A Usability Study on the Net Trust Anti-Fraud Toolbar

The Net Trust toolbar embeds social context in Internet browsing by analyzing peer web-histories and opinions over user-selected social networks. The reputation metric bundles these socially relevant ratings with user-chosen external red/green lists to signal trust in browsing sessions. This usability study applies the think-aloud methodology to qualitatively assess how effectively Net Trust expresses ratings and how easily participants can customize their social networks and third-party ratings. The growth of phishing, a short-term scam that recruits victims via email to fraudulent web sites masquerading as legitimate institutions whereupon many visitors will disclose sensitive information (passwords, account IDs, etc.), is well documented by the Anti-PhishingWorking Group [1], Symantec [12], and others. Net Trust attacks the more general problem of identifying untrustworthy web sites, however phishing’s short-term nature [9] prevents such fraudulent servers from gaining the reputation accorded to legitimate institutions. Since web browsers are the point of entry to spoofed web sites, anti-phishing toolbars which dynamically rate content have become prevalent [3, 4, 8, 10, 11]. Some toolbars detect phishing by analyzing real-time information such as links, images, SSL certificates and other document features, while others depend upon centralized databases of known fraudulent and legitimate web sites; all of these solutions suffer from high false-positive rates, high false-negative rates, or both [2]. In contrast, Net Trust detects fraud by distilling aggregate data from the browsing histories of self-chosen peers and external third-party ratings (e.g., the FDIC, BBB, etc.). For example, suppose a Net Trust user, Alice, conducts online banking at the domain mylocalbank.com. Her regular visits will improve the web site score. Some of Alice’s friends, who share geographic similarity, are online clients of the same local bank. Since Net Trust displays the mean of positive ratings, mylocalbank.com will be highly rated. If a phishing message should direct her to a fraudulent web