In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019)
Title: Phishing Attack Recognition by End-Users: Concepts for URL Visualization and Implementation
Author(s): Vivian Ives Philipp Erbenich, Daniel Träder, Andreas Heinemann, Meltem Nural
Keywords: Phishing, URL Pruning, URL Visualization, Security Warning, Usable Security
Abstract: Social engineering, through means of phishing, is a very popular entry point for a targeted attack in order to obtain further data on a company or private individual, e.g. by injecting malware on the victim’s machine. A phishing attack that leads to a malicious website can usually be identified by the HTTP link with expert knowledge. However, only very few users pay attention to the link or have the necessary knowledge to recognize a threat as such. This work addresses the question of how current link visualization could be improved so that a user can better identify whether the link points to a phishing site or a legitimate site. Additionally, we also address the question of how our proposed link concepts can be put into practice. As an improvement, the outer shape of a link will be adapted by content-based formatting, trimming and other features. The user will thus be able to interactively explore a URL and its components in order to gain a better decision. As a next step, we plan to evaluate our concepts in a controlled lab environment with few test persons as well as by a large-scale online user-study.
Download count: 418
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.