Spot the phish by checking the pruned URL. (10th October 2016)
- Record Type:
- Journal Article
- Title:
- Spot the phish by checking the pruned URL. (10th October 2016)
- Main Title:
- Spot the phish by checking the pruned URL
- Authors:
- Volkamer, Melanie
Renaud, Karen
Gerber, Paul - Abstract:
- Abstract : Purpose: Phishing is still a very popular and effective security threat, and it takes, on average, more than a day to detect new phish websites. Protection by purely technical means is hampered by this vulnerability window. During this window, users need to act to protect themselves. To support users in doing so, the paper aims to propose to first make users aware of the need to consult the address bar. Moreover, the authors propose to prune URL displayed in the address bar. The authors report on an evaluation of this proposal. Design/methodology/approach: The paper opted for an online study with 411 participants, judging 16 websites – all with authentic design: half with legitimate and half with phish URLs. The authors applied four popular widely used types of URL manipulation techniques. The authors conducted a within-subject and between-subject study with participants randomly assigned to one of two groups (domain highlighting or pruning). The authors then tested both proposals using a repeated-measures multivariate analysis of variance. Findings: The analysis shows a significant improvement in terms of phish detection after providing the hint to check the address bar. Furthermore, the analysis shows a significant improvement in terms of phish detection after the hint to check the address bar for uninitiated participants in the pruning group, as compared to those in the highlighting group. Research limitations/implications: Because of the chosen researchAbstract : Purpose: Phishing is still a very popular and effective security threat, and it takes, on average, more than a day to detect new phish websites. Protection by purely technical means is hampered by this vulnerability window. During this window, users need to act to protect themselves. To support users in doing so, the paper aims to propose to first make users aware of the need to consult the address bar. Moreover, the authors propose to prune URL displayed in the address bar. The authors report on an evaluation of this proposal. Design/methodology/approach: The paper opted for an online study with 411 participants, judging 16 websites – all with authentic design: half with legitimate and half with phish URLs. The authors applied four popular widely used types of URL manipulation techniques. The authors conducted a within-subject and between-subject study with participants randomly assigned to one of two groups (domain highlighting or pruning). The authors then tested both proposals using a repeated-measures multivariate analysis of variance. Findings: The analysis shows a significant improvement in terms of phish detection after providing the hint to check the address bar. Furthermore, the analysis shows a significant improvement in terms of phish detection after the hint to check the address bar for uninitiated participants in the pruning group, as compared to those in the highlighting group. Research limitations/implications: Because of the chosen research approach, the research results may lack generalisability. Therefore, researchers are encouraged to test the proposed propositions further. Practical implications: This paper confirms the efficacy of URL pruning and of prompting users to consult the address bar for phish detection. Originality/value: This paper introduces a classification for URL manipulation techniques used by phishers. We also provide evidence that drawing people's attention to the address bar makes them more likely to spot phish websites, but does not impair their ability to identify authentic websites. … (more)
- Is Part Of:
- Information and computer security. Volume 24:Number 4(2016)
- Journal:
- Information and computer security
- Issue:
- Volume 24:Number 4(2016)
- Issue Display:
- Volume 24, Issue 4 (2016)
- Year:
- 2016
- Volume:
- 24
- Issue:
- 4
- Issue Sort Value:
- 2016-0024-0004-0000
- Page Start:
- 372
- Page End:
- 385
- Publication Date:
- 2016-10-10
- Subjects:
- Information security -- Individual behaviour
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-07-2015-0032 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 2268.xml