On 10/2/2019 9:44 PM, Peter Gutmann via dev-security-policy wrote:
Ronald Crane via dev-security-policy <[email protected]>
writes:
Please cite the best study you know about on this topic (BTW, I am *not* snidely
implying that there isn't one).
Sure, gimme a day or two since I'm away at the moment.
Alternatively, there's been such a vast amount of work done on this that a few
seconds of googling should find plenty of publications. As the first search
text that came to mind, "browser ui phishing" returns just under half a million
hits. Making it "browser ui phishing inurl:.pdf" to get just papers (rather
than
web articles, blog posts, etc) reduces that to 30,000 results.
I guess I wasn't specific enough. I am looking for a good study that
supports the proposition that the Internet community has (1) made a
concerted effort to ensure that there is only one authentic domain per
entity (or, at most, per entity-service, e.g, retail brokerage
services); and (2) has made a concerted effort to educate users to use
only that domain; and (3) that those steps have failed to significantly
reduce the successful phishing rate of the users that steps (1) and (2)
targeted.
-R
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
