2017 International Conference on Advanced Computing and Communication Systems (ICACCS -2017), Jan. 06 07, 2017, Coimbatore, INDIA Usability Evaluation of Active Anti-Phishing Browser Extensions for Persons with Visual Impairments Gunikhan Sonowal K. S. Kuppusamy Ajit Kumar Department of Computer Science Department of Computer Science Department of Computer Science School of Engineering & Technology School of Engineering & Technology School of Engineering & Technology Pondicherry University, India Pondicherry University, India Pondicherry University, India Email: gunikhan.sonowal@gmail.com Email: kskuppu@gmail.com Email: ajitkumar.pu@gmail.com Abstract—Accessibility is an integral element of Human Com- puter Interaction (HCI) domain which deals with building the tools in the digital ecosystem that shall be used universally by all categories of users irrespective of their disabilities. For persons with disabilities the security in the digital environments acquires increased significance as they are one among the leading soft targets. Phishing is an active cyber security issue which is based on both technical and social engineering components. A wide va- riety of Anti-Phishing tool have been developed to detect phishing sites. In Phishing the attackers target internet users for providing important credentials by sending fraudulent emails with links to a site which is visually similar to its legitimate counterpart. Anti- phishing tools help users for combating these frauds but from the accessibility perspective there are still barriers for persons with visual impairments. The major objective of this paper is to provide an insight into these accessibility barriers in the interface of Anti-Phishing browser extensions for persons with visual impairments. The scope of this study is in the accessibility dimension and hence the core anti-phishing methodology adopted by these tools are not elaborated in detail. With the outcome of this accessibility analysis study of these anti-phishing tools, potential suggestions are also listed out in this paper to reduce the barriers faced by persons with visual impairments. Keywords-persons with visual impairments; anti- phishing; phishing; accessibility; usability; browser extension. I. I NTRODUCTION Phishing is one of the important internet security issues in the digital ecosystem these days. Phishers use social engineer- ing with technical methods to manipulate internet users in such a way that they easily disclose their credentials like passwords, credit card details and banking information etc voluntarily. Phishing sites are developed as mirror images of legitimate sites in order to gain trust of victims. The standard definition of a phishing site was illustrated in a study by Xiang et.al. [1] in which two basic criteria were identified : 1) It is visually similar to legitimate site, 2) It has at least one login form where users can put their credentials. As reported by Anti- phishing Work Group [2], the number of unique fraud sites detected on January-June 2016 as published on Oct 03, 2016 is shown Fig. 1 which emphasizes the growth in number of phishing incidents. Fig. 1: Anti-phishing Work Group Report Oct 5, 2016 The main motivation from attacker perspective to prey phish are described by Weider, D Yu et al [3] as follow: (1) Financial benefits: The phishers can use the credential from victims for various purposes like online transaction, buy goods etc, (2) Identity concealing: As Anti-phishing laws are getting strin- gent in various countries, the attackers never use the identities that embezzled themselves. The attacker hide their genuine identity by selling identities stolen through phishing to other adversaries or cyber-criminals, (3) Fame and notoriety: For shake of Peer recognition the attacker might utilize phishing As phishing has become a major vulnerability, the cyber security community is actively developing anti-phishing tools to mitigate the phishing sites. The anti-phishing tools employ various approaches such as heuristic based approach, hybrid based approach and information flow based approach [4] to detect phishing sites. Although, these techniques successfully detect most of the phishing sites but still many users get trapped by phishers because of the usability problems in the anti-phishing tools. Usually anti-phishing tools have two layers: One is phishing detection layer and another is usability layer as shown Fig. 2. This paper is focused on accessibility issues exposed by the usability layer. In the design of any anti-phishing tool, usability plays a critical rule because all categories of users irrespective of their disabilities should get equal opportunity 978-1-5090-4559-4/17/$31.00©2017IEEE