Paper Info
Title
Measuring Identity Confusion with Uniform Resource Locators
Abstract
Uniform Resource Locators (URLs) unambiguously specify host identity on the web. URLs are syntactically complex, and although software can accurately parse identity from URLs, users are frequently exposed to URLs and expected to do the same. Unfortunately, incorrect assessment of identity from a URL can expose users to attacks, such as typosquatting and phishing. Our work studies how well users can correctly determine the host identity of real URLs from common services and obfuscated "look-alike" URLs. We observe that participants employ a wide range of URL parsing strategies, and can identify real URLs 93% of time. However, only 40% of obfuscated URLs were identified correctly. These mistakes highlighted several ways in which URLs were confusing to users and why their existing URL parsing strategies fall short. We conclude with future research directions for reliably conveying website identity to users.
Year
DOI
Venue
2020
10.1145/3313831.3376298
CHI '20: CHI Conference on Human Factors in Computing Systems Honolulu HI USA April, 2020
DocType
ISBN
Citations 
Conference
978-1-4503-6708-0
0
PageRank 
References 
Authors
0.34
0
9
Name
Order
Citations
PageRank
Joshua J. Reynolds161.95
Deepak Kumar29634.18
Zane Ma3805.51
Rohan Subramanian400.34
Meishan Wu500.34
Martin Shelton6162.55
Joshua Mason71089.79
Emily Stark800.68
Michael Bailey9364.47