Das Paper "Phishing Attack Recognition by End-Users: Concepts for URL Visualization and Implementation" von Vivian Erbenich, Daniel Träder, Andreas Heinemann und Meltem Nural wurde auf der HAISA 2019 akzeptiert. Die Konferenz findet vom 15. - 17.07.2019 in Nicosia, Zypern statt. Herzlichen Glückwunsch!
Abstract
Social engineering, through means of phishing, is a very popular entry point for a targeted attack in order to obtain further data on a company or private individual, e.g. by injecting malware on the victim’s machine. A phishing attack that leads to a malicious website can usually be identified by the HTTP link with expert knowledge. However, only very few users pay attention to the link or have the necessary knowledge to recognize a threat as such. This work addresses the question of how current link visualization could be improved so that a user can better identify whether the link points to a phishing site or a legitimate site. Additionally, we also address the question of how our proposed link concepts can be put into practice. As an improvement, the outer shape of a link will be adapted by content-based formatting, trimming and other features. The user will thus be able to interactively explore a URL and its components in order to gain a better decision. As a next step, we plan to evaluate our concepts in a controlled lab environment with few test persons as well as by a large-scale online user-study.