Authors: Ying Yuan, Qingying Hao, Giovanni Apruzzese, Mauro Conti, Gang Wang

Published on: April 03, 2024

Impact Score: 7.4

Arxiv code: Arxiv:2404.02832

Summary

• What is new: This research uniquely explores how human users perceive adversarial phishing webpages, contrasting with previous studies that mainly focused on the effectiveness of these pages against machine learning-based phishing website detectors (ML-PWD).
• Why this is important: Phishing attacks continue to evolve, with adversarial phishing webpages designed specifically to bypass ML-based detectors. The effectiveness of such webpages on the actual targets – the end users – has not been thoroughly investigated.
• What the research proposes: The study conducted two user studies with 470 participants to evaluate the perception of both synthetic and real adversarial phishing webpages, which were designed to evade state-of-the-art ML-PWDs.
• Results: Most adversarial phishing webpages are just as effective at deceiving users as traditional phishing pages. However, certain types of perturbations, like added typos, are more likely to be noticed by users. Additionally, users who frequently visit a brand’s website are more likely to be overconfident and thus less accurate in detecting phishing attempts.

Technical Details

Technological frameworks used: nan

Models used: State-of-the-art machine learning-based phishing website detectors (ML-PWD)

Data used: Synthetically crafted adversarial phishing webpages and real adversarial phishing webpages from the wild web

Potential Impact

Cybersecurity firms and businesses that rely on online transactions could benefit from these insights by refining their anti-phishing solutions and user education programs.

Want to implement this idea in a business?

We have generated a startup concept here: PhishGuardAI.