I don't need an expert! making url phishing features human comprehensible

Abstract

Judging the safety of a URL is something that even security experts struggle to do accurately without additional information. In this work, we aim to make experts' tools accessible to non-experts and assist general users in judging the safety of URLs by providing them with a usable report based on the information professionals use. We designed the report by iterating with 8 focus groups made up of end users, HCI experts, and security experts to ensure that the report was usable as well as accurately interpreted the information. We also conducted an online evaluation with 153 participants to compare di?erent report-length options. We ?nd that the longer comprehensive report allows users to accurately judge URL safety (93% accurate) and that summaries still provide bene?t (83% accurate) compared to domain highlighting (65% accurate).