Browsers, phishing, and user interface design

Browsers, phishing, and user interface design
Scott Granneman, 2006-06-05

Phishing works for so many reasons, we need to rethink browser and user interface design to provide some real-life security to the average user who doesn't see or understand the security cues.

Expand all | Post comment

Sure. Lots of ideas... 2006-06-05
Anonymous (2 replies)

Your First Statement Is Right 2006-06-06
Anonymous (1 replies)

Re: Your First Statement Is Right 2006-06-07
Anonymous (1 replies)

Re: Re: Your First Statement Is Right 2006-06-08
Anonymous

Re: Sure. Lots of ideas... 2006-06-24
Anonymous

Browsers, phishing, and user interface design 2006-06-06
Anonymous

Browsers, phishing, and user interface design 2006-06-06
TJ

Browsers, phishing, and user interface design 2006-06-06
Anonymous (1 replies)

Re: Browsers, phishing, and user interface design 2006-06-06
Anonymous (2 replies)

Re: Re: Browsers, phishing, and user interface design 2006-06-08
Anonymous

Re: Re: Browsers, phishing, and user interface design 2006-06-16
Anonymous

Browsers, phishing, and user interface design 2006-06-06
infamous41md

Browsers, phishing, and user interface design 2006-06-06
Todd Knarr

Email should be as in the begining: text ONLY 2006-06-07
Anonymous

Well, lets hope we find White Hats 2006-06-07
Anonymous

Education & Two-factor authentication 2006-06-07
Wolfy

Browsers, phishing, and user interface design 2006-06-07
GeeksAreSexy

Browsers, phishing, and user interface design 2006-06-07
Anonymous

Browsers, phishing, and user interface design 2006-06-07
Andydread

Browsers, phishing, and user interface design 2006-06-07
Glenn

Send them to AOL 2006-06-07
Anonymous

Browsers, phishing, and user interface design 2006-06-08
Anonymous

The article tells tells you atleast one simple answer 2006-06-08
Matthew

Stop babying people 2006-06-09
Anonymous

Browsers, phishing, and user interface design 2006-06-09
Ron Jennings

Wrong end to start patching 2006-06-12
Thomas Nilsen (1 replies)

Re: Wrong end to start patching 2006-06-12
Anonymous

Browsers, phishing, and user interface design 2006-06-14
Andre

Ingredients of possible solutions 2006-06-16
S. Lo Presti

Users ignore alert messages... 2006-06-20
Anonymous

simple: 2006-06-24
ailaG

simple: users don't listen to anything that has technical language or icons that aren't as clear as possible and as large and central as possible (they won't look at the lock icon because a. there are plenty of meaningless icons there, b. it's too far away from the site itself and c. iirc, ie always shows a lock, sometimes locked, sometimes not. so you're asking your grandpa to notice a 4-pixel difference)

so we just teach them this:
when someone links to a place that asks for personal info, sensitive info such as your bank details, even if they just ask you to log in and ESPECIALLY when they ask for a password, never click their link.
rather, search google for the site (for example, if you're in bank A and got an email asking to renew your account, open google and type "bank A". it will most likely be the first result) .

it just has to be rephrased so it'll be shorter.

the first step is LESS indicators, not more. it's too tough for simple users to follow that many details.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/405/33748#33748

Browsers, phishing, and user interface design 2006-07-03
wurzlsepp