Analysis of publicly available anti-phishing webpages: contradicting information, lack of concrete advice and very narrow attack vector

Mattia Mossano, Kami Vaniea, Lukas Aldag, Reyhan Duzgun, Peter Mayer, Melanie Volkamer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Phishing is currently one of the biggest threats in cybersecurity for both the business and the private contexts. A large percentage of phishing attacks are blocked by automated technical solutions, but unfortunately there is often a delay between when phishing emails enter inboxes and when the technical solutions are able to detect and filter them out. To close this gap, it is common practice for companies to implement mandatory phishing awareness measures for their employees. But what about the private context? We aimed at answering that question by analysing 94 anti-phishing webpages from eight different countries and four organisation types. Our analysis revealed not only contradicting recommendations, but also that most of them are rather abstract (e.g. check the URL before clicking on the link without telling what to look for) and lack guidance on advanced phishing techniques (e.g. clone phishing). We discuss the problems faced by readers of these webpages and outline both immediate recommendations to the web designer and ways forward to improve the current situation as future work.
Original languageEnglish
Title of host publication2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages130-139
Number of pages10
ISBN (Electronic)978-1-7281-8597-2
ISBN (Print)978-1-7281-8598-9
DOIs
Publication statusPublished - 22 Oct 2020
Event5th European Workshop on Usable Security - Virtual workshop, Italy
Duration: 7 Sep 20207 Sep 2020
https://eusec20.cs.uchicago.edu/

Workshop

Workshop5th European Workshop on Usable Security
Abbreviated titleEuroUSEC 2020
Country/TerritoryItaly
CityVirtual workshop
Period7/09/207/09/20
Internet address

Keywords

  • phishing
  • user awareness
  • anti-phishing recommendations
  • anti-phishing material

Fingerprint

Dive into the research topics of 'Analysis of publicly available anti-phishing webpages: contradicting information, lack of concrete advice and very narrow attack vector'. Together they form a unique fingerprint.

Cite this