Skip to main content
Log in

Usability evaluation of anti-phishing toolbars

  • Eicar 2007 Best Academic Papers
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

Phishing is considered as one of the most serious threats for the Internet and e-commerce. Phishing attacks abuse trust with the help of deceptive e-mails, fraudulent web sites and malware. In order to prevent phishing attacks some organizations have implemented Internet browser toolbars for identifying deceptive activities. However, the levels of usability and user interfaces are varying. Some of the toolbars have obvious usability problems, which can affect the performance of these toolbars ultimately. For the sake of future improvement, usability evaluation is indispensable. We will discuss usability of five typical anti-phishing toolbars: built-in phishing prevention in the Internet Explorer 7.0, Google toolbar, Netcraft Anti-phishing toolbar and SpoofGuard. In addition, we included Internet Explorer plug-in we have developed, Anti-phishing IEPlug. Our hypothesis was that usability of anti-phishing toolbars, and as a consequence also security of the toolbars, could be improved. Indeed, according to the heuristic usability evaluation, a number of usability issues were found. In this article, we will describe the anti-phishing toolbars, we will discuss anti-phishing toolbar usability evaluation approach and we will present our findings. Finally, we will propose advices for improving usability of anti-phishing toolbars, including three key components of anti-phishing client side applications (main user interface, critical warnings and the help system). For example, we found that in the main user interface it is important to keep the user informed and organize settings accordingly to a proper usability design. In addition, all the critical warnings an anti-phishing toolbar shows should be well designed. Furthermore, we found that the help system should be built to assist users to learn about phishing prevention as well as how to identify fraud attempts by themselves. One result of our research is also a classification of anti-phishing toolbar applications.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Anti-phishing working group (APWG): Phishing attack Trends Report—March 2006 (2006). http://www.antiphishing.org/reports/apwg_report_mar_06.pdf. Cited 9 Nov 2006

  2. Chou, N., Ledesma, R., Teraguchi, Y., Boneh, D., Mitchell, J.C.: SpoofGuard (2004). http://crypto.stanford.edu/SpoofGuard/. Cited 27 July 2006

  3. Downs, J., Holbrook, M., Cranor, L.: Decision strategies and susceptibility to phishing. In: Proceedings of the 2006 symposium On usable privacy and security, pp. 79–90 (2006)

  4. Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: The proceedings of the conference on human factors in computing systems (2006). http://people.deas.harvard.edu/~rachna/papers/why_phishing_works.pdf. Cited 11 Nov 2006

  5. Dinev T. (2006). Why spoofing is serious internet fraud. Commun. ACM, 49(10): 76–82

    Article  Google Scholar 

  6. FBI National Press Office: Web ‘Spoofing’ Scams Are a Growing Problem. In: Press Release, Washington D.C. (2003) http://www.fbi.gov/pressrel/pressrel03/spoofing072103.htm. Cited 10 Nov 2006

  7. Gartner Inc.: Gartner survey shows frequent data security lapses and increased cyber attacks damage consumer trust in online commerce (2005). http://www.gartner.com/press_releases/asset_129754_11.html Cited 22 November 2006

  8. Google: Google safe browsing (2006). http://www.google.com/support/firefox/bin/static.py?page=features.html&v=2.0f. Cited 10 Oct 2006

  9. Gutmann P., Grigg I. (2005). Security usability. Secur. Priv. Mag. IEEE, 3(4): 56–58

    Article  Google Scholar 

  10. Jakobsson, M.: Modeling and preventing phishing attacks. In: Phishing panel of financial cryptography (2005). http://www.informatics.indiana.edu/markus/papers/phishing_jakobsson.pdf. Cited 1 Nov 2006

  11. Jakobsson, M., Ratkiewicz, J.: Designing ethical phishing experiments: a study of (ROT13) rOnl auction query features. In: Proceedings of the 15th annual World Wide Web conference, pp. 513–522 (2006)

  12. Li, L., Helenius, M.: Anti-phishing IEPlug (2006). http://www.cs.uta.fi/~ll79452/ap.html. Cited 1 Sep 2006

  13. Netcraft: Netcraft anti-phishing toolbar (2006). http://toolbar.netcraft.com/. Cited 18 November 2006

  14. Nielsen, J.: Heuristic evaluation online writings (1994). http://www.useit.com/papers/heuristic/. Cited 18 October 2006

  15. Pierotti, D.: Usability techniques: heuristic evaluation—a system checklist (1998). http://www.stcsig.org/usability/topics/articles/he-checklist.html. Cited 18 October 2006

  16. PhishTank: PhishTank—join the fight against phishing (2006). http://www.phishtank.com/. Cited 5 Nov 2006

  17. Stop-phishing group (2006). http://www.indiana.edu/~phishing/?people=external. Cited 20 Oct 2006

  18. Wu, M., Miller, R., Garfinkel, S.: Do security toolbars actually prevent phishing attacks? In: Proceedings of the CHI 2006. 22–27 April 2006 Montréal, pp. 601–610 (2006)

  19. Zhang, Y., Egelman, S., Cranor, L., Hong, J.: Phinding Phish: evaluating anti-phishing toolbars. In: Carnegie Mellon University, CyLab Technical Report. CMU-CyLab-06-018 (2006). http://www.cylab.cmu.edu/default.aspx?id=2255. Cited 15 Nov 2006

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Marko Helenius.

Additional information

Linfeng Li is a student at the University of Tampere, Finland. Marko Helenius is Assistant Professor at the Department of Computer Sciences, University of Tampere, Finland.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Li, L., Helenius, M. Usability evaluation of anti-phishing toolbars. J Comput Virol 3, 163–184 (2007). https://doi.org/10.1007/s11416-007-0050-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-007-0050-4

Keywords

Navigation