ABSTRACT
In spite of the myriad of solutions proposed by industry and the research
community to address the phishing problem, the number of phishing attacks
continues to grow at a remarkable rate. This alarming trend suggests that
the research community must develop new approaches to solutions that
prevent phishing attacks.
In this presentation, I will describe iTrustPage, an anti-phishing tool
that relies on user input and external repositories of information to
prevent users from filling out phishing Web forms. When encountering a
suspicious Web form, iTrustPage asks the user to describe the site they
intend to access, as if they are entering search terms to a search engine.
If the form is found in the top search results, the form is validated, and
the user can proceed to fill it out. Otherwise, the user is presented with
visual previews of the top search results: these are well-known sites
matching the user supplied search terms. Users can either choose one of
these trustworthy sites or refine their search terms.
We present a three-pronged evaluation of iTrustPage, investigating its
performance, effectiveness, and ease-of-use. For this, we use previously
collected traces of Web traffic, data collected from our real deployment
of iTrustPage, and data collected from a controlled usability study of our
tool. Our evaluation shows that iTrustPage is effective and easy to use.
This is joint work with Troy Ronda (University of Toronto) and Alec Wolman
(Microsoft Research).
BIOGRAPHY
Stefan joined the Computer Science at the University of Toronto in 2005
after a brief hiatus at Amazon.com. Stefan received his Ph.D. in 2004 from
the University of Washington where he worked with Steve Gribble and Hank
Levy. Stefan's research interests span the range from operating systems to
networking and distributed systems.