Speaker: Rob Miller, MIT
Title: Web Wallet: Preventing Phishing Attacks by Revealing User Intention
We introduce a new anti-phishing solution, the Web Wallet. The Web Wallet is a browser sidebar that allows users to submit their sensitive information online. It depends on the user's real intention to effectively detect phishing attacks and suggests an alternative safe path to their intended site. It integrates security questions into the user's workflow so that its protection cannot be ignored. We conducted a user study on the Web Wallet prototype and found that the Web Wallet is a promising approach. It significantly decreased the spoof rate of current phishing attacks from 63% to 7%. It also effectively prevented all the phishing attacks as long as it was used. A majority of the subjects were successfully trained to depend on the Web Wallet to submit their login information. However, spoofing the Web Wallet interface itself was an effective attack we found in this study. Moreover, we found in the study that it was not easy to completely stop all the subjects from typing sensitive information directly into web forms.
Rob Miller is an assistant professor in the MIT EECS department and a member of the MIT Computer Science and Artificial Intelligence Laboratory. He earned his Ph.D. in Computer Science from Carnegie Mellon University (2002), and B.S. and M.Eng. degrees in EECS from MIT (1995). His research interests span human-computer interaction, user interfaces, software engineering, and artificial intelligence. His current research focus lies at the intersection of security and user interfaces, with the goal of discovering how to build computer systems that are both safer and easier to use.