IT professionals have no simple tool to create phishing websites and raise the awareness of users. We developed a prototype that can dynamically mimic websites by using enriched screenshots, which requires no additional programming experience and is simple to set up. The generated websites are functional and remain up-to-date. We found that 98% of the hyperlinks in mimicked websites are functional with our tool, compared to 43% with the best competitor, and only two participants suspected phishing attempts at the time they were performing tasks with our prototype. This work intends to raise awareness for phishing attempts especially with local websites by providing an easy to use prototype to set up such phishing sites.
翻译:信息技术专业人员没有简单的工具来创建网上钓鱼网站,提高用户的认识。 我们开发了一个能够通过使用更丰富的截图来动态模仿网站的原型,这种原型不需要额外的编程经验,而且很容易建立。 所生成的网站功能正常,并且随时更新。 我们发现,模拟网站98%的超链接都使用我们的工具,而最佳竞争者只有43%,只有两名参与者怀疑他们执行原型任务时曾尝试网上钓鱼。 这项工作的目的是通过提供易于使用原型来建立这样的网络,提高人们对于特别是本地网站的网上钓鱼尝试的认识。