Web Wallet: Preventing Phishing Attacks by Revealing User Intentions

  • Wu M
  • Miller R
  • Little G
  • 73

    Readers

    Mendeley users who have this article in their library.
  • 62

    Citations

    Citations of this article.

Abstract

We introduce a new anti-phishing solution, the Web Wallet. The Web Wallet is a browser sidebar which users can use to submit their sensitive information online. It detects phishing attacks by determining where users intend to submit their information and suggests an alternative safe path to their intended site if the current site does not match it. It integrates security questions into the user's workflow so that its protection cannot be ignored by the user. We conducted a user study on the Web Wallet prototype and found that the Web Wallet is a promising approach. In the study, it significantly decreased the spoof rate of typical phishing attacks from 63% to 7%, and it effectively prevented all phishing attacks as long as it was used. A majority of the subjects successfully learned to depend on the Web Wallet to submit their login information. However, the study also found that spoofing the Web Wallet interface itself was an effective attack. Moreover, it was not easy to completely stop all subjects from typing sensitive information directly into web forms.

Author-supplied keywords

  • D46 Security and Protection General Terms Security
  • Design
  • E-Commerce
  • H12 User/Machine Systems
  • Human Factors
  • User Interface Design
  • User Study

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Authors

  • Min Wu

  • Robert C Miller

  • Greg Little

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free