Spot the phish by checking the pruned URL

Melanie Volkamer, Karen Renaud*, Paul Gerber

*Corresponding author for this work

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

Purpose

Phishing is still a very popular and effective security threat, and it takes, on average, more than a day to detect new phish websites. Protection by purely technical means is hampered by this vulnerability window. During this window, users need to act to protect themselves. To support users in doing so, the paper aims to propose to first make users aware of the need to consult the address bar. Moreover, the authors propose to prune URL displayed in the address bar. The authors report on an evaluation of this proposal.

Design/methodology/approach

The paper opted for an online study with 411 participants, judging 16 websites – all with authentic design: half with legitimate and half with phish URLs. The authors applied four popular widely used types of URL manipulation techniques. The authors conducted a within-subject and between-subject study with participants randomly assigned to one of two groups (domain highlighting or pruning). The authors then tested both proposals using a repeated-measures multivariate analysis of variance.

Findings

The analysis shows a significant improvement in terms of phish detection after providing the hint to check the address bar. Furthermore, the analysis shows a significant improvement in terms of phish detection after the hint to check the address bar for uninitiated participants in the pruning group, as compared to those in the highlighting group.

Research limitations/implications

Because of the chosen research approach, the research results may lack generalisability. Therefore, researchers are encouraged to test the proposed propositions further.

Practical implications

This paper confirms the efficacy of URL pruning and of prompting users to consult the address bar for phish detection.

Originality/value

This paper introduces a classification for URL manipulation techniques used by phishers. We also provide evidence that drawing people’s attention to the address bar makes them more likely to spot phish websites, but does not impair their ability to identify authentic websites.

Original languageEnglish
Pages (from-to)372-385
Number of pages14
JournalInformation and Computer Security
Volume24
Issue number4
DOIs
Publication statusPublished - 1 Jan 2016

Fingerprint

Websites
Web sites
Analysis of variance (ANOVA)
Pruning
Manipulation

Cite this

Volkamer, Melanie ; Renaud, Karen ; Gerber, Paul. / Spot the phish by checking the pruned URL. In: Information and Computer Security. 2016 ; Vol. 24, No. 4. pp. 372-385.
@article{890145527f82473c9d1b1f517e052357,
title = "Spot the phish by checking the pruned URL",
abstract = "PurposePhishing is still a very popular and effective security threat, and it takes, on average, more than a day to detect new phish websites. Protection by purely technical means is hampered by this vulnerability window. During this window, users need to act to protect themselves. To support users in doing so, the paper aims to propose to first make users aware of the need to consult the address bar. Moreover, the authors propose to prune URL displayed in the address bar. The authors report on an evaluation of this proposal.Design/methodology/approachThe paper opted for an online study with 411 participants, judging 16 websites – all with authentic design: half with legitimate and half with phish URLs. The authors applied four popular widely used types of URL manipulation techniques. The authors conducted a within-subject and between-subject study with participants randomly assigned to one of two groups (domain highlighting or pruning). The authors then tested both proposals using a repeated-measures multivariate analysis of variance.FindingsThe analysis shows a significant improvement in terms of phish detection after providing the hint to check the address bar. Furthermore, the analysis shows a significant improvement in terms of phish detection after the hint to check the address bar for uninitiated participants in the pruning group, as compared to those in the highlighting group.Research limitations/implicationsBecause of the chosen research approach, the research results may lack generalisability. Therefore, researchers are encouraged to test the proposed propositions further.Practical implicationsThis paper confirms the efficacy of URL pruning and of prompting users to consult the address bar for phish detection.Originality/valueThis paper introduces a classification for URL manipulation techniques used by phishers. We also provide evidence that drawing people’s attention to the address bar makes them more likely to spot phish websites, but does not impair their ability to identify authentic websites.",
author = "Melanie Volkamer and Karen Renaud and Paul Gerber",
year = "2016",
month = "1",
day = "1",
doi = "10.1108/ICS-07-2015-0032",
language = "English",
volume = "24",
pages = "372--385",
journal = "Information and Computer Security",
issn = "2056-4961",
publisher = "Emerald Group Publishing Ltd.",
number = "4",

}

Spot the phish by checking the pruned URL. / Volkamer, Melanie; Renaud, Karen; Gerber, Paul.

In: Information and Computer Security, Vol. 24, No. 4, 01.01.2016, p. 372-385.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Spot the phish by checking the pruned URL

AU - Volkamer, Melanie

AU - Renaud, Karen

AU - Gerber, Paul

PY - 2016/1/1

Y1 - 2016/1/1

N2 - PurposePhishing is still a very popular and effective security threat, and it takes, on average, more than a day to detect new phish websites. Protection by purely technical means is hampered by this vulnerability window. During this window, users need to act to protect themselves. To support users in doing so, the paper aims to propose to first make users aware of the need to consult the address bar. Moreover, the authors propose to prune URL displayed in the address bar. The authors report on an evaluation of this proposal.Design/methodology/approachThe paper opted for an online study with 411 participants, judging 16 websites – all with authentic design: half with legitimate and half with phish URLs. The authors applied four popular widely used types of URL manipulation techniques. The authors conducted a within-subject and between-subject study with participants randomly assigned to one of two groups (domain highlighting or pruning). The authors then tested both proposals using a repeated-measures multivariate analysis of variance.FindingsThe analysis shows a significant improvement in terms of phish detection after providing the hint to check the address bar. Furthermore, the analysis shows a significant improvement in terms of phish detection after the hint to check the address bar for uninitiated participants in the pruning group, as compared to those in the highlighting group.Research limitations/implicationsBecause of the chosen research approach, the research results may lack generalisability. Therefore, researchers are encouraged to test the proposed propositions further.Practical implicationsThis paper confirms the efficacy of URL pruning and of prompting users to consult the address bar for phish detection.Originality/valueThis paper introduces a classification for URL manipulation techniques used by phishers. We also provide evidence that drawing people’s attention to the address bar makes them more likely to spot phish websites, but does not impair their ability to identify authentic websites.

AB - PurposePhishing is still a very popular and effective security threat, and it takes, on average, more than a day to detect new phish websites. Protection by purely technical means is hampered by this vulnerability window. During this window, users need to act to protect themselves. To support users in doing so, the paper aims to propose to first make users aware of the need to consult the address bar. Moreover, the authors propose to prune URL displayed in the address bar. The authors report on an evaluation of this proposal.Design/methodology/approachThe paper opted for an online study with 411 participants, judging 16 websites – all with authentic design: half with legitimate and half with phish URLs. The authors applied four popular widely used types of URL manipulation techniques. The authors conducted a within-subject and between-subject study with participants randomly assigned to one of two groups (domain highlighting or pruning). The authors then tested both proposals using a repeated-measures multivariate analysis of variance.FindingsThe analysis shows a significant improvement in terms of phish detection after providing the hint to check the address bar. Furthermore, the analysis shows a significant improvement in terms of phish detection after the hint to check the address bar for uninitiated participants in the pruning group, as compared to those in the highlighting group.Research limitations/implicationsBecause of the chosen research approach, the research results may lack generalisability. Therefore, researchers are encouraged to test the proposed propositions further.Practical implicationsThis paper confirms the efficacy of URL pruning and of prompting users to consult the address bar for phish detection.Originality/valueThis paper introduces a classification for URL manipulation techniques used by phishers. We also provide evidence that drawing people’s attention to the address bar makes them more likely to spot phish websites, but does not impair their ability to identify authentic websites.

U2 - 10.1108/ICS-07-2015-0032

DO - 10.1108/ICS-07-2015-0032

M3 - Article

AN - SCOPUS:84992170398

VL - 24

SP - 372

EP - 385

JO - Information and Computer Security

JF - Information and Computer Security

SN - 2056-4961

IS - 4

ER -