Do security toolbars actually prevent phishing attacks?

Conference on Human Factors in Computing Systems - Proceedings

Volumn 1, Issue , 2006, Pages 601-610

  Wu, Min ^a   Miller, Robert C ^a   Garfinkel, Simson L ^a  

^a MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

E Commerce; User Interface Design; User Study; World Wide Web and Hypermedia

Indexed keywords

COMPUTER AIDED DESIGN; ELECTRONIC CRIME COUNTERMEASURES; INFORMATION RETRIEVAL; SECURITY OF DATA; SECURITY SYSTEMS; WEB BROWSERS; WEBSITES;

SECURITY TOOLBARS; USER INTERFACE DESIGN; USER STUDY; WORLD WIDE WEB AND HYPERMEDIA;

COMPUTER CRIME;

EID: 33745867321     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1124772.1124863     Document Type: Conference Paper

References (24)

1. Anti-Phishing Working Group, eBay - NOTICE eBay Obligatory Verifying - Invalid User Information. March 9, 2004. http://www.antiphishing.org/phishing_archive/eBay_03-09-04.htm
2. Anti-Phishing Working Group. Phishing Activity Trends Report, March 2005. http://antiphishing.org/ APWG_Phishing_Activity_Report_March_2005.pdf
3. Bank, D. 'Spear Phishing' Tests Educate People About Online Scams. The Wall Street Journal. August 17, 2005.
4. BBC News. Passwords revealed by sweet deal. http://news.bbc.co.Uk/l/hi/technology/3639679.stm
5. Chou, N., Ledesma, R., Teraguchi, Y., Mitchell, J.C. Client-Side Defense Against Web-Based Identity Theft, 11th Annual Network and Distributed System Security Symposium (2004).
6. Dhamija, R. Tygar, J.D. The Battle Against Phishing: Dynamic Security Skins. Symposium on Usable Privacy and Security (2005), pp. 77-88.
7. eBay Toolbar and Account Guard. http://pages. ebay.com/help/confidence/account-guard.html
8. Emigh, A. Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures. ITTC Report on Online Identity Theft Technology and Countermeasures. October 3, 2005. http://www.antiphishing.org/Phishing-dhs-report.pdf
9. Federal Bureau of Investigation, Department of Justice. FBI Says Web 'Spoofing' Scams are a Growing Problem. 2003. http://www.fbi.gov/pressrel/pressrel03/spoofing072103.htm
10. Fluendy, S. Phishing targeting online outlets. Computer Crime Research Center. March 16, 2005. http://www.crime-research.org/news/03.16.2005/1050/
11. Fogg, B.J, et al. What makes Web sites credible?: a report on a large quantitative study. CHI2001, pp. 61-68.
12. Google Safe Browsing for Firefox. 2005. http://www.google.com/tools/firefox/safebrowsing/.
13. Herzberg, A., Gbara, A. TrustBar: Protecting (even Naïve) Web Users from Spoofing and Phishing Attacks. 2004. http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm.
14. Jagatic, T., Johnson, N., Jakobsson, M., Menczer, F. Social Phishing. School of Informatics & Dept. of Computer Science, Indiana University. 2005. http://informatics.indiana.edu/fil/Net/social_phishing.pdf
15. Leyden, J. US phishing losses hit 5500m. The Register. September 29, 2004.
16. Netcraft Toolbar. 2004. http://toolbar.netcraft.com/.
17. Norman, D. A. Design rules based on analyses of human error. CACM, v26 n4 (April 1983), pp. 254-258.
18. PassMark. 2005. http://www.passmarksecurity.com/.
19. Sharif, T. Phishing Filter in IE7, September 9, 2006. http://blogs.msdn.com/ie/archive/2005/09/09/463204.aspx
20. SpoofStick. 2004. http://www.spoofstick.com/.
21. Sullivan, B. Consumers still falling for phish. MSNBC. July 28, 2004. http://www.msnbc.msn.com/id/5519990/
22. Whalen, T., Inkpen, K. Gathering Evidence: Use of Visual Security Cues in Web Browsing. Graphics Interface 2005.
23. Whitten, A., Tygar, J.D. Why Johnny Can't Encrypt: A Usability Evaluation of POP 5.0. 8th Usenix Security Symposium, 1999, pp. 169-184.
24. Wu, M., Garfinkel, S., Miller, R. Secure Web Authentication with Mobile Phones. DIMACS Workshop on Usable Privacy and Security Software, 2004.