What Instills Trust? A Qualitative Study of Phishing
نویسندگان
چکیده
This paper reports the highlights of a user study which gauges reactions to a variety of common “trust indicators” – such as logos, third party endorsements, and padlock icons – over a selection of authentic and phishing stimuli. In the course of the think-aloud protocol, participants revealed different sensitivities to email messages and web pages. Our principal result is the analysis of what makes phishing emails and web pages appear authentic. This is not only of interest from a pure scientific point of view, but can also guide the design of legitimate material to avoid unnecessary risks. A second result of ours are observations of what makes legitimate content appear dubious to consumers. This is a result with obvious applications to online advertising.
منابع مشابه
HumanBoost: Utilization of Users' Past Trust Decision for Identifying Fraudulent Websites
This paper presents HumanBoost, an approach that aims at improving the accuracy of detecting so-called phishing sites by utilizing users’ past trust decisions (PTDs). Web users are generally required to make trust decisions whenever their personal information is requested by a website. We assume that a database of user PTDs would be transformed into a binary vector, representing phishing or not...
متن کاملDeceit and Deception: A Large User Study of Phishing
This study is a large scale investigation of trust manipulation tactics used by phishing web sites and email messages. The experiment focuses on media authenticity evaluations, rather than content credibility with the assumption that its authors are known. It tests the effect of features ranging from URL plausibility to trust endorsement graphics on a population of 398 subjects. The experiment ...
متن کاملPassword Rescue: A New Approach to Phishing Prevention
A phishing attack exploits both the enormous scale of the web and the fact that users are often enormously confused about what they can trust. Scale allows the phisher to get many responses to his attack, even though the probability of any given user responding is low (it costs the phisher no more to send a million emails than to send one). The enormous confusion about trust allows the phisher ...
متن کاملChapter 5 Anti - Phishing Phil : A Case study in User education
Phishing is a kind of attack in which criminals use spoofed emails and fraudulent web sites to trick people into giving up personal information. Victims perceive these emails as associated with a trusted brand, while in reality they are the work of con artists interested in identity theft [57]. These increasingly sophisticated attacks not only spoof email and web sites, but they can also spoof ...
متن کاملCountermeasures: Social Networks
.tifpng.png‘convert 1 ‘dirname 1‘/‘basename 1 .tif‘.png Phishing is a new category of crime enabled by the lack of verifiable identity information or reliable trust indicators on the web. A phishing attack works when it convinces a person to place trust in a criminally untrustworthy party by masquerading as a trusted party. Better indicators about which parties are trustworthy can enable end us...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007