Easier in Reverse: Simplifying URL Reading for Phishing URLs via Reverse Domain Name Notation.

Phishing attacks are a persistent problem to users and organizations world-wide, resulting in monetary loss and providing a first step in more complex attacks. To improve the anti-phishing defensive efforts, this paper offers two main contributions: First, we present a novel categorization of phishing URLs with the goal of capturing the URL reading capabilities of untrained users and evaluate it in a user study. We find, that phishing URLs which are similar to the target URL when read from the left were the most complicated to classify in our study. Second, based on these results, we evaluate Reverse Domain Name (RDN) notation as an alternative URL notation where attacker-controlled information no longer makes up the left-most part of the URL. We evaluate the effect of using RDN notation in a second user study, and show that accuracies indeed improved for the relevant URL categories, and that users were significantly faster in their decisions compared to normal URL notation. Our results extend previous work aiming to understand users’ URL reading, provide recommendations when designing user studies including URL classification tests, and motivate further research into the potential advantages of RDN notation in practice.