Influence of URL Formatting on Users' Phishing URL Detection

Despite technical advances in anti-phishing protection, in many cases the detection of phishing URLs largely depends on users manually inspecting the links found in suspicious emails. One solution proposed to support users in doing so is to use a URL formatting that focuses their attention on critical URL parts, such as domain and top-level-domain (called “who-area”). While this solution has been implemented in several software products (e.g., browsers web address bar), research on its effectiveness with regard to phishing URL detection is currently limited. To investigate the extent to which different kinds of URL formatting support users to detect phishing URLs, we conducted an online study (n = 200) using interactive email screenshots with tooltips showing two previously evaluated URL formatting (called “Who-Area Highlighting” and “Who-Area Only”). A group with unmodified URLs (called “Plain URL”) acted as control. We did not find any significant difference between the URL formatting within our sample, with successful phishing URL detection rates ranging from 71% (for the unmodified URL) to 76% (for showing only the URL who-area). ... mehrAs we designed a study with a “best-case" scenario to detect a medium effect size (Cohen’s r = .30), it is then likely that the URL formatting effect on phishing URL detection would be even smaller in the real world. Still, we found that other factors had a significant effect on users’ phishing URL detection, namely, gender-related factors and forcing users’ attention on the URL for 4-5 seconds. However, these results are only preliminary and need further investigation.