In Brief: Phishing attacks against home computer users are on the rise as more people use the Internet to complete electronic transactions. This technology-era scheme typically lures victims into providing their personal information using spoofed, but legitimate-looking Web sites or downloading malicious software which searches their computers for personal information and transmits it to attackers via the Internet.
The purpose of this literature review, which includes thirty two references, is to identify the fundamental design principles that user interface designers and developers who are not trained in the field of usability and security―also known as HCI-Sec―can use to create secure and usable anti-phishing applications.
Phishing attacks against home computer users are on the rise as more people use the Internet to complete electronic transactions.
The review is organized into three sections: 1) How phishing attacks are carried out and why they are successful (see Figure 1); 2) Effective user interface design principles that combat phishing; and 3) Learning principles and techniques that can help create a successful anti-phishing solution.
Developing successful solutions depends on clearly understanding current and future threats. To this end, the review examines current phishing techniques and anticipated risks, including why home computer users fall for phishing attacks. For example, for phishing attacks to be successful, they must reach appropriate victims, appear credible, and allow the attacker to disappear undetected. The more educated users are about their informational security, however, the more effective are the associated anti-phishing solutions.
The paper goes on to report on important usability issues with Web browsers and current anti-phishing tools, and proposes design principles intended to improve the transparency and visibility of these tools and applications.
Finally, as the paper looks to the future, it recognizes that most phishing is conducted from multiple countries and that trend is expected to expand throughout the world. Further, it is likely that smaller scale attacks that leverage partial information about fewer victims and result in higher success rates will increase.
Figure 1Information flow of a typical phishing attack.
Research Paper Author: Melinda Geist—2008 AIM Graduate, Intel Corporation
Abstract: As home computer users increase dependency on the Internet to complete electronic transactions, the need to resolve phishing vulnerabilities in the user interface becomes more urgent (Dhamija & Tygar, 2005a). Selected literature published between 2004 and 2007 is analyzed to provide designers and developers of anti-phishing applications with a set of fundamental user-centered design principles to consider prior to system design and technology solutions selection. The significance of anti-phishing user education is also examined.