KIT | KIT-Bibliothek | Impressum | Datenschutz

Analysis of publicly available anti-phishing webpages: contradicting information, lack of concrete advice and very narrow attack vector

Mossano, Mattia; Vaniea, Kami; Aldag, Lukas; Düzgün, Reyhan; Mayer, Peter; Volkamer, Melanie

Abstract:
Phishing is currently one of the biggest threats in cybersecurity for both the business and the private contexts. A large percentage of phishing attacks are blocked by automated technical solutions, but unfortunately there is often a delay between when phishing emails enter inboxes and when the technical solutions are able to detect and filter them out. To close this gap, it is common practice for companies to implement mandatory phishing awareness measures for their employees. But what about the private context? We aimed at answering that question by analysing94 anti-phishing webpages from eight different countries and four organisation types. Our analysis revealed not only contradicting recommendations, but also that most of them are rather abstract (e.g. check the URL before clicking on the link without telling what to look for) and lack guidance on advanced phishing techniques (e.g. clone phishing). We discuss the problems faced by readers of these webpages and outline both immediate recommendations to the web designer and ways forward to improve the current situation as future work.

Open Access Logo


Postprint §
DOI: 10.5445/IR/1000123700
Frei zugänglich ab 01.01.2022
Originalveröffentlichung
DOI: 10.1109/EuroS&PW51379.2020.00025
Zugehörige Institution(en) am KIT Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Proceedingsbeitrag
Publikationsjahr 2020
Sprache Englisch
Identifikator ISBN: 978-1-7281-8597-2
KITopen-ID: 1000123700
Erschienen in IEEE European Symposium on Security and Privacy 2020, (EuroS&PW) - 5th European Workshop on Usable Security (EuroUSEC), 7-11, 2020
Verlag IEEE, Piscataway (NJ)
Seiten 130-139
Schlagwörter phishing, user awareness, anti-phishing recommendations, anti-phishing material
Relationen in KITopen
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page