2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) 2019
DOI: 10.1109/eurospw.2019.00027
|View full text |Cite
|
Sign up to set email alerts
|

A Review of Human- and Computer-Facing URL Phishing Features

Abstract: When detecting phishing websites, both humans and computers rely on aspects of the website (features) to aid in their decision making. In this work, we conduct a review of URL-based phishing features that appear in publications targeting humanfacing and automated anti-phishing approaches. We focus on both humans and computers to obtain a more comprehensive feature list and create a cross-community foundation for future research. We reviewed 94 papers and categorise their features into: lexical, host, rank, red… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
19
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
5
3

Relationship

3
5

Authors

Journals

citations
Cited by 33 publications
(19 citation statements)
references
References 98 publications
(283 reference statements)
0
19
0
Order By: Relevance
“…In future work we would be interested to see how consistent the results are with participant-owned equipment in their own homes as the increased adoption of new technologies means that many households will likely have access to VR in the near future [22], but we were concerned that doing so here might add unnecessary variance. We used in-VR questionnaires to ensure a consistent VR experience and not break participants' focus [5,81], doing so also makes the methodology more applicable to potential future studies running fully remotely. The recruitment of the usability study considered the same user profiles as the original real-world study [52], i.e., users with normal/corrected-to-normal vision and no prior experience with cue-based authentication.…”
Section: Overview Of Studiesmentioning
confidence: 99%
“…In future work we would be interested to see how consistent the results are with participant-owned equipment in their own homes as the increased adoption of new technologies means that many households will likely have access to VR in the near future [22], but we were concerned that doing so here might add unnecessary variance. We used in-VR questionnaires to ensure a consistent VR experience and not break participants' focus [5,81], doing so also makes the methodology more applicable to potential future studies running fully remotely. The recruitment of the usability study considered the same user profiles as the original real-world study [52], i.e., users with normal/corrected-to-normal vision and no prior experience with cue-based authentication.…”
Section: Overview Of Studiesmentioning
confidence: 99%
“…One of the most effective methods of determining if an e-mail is legitimate or not is looking at the embedded links and comparing the domain of the URLs to the one expected from the organisation supposedly sending the email [5]. Unfortunately, users are currently not very skilled at doing such comparisons unaided [3], [5], [31], [56]. These results might be not too surprising, as information on how to check for the destination of a link before clicking it or how to check the domain of a webpage before entering sensitive data was missing completely from almost all of the analysed webpages.…”
Section: Discussionmentioning
confidence: 99%
“…To do so, we started with a grid-based report structure inspired by the Privacy Nutrition Labels work by Kelly et al [38]. The grid presents the user with information about the URL, drawn from existing research on the URL features that are likely to be the most useful to humans [5], and is annotated with explanations aimed at helping users interpret the information. We then iterated on its design with the assistance of 8 focus groups consisting of end users, security experts, and design experts to simplify the interface and improve the explanation of features.…”
Section: Take Down Policymentioning
confidence: 99%
“…In a review of URL phishing features used by humans and by automated systems, Althobaiti et al [5] observed that the domain part of the URL is the most used feature in human-based detection because they can compare it against their expectations. It is less useful for computers because the computer has to guess if the URL matches the content of the communication.…”
Section: Deciding If a Url Goes Where The User Thinks It Goesmentioning
confidence: 99%
See 1 more Smart Citation