Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Smartening the crowds: computational techniques for improving human verification to fight phishing scams
Liu G., Xiang G., Pendleton B., Hong J., Liu W.  SOUPS 2011 (Proceedings of the 7th Symposium on Usable Privacy and Security, Pittsburgh, PA,  Jul 20-22, 2011) 1-13. 2011. Type: Proceedings
Date Reviewed: Feb 9 2012

A good phishing site should resemble the target site as much as possible, and it should hide the differences with the target site, at least to the unsuspecting user. This paper leverages this observation to cluster similar suspected phishing sites. Then, instead of crowd-sourcing the verification of a single suspected phishing site, a whole cluster can be verified at once. This is reported to improve both the timeliness and the accuracy of the results on the basis of an experiment with 239 participants. Unfortunately, the control group and the experimental group had a large overlap (174 participants). The authors argue that this does not invalidate the results because of minimal learning effects, but they have no evidence for this.

I believe that the main contribution of the paper is putting forward the idea of clustering similar suspected phishing sites. The paper shows that such clusters abound and that standard techniques (for example, shingling) are effective in discovering those clusters. This suggests important further research not identified in the paper: Is it possible to distinguish suspected phishing sites from genuine sites simply by searching for look-alikes? It would be prudent to keep humans in the loop to avoid liability issues surrounding false positives, and it would be wise to consider the countermeasures that phishers would use to defeat automatic look-alike detection.

Reviewer:  Pieter Hartel Review #: CR139837 (1207-0712)
Bookmark and Share
Security and Protection (D.4.6 )
Electronic Commerce (K.4.4 )
User Interfaces (H.5.2 )
Would you recommend this review?
Other reviews under "Security and Protection": Date
Security, privacy and user interaction
Jakobsson M.,  Springer International Publishing, New York, NY, 2020. 153 pp. Type: Book (978-3-030437-53-4)
Aug 11 2021
Rethinking regex engines to address ReDoS
Davis J.  ESEC/FSE 2019 (Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Tallinn, Estonia,  Aug 26-30, 2019) 1256-1258, 2019. Type: Proceedings
Dec 31 2020
Security and privacy on blockchain
Zhang R., Xue R., Liu L.  ACM Computing Surveys 52(3): 1-34, 2019. Type: Article
May 27 2020

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright © 2000-2021 ThinkLoud, Inc.
Terms of Use
| Privacy Policy