Speaker: Rob Miller, MIT
Title: Web Wallet: Preventing Phishing Attacks by Revealing User Intention
Abstract:
We introduce a new anti-phishing solution, the Web Wallet. The
Web Wallet is a browser sidebar that allows users to submit their
sensitive information online. It depends on the user's real intention to
effectively detect phishing attacks and suggests an alternative safe
path to their intended site. It integrates security questions into the
user's workflow so that its protection cannot be ignored. We conducted a
user study on the Web Wallet prototype and found that the Web Wallet is
a promising approach. It significantly decreased the spoof rate of
current phishing attacks from 63% to 7%. It also effectively prevented
all the phishing attacks as long as it was used. A majority of the
subjects were successfully trained to depend on the Web Wallet to submit
their login information. However, spoofing the Web Wallet interface
itself was an effective attack we found in this study. Moreover, we
found in the study that it was not easy to completely stop all the
subjects from typing sensitive information directly into web forms.
Biography:
Rob Miller is an assistant professor in the MIT EECS department and a
member of the MIT Computer Science and Artificial Intelligence
Laboratory. He earned his Ph.D. in Computer Science from Carnegie Mellon
University (2002), and B.S. and M.Eng. degrees in EECS from MIT (1995).
His research interests span human-computer interaction, user interfaces,
software engineering, and artificial intelligence. His current research
focus lies at the intersection of security and user interfaces, with the
goal of discovering how to build computer systems that are both safer
and easier to use.