Proceedings of the 11th USENIX Security Symposium
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
An Antiphishing Strategy Based on Visual Similarity Assessment
IEEE Internet Computing
Lightweight encryption for email
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Fighting phishing at the user interface
Fighting phishing at the user interface
Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover's Distance (EMD)
IEEE Transactions on Dependable and Secure Computing
Security user studies: methodologies and best practices
CHI '07 Extended Abstracts on Human Factors in Computing Systems
Cantina: a content-based approach to detecting phishing web sites
Proceedings of the 16th international conference on World Wide Web
Improving security decisions with polymorphic and audited dialogs
Proceedings of the 3rd symposium on Usable privacy and security
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish
Proceedings of the 3rd symposium on Usable privacy and security
Evaluating a trial deployment of password re-use for phishing prevention
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
A framework for detection and measurement of phishing attacks
Proceedings of the 2007 ACM workshop on Recurring malcode
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
Itrustpage: a user-assisted anti-phishing tool
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Sesame: informing user security decisions with system visualization
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
RUST: a retargetable usability testbed for website authentication technologies
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Method for Evaluating the Security Risk of a Website Against Phishing Attacks
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
Phishwish: A Stateless Phishing Filter Using Minimal Rules
Financial Cryptography and Data Security
Anti-phishing based on automated individual white-list
Proceedings of the 4th ACM workshop on Digital identity management
There is no free phish: an analysis of "free" and live phishing kits
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
E-Mail Classification for Phishing Defense
ECIR '09 Proceedings of the 31th European Conference on IR Research on Advances in Information Retrieval
A Personal Information Protection Model for Web Applications by Utilizing Mobile Phones
Proceedings of the 2008 conference on Information Modelling and Knowledge Bases XIX
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
TruWallet: trustworthy and migratable wallet-based web authentication
Proceedings of the 2009 ACM workshop on Scalable trusted computing
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
A sense of security in pervasive computing: is the light on when the refrigerator door is closed?
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Rootkits for JavaScript environments
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
OpenIDemail enabled browser: towards fixing the broken web single sign-on triangle
Proceedings of the 6th ACM workshop on Digital identity management
A billion keys, but few locks: the crisis of web single sign-on
Proceedings of the 2010 workshop on New security paradigms
Using one-time passwords to prevent password phishing attacks
Journal of Network and Computer Applications
What makes users refuse web single sign-on?: an empirical investigation of OpenID
Proceedings of the Seventh Symposium on Usable Privacy and Security
Proceedings of the Seventh Symposium on Usable Privacy and Security
TruWalletM: secure web authentication on mobile platforms
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Virtualization based password protection against malware in untrusted operating systems
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
A quantitative approach to estimate a website security risk using whitelist
Security and Communication Networks
A usability test of whitelist and blacklist-based anti-phishing application
Proceeding of the 16th International Academic MindTrek Conference
BetterAuth: web authentication revisited
Proceedings of the 28th Annual Computer Security Applications Conference
Preventing the revealing of online passwords to inappropriate websites with logininspector
lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
Proceedings of the third ACM conference on Data and application security and privacy
Reading the correct history?: modeling temporal intention in resource sharing
Proceedings of the 13th ACM/IEEE-CS joint conference on Digital libraries
PhishSafe: leveraging modern JavaScript API's for transparent and robust protection
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
We introduce a new anti-phishing solution, the Web Wallet. The Web Wallet is a browser sidebar which users can use to submit their sensitive information online. It detects phishing attacks by determining where users intend to submit their information and suggests an alternative safe path to their intended site if the current site does not match it. It integrates security questions into the user's workflow so that its protection cannot be ignored by the user. We conducted a user study on the Web Wallet prototype and found that the Web Wallet is a promising approach. In the study, it significantly decreased the spoof rate of typical phishing attacks from 63% to 7%, and it effectively prevented all phishing attacks as long as it was used. A majority of the subjects successfully learned to depend on the Web Wallet to submit their login information. However, the study also found that spoofing the Web Wallet interface itself was an effective attack. Moreover, it was not easy to completely stop all subjects from typing sensitive information directly into web forms.