to phishing url identification in a realistic scenario
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Forcing johnny to login safely: long-term user study of forcing and training login mechanisms
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Improving computer security dialogs
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
Shining chrome: using web browser personas to enhance SSL certificate visualization
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
Communications of the ACM
Journal of Management Information Systems
The security cost of cheap user interaction
Proceedings of the 2011 workshop on New security paradigms workshop
An empirical study of visual security cues to prevent the SSLstripping attack
Proceedings of the 27th Annual Computer Security Applications Conference
A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings
Proceedings of the Seventh Symposium on Usable Privacy and Security
Using data type based security alert dialogs to raise online security awareness
Proceedings of the Seventh Symposium on Usable Privacy and Security
Proceedings of the Seventh Symposium on Usable Privacy and Security
What makes users refuse web single sign-on?: an empirical investigation of OpenID
Proceedings of the Seventh Symposium on Usable Privacy and Security
TrustSplit: usable confidentiality for social network messaging
Proceedings of the 23rd ACM conference on Hypertext and social media
Using automated individual white-list to protect web digital identities
Expert Systems with Applications: An International Journal
Use of ratings from personalized communities for trustworthy application installation
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Why trust seals don't work: a study of user perceptions and behavior
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
A usability test of whitelist and blacklist-based anti-phishing application
Proceeding of the 16th International Academic MindTrek Conference
A Value Sensitive Design Investigation of Privacy Enhancing Tools in Web Browsers
Decision Support Systems
Understanding the weaknesses of human-protocol interaction
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Preventing the revealing of online passwords to inappropriate websites with logininspector
lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
Sophisticated phishers make more spelling mistakes: using URL similarity against phishing
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Applying clustering and ensemble clustering approaches to phishing profiling
AusDM '09 Proceedings of the Eighth Australasian Data Mining Conference - Volume 101
ScreenPass: secure password entry on touchscreen devices
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
Supporting visual security cues for WebView-based Android apps
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Pirates of the search results page
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
TabShots: client-side detection of tabnabbing attacks
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
SAuth: protecting user accounts from password database leaks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Investigating Users’ Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
ACM Transactions on Internet Technology (TOIT)
Alice in warningland: a large-scale field study of browser security warning effectiveness
SEC'13 Proceedings of the 22nd USENIX conference on Security
PhishSafe: leveraging modern JavaScript API's for transparent and robust protection
Proceedings of the 4th ACM conference on Data and application security and privacy
International Journal of Human-Computer Studies
Forcing Johnny to login safely
Journal of Computer Security - Research in Computer Security and Privacy: Emerging Trends
| Hi-index | 0.03 |
Security toolbars in a web browser show security-related information about a website to help users detect phishing attacks. Because the toolbars are designed for humans to use, they should be evaluated for usability -- that is, whether these toolbars really prevent users from being tricked into providing personal information. We conducted two user studies of three security toolbars and other browser security indicators and found them all ineffective at preventing phishing attacks. Even though subjects were asked to pay attention to the toolbar, many failed to look at it; others disregarded or explained away the toolbars' warnings if the content of web pages looked legitimate. We found that many subjects do not understand phishing attacks or realize how sophisticated such attacks can be.