TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

  • Melanie VolkamerEmail author
  • Karen Renaud
  • Benjamin Reinheimer
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 471)


We propose a concept called TORPEDO to improve phish detection by providing just-in-time and just-in-place trustworthy tooltips to help people judge links embedded in emails. TORPEDO’s tooltips contain the actual URL with the domain highlighted and delay link activation for a short period, giving the person time to inspect the URL before they click. Furthermore, TORPEDO consists of an information diagram to explain phish detection. We evaluated TORPEDO in particular with respect to its effectiveness: Compared to the worst case ‘status bar’. as used in Thunderbird and Web email clients. TORPEDO performed significantly better in detecting phishes and identifying legitimate emails (85.17 % versus 43.31 % correct answers for phish). A proof of concept implementation is available as a Thunderbird Add-On.


Teachable Moment Authentic Email Email Client Legitimate Email Embed Link 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was developed within the project ‘KMU AWARE’ which is funded by the German Federal Ministry for Economic Affairs and Energy under grant no. BMWi-VIA5-090168623-01-1/2015. The authors assume responsibility for the content.


  1. 1.
    Alnajim, A., Munro, M.: An anti-phishing approach that uses training intervention for phishing websites detection. In: 6th International Conference on Information Technology: New Generations, pp. 405–410. IEEE (2009)Google Scholar
  2. 2.
    APWG Internet Policy Committee: Global Phishing Survey: Trends and Domain Name Use in 2H2013 (2013). Accessed 13 March 2016
  3. 3.
    Bar-Yossef, Z., Keidar, I., Schonfeld, U.: Do not crawl in the DUST: different URLs with similar text. TWEB 3(1), 1–31 (2009). ACMCrossRefGoogle Scholar
  4. 4.
    Blythe, M., Petrie, H., Clark, J.A.: F for fake: four studies on how we fall for phish. In: CHI, pp. 3469–3478. ACM (2011)Google Scholar
  5. 5.
    Canova, G., Volkamer, M., Bergmann, C., Borza, R.: NoPhish: an anti-phishing education app. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 188–192. Springer, Heidelberg (2014)Google Scholar
  6. 6.
    Canova, G., Volkamer, M., Bergmann, C., Borza, R.: Learn to spot phishing URLs with the android nophish app. In: Bishop, M., Miloslavskaya, N., Theocharidou, M. (eds.) Information Security Education Across the Curriculum. IFIP Advances in Information and Communication Technology, vol. 453, pp. 87–100. Springer, Heidelberg (2015)Google Scholar
  7. 7.
    Canova, G., Volkamer, M., Bergmann, C., Reinheimer, B.: NoPhish app evaluation: lab and retention study. In: USEC. Internet Society (2015)Google Scholar
  8. 8.
    Cialdini, R.B., Cacioppo, J.T., Bassett, R., Miller, J.A.: Low-ball procedure for producing compliance: commitment then cost. J. Pers. Soc. Psychol. 36(5), 463 (1978). APACrossRefGoogle Scholar
  9. 9.
    Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: CHI, pp. 581–590. ACM (2006)Google Scholar
  10. 10.
    Dodge, R.C., Carver, C., Ferguson, A.J.: Phishing for user security awareness. Comput. Secur. 26(1), 73–80 (2007). ElsevierCrossRefGoogle Scholar
  11. 11.
    Erkkilä, J.-P.: Why we fall for phishing. In: Conference on Human Factors in Computer Systems. ACM (2011)Google Scholar
  12. 12.
    Fette, I., Sadeh, N., Tomasic, A.: Learning to detect phishing emails. In: 16th International Conference on World Wide Web, pp. 649–656. ACM (2007)Google Scholar
  13. 13.
    Frauenstein, E.D., von Solms, R.: Phishing: how an organization can protect itself. In: Information Security South Africa Conference, pp. 253–268. Information Security South Africa (2009)Google Scholar
  14. 14.
    Friedman, B., Hurley, D., Howe, D.C., Felten, E., Nissenbaum, H.: Users’ conceptions of web security: a comparative study. In: CHI, pp. 746–747. ACM (2002)Google Scholar
  15. 15.
    Garera, S., Provos, N., Chew, M., Rubin, A.D.: A framework for detection and measurement of phishing attacks. In: Recurring Malcode, pp. 1–8. ACM (2007)Google Scholar
  16. 16.
    Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Commun. ACM 50(10), 94–100 (2007). ACMCrossRefGoogle Scholar
  17. 17.
    Jakobsson, M., Tsow, A., Shah, A., Blevis, E., Lim, Y.: What instills trust? a qualitative study of phishing. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 356–361. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Jansson, K., von Solms, R.: Simulating malicious emails to educate end users on-demand. In: 3rd Symposium on Web Society, pp. 74–80. IEEE (2011)Google Scholar
  19. 19.
    Khonji, M., Iraqi, Y., Jones, A.: Phishing detection: a literature survey. Commun. Surv. Tutorials IEEE 15(4), 2091–2121 (2013). IEEECrossRefGoogle Scholar
  20. 20.
    Kirlappos, I., Sasse, M.A., Education, S.: Against phishing: a modest proposal for a major rethink. Secur. Priv. 10(2), 24–32 (2012). IEEECrossRefGoogle Scholar
  21. 21.
    Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L.F., Hong, J., Nunge, E.: Protecting people from phishing: the design and evaluation of an embedded training email system. In: CHI, pp. 905–914. ACM (2007)Google Scholar
  22. 22.
    Kumaraguru, P., Rhee, Y., Sheng, S., Hasan, S., Acquisti, A., Cranor, L.-F., Hong, J.: Getting users to pay attention to anti-phishing education: evaluation of retention and transfer. In: Anti-phishing WG, pp. 70–81. ACM (2007)Google Scholar
  23. 23.
    Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L.F., Hong, J.: Teaching Johnny to fall for phish. Trans. Internet Technol. 10(2), 1–7 (2010). ACMCrossRefGoogle Scholar
  24. 24.
    Li, L., Helenius, M.: Usability evaluation of anti-phishing toolbars. J. Comput. Virol. 3(2), 163–184 (2007). SpringerCrossRefGoogle Scholar
  25. 25.
    Lin, E., Greenberg, S., Trotter, E., Ma, D., Aycock, J.: Does domain highlighting help people identify phishing sites? In: CHI, pp. 2075–2084. ACM (2011)Google Scholar
  26. 26.
    Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Beyond blacklists learning to detect malicious web sites from suspicious URLs. In: 15th SIGKDD, pp. 1245–1254. ACM (2009)Google Scholar
  27. 27.
    Marchal, S., François, J., State, R., Engel, T.: Proactive discovery of phishing related domain names. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 190–209. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  28. 28.
    Maurer, M.-E., Herzner, D.: Using visual website similarity for phishing detection and reporting. In: CHI, pp. 1625–1630. ACM (2012)Google Scholar
  29. 29.
    Maurer, M.-E., Luca, A.D., Kempe, S.: Using data type based security alert dialogs to raise online security awareness. In: SOUPS, p. 2. ACM (2011)Google Scholar
  30. 30.
    Naidoo, R.: Analysing urgency and trust cues exploited in phishing scam designs. In: 10th International Conference on Cyber Warfare and Security, p. 216. Academic Conferences Limited (2015)Google Scholar
  31. 31.
    Prakash, P., Kumar, M., Kompella, R.R., Gupta, M.: PhishNet: predictive blacklisting to detect phishing attacks. In: INFOCOM, pp. 1–5. IEEE (2010)Google Scholar
  32. 32.
    Rusch, J.J.: The “social engineering” of internet fraud. In: Internet Society Annual Conference. Internet Society (1999)Google Scholar
  33. 33.
    Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L.F., Hong, J., Nunge, E., Phil, A.-P.: The design and evaluation of a game that teaches people not to fall for phish. In: SOUPS, pp. 88–99. ACM (2007)Google Scholar
  34. 34.
    Stajano, F., Wilson, P.: Understanding scam victims: seven principles for systems security. Commun. ACM 54(3), 70–75 (2011). ACMCrossRefGoogle Scholar
  35. 35.
    University of Exeter School of Psychology. The psychology of scams: Provoking and committing errors of judgement, University of Exeter (2012)Google Scholar
  36. 36.
    Verma, R., Shashidhar, N., Hossain, N.: Detecting phishing emails the natural language way. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 824–841. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  37. 37.
    Vishwanath, A., Herath, T., Chen, R., Wang, J., Rao, H.R.: Why do people get phished? testing individual differences in phishing vulnerability within an integrated, information processing model. Decis. Supp. Syst. 51(3), 576–586 (2011). ElsevierCrossRefGoogle Scholar
  38. 38.
    Wang, J., Chen, R., Herath, T., Rao, H.: An empirical exploration of the design pattern of phishing attacks. Inform. Assurance, Security & Privacy Services, Emerald Publishers (2009)Google Scholar
  39. 39.
    Webroot. Webroot 2015 Threat Brief. Accessed 13 March 2016
  40. 40.
    Wu, M., Miller, R.C., Garfinkel, S.L.: Do security toolbars actually prevent phishing attacks? In: CHI, pp. 601–610. ACM (2006)Google Scholar
  41. 41.
    Xu, Z., Zhang, W.: Victimized by phishing: a heuristic-systematic perspective. J. Internet Bank. Commer. 17(3), 1 (2012). ARRAY DevelopmentGoogle Scholar
  42. 42.
    Zhang, Y., Egelman, S., Cranor, L.F., Hong, J.: Phinding phish: evaluating anti-phishing tools. In: NDSS. School of Computer Science, Internet Society (2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2016

Authors and Affiliations

  • Melanie Volkamer
    • 1
    • 3
    Email author
  • Karen Renaud
    • 2
  • Benjamin Reinheimer
    • 1
  1. 1.SECUSO, Computer Science DepartmentTU DarmstadtDarmstadtGermany
  2. 2.School of Computing ScienceUniversity of GlasgowGlasgowUK
  3. 3.Karlstad UniversityKarlstadSweden

Personalised recommendations