Tony Zhaocheng Tan, Anisha Bandhari - Phish or Fish
From Katie Gentilello
views
comments
From Katie Gentilello
Phishing is the first step for many high-profile breaches, such as the Democratic National Convention hack of 2016. The current "solution" to phishing is basically user training; educate them to hover over links in emails, look for strange domain name, choose HTTP instead of HTTPS, watch for grammatical errors, etc., yet when this proves to be ineffective, we blame the user. In this work, we propose to improve the usability/user experience in such self-defense against phishing. Instead of asking users to "remember" to follow the rules, when a user clicks on a link in an email, we automatically present them with a proxy page that displays succinct and necessary information to help the user to make the right decision. Furthermore, to avoid the common fatigue that comes with security related user interfaces (UI), we only ask the user to make a decision for links targeting unpopular sites. Research by Tony Zhaocheng Tan, with Anisha Bandihari and Simon Chung.
https://mediaspace.gatech.edu/media/cyberdd18_phish.mpg/1_wmqmwqm0