Breaking out of the browser to defend against phishing attacks

Abstract

Current approaches to phishing prevention are focused on the web browser and the user’s interaction with it. We present a new approach to allowing users to interact reliably and securely with high-value and sensitive web sites, using protected links — a customizable set of secure bookmarks, separate from their standard web browser. By digitally signing and whitelisting protected links, we ensure users end up with an intuitive interface for accessing the sites they intend. We have implemented a prototype protected links system, and evaluated its usability with a small study of potential users with positive results.