KIT | KIT-Bibliothek | Impressum | Datenschutz

Analysis of publicly available anti-phishing webpages: contradicting information, lack of concrete advice and very narrow attack vector

Mossano, Mattia; Vaniea, Kami; Aldag, Lukas; Düzgün, Reyhan; Mayer, Peter ORCID iD icon; Volkamer, Melanie


Phishing is currently one of the biggest threats in cybersecurity for both the business and the private contexts. A large percentage of phishing attacks are blocked by automated technical solutions, but unfortunately there is often a delay between when phishing emails enter inboxes and when the technical solutions are able to detect and filter them out. To close this gap, it is common practice for companies to implement mandatory phishing awareness measures for their employees. But what about the private context? We aimed at answering that question by analysing94 anti-phishing webpages from eight different countries and four organisation types. Our analysis revealed not only contradicting recommendations, but also that most of them are rather abstract (e.g. check the URL before clicking on the link without telling what to look for) and lack guidance on advanced phishing techniques (e.g. clone phishing). We discuss the problems faced by readers of these webpages and outline both immediate recommendations to the web designer and ways forward to improve the current situation as future work.

Postprint §
DOI: 10.5445/IR/1000123700
Veröffentlicht am 01.01.2022
DOI: 10.1109/EuroSPW51379.2020.00026
Zitationen: 6
Zitationen: 2
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Proceedingsbeitrag
Publikationsjahr 2020
Sprache Englisch
Identifikator ISBN: 978-1-7281-8597-2
KITopen-ID: 1000123700
Erschienen in IEEE European Symposium on Security and Privacy 2020, (EuroS&PW) - The 5th European Workshop on Usable Security, September 7, 2020, Online (ursprünglich: June 15, 2020, Genova, Italy)
Veranstaltung 5th European Workshop on Usable Security (EuroUSEC 2020), Online, 07.09.2020
Verlag Institute of Electrical and Electronics Engineers (IEEE)
Seiten 130-139
Serie IEEE European Symposium on Security and Privacy Workshops
Schlagwörter phishing, user awareness, anti-phishing recommendations, anti-phishing material
Nachgewiesen in Scopus
Relationen in KITopen
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page