In this paper, we study the neural underpinnings relevant to user-centered web security through the lens of functional near-infrared spectroscopy (fNIRS). Specifically, we design and conduct a fNIRS study to pursue a thorough investigation of users’ processing of legitimate vs. illegitimate and familiar vs. unfamiliar websites. We pinpoint the neural activity in these tasks as well as the brain areas that control such activity. We show that, at the neurological level, users process the legitimate websites differently from the illegitimate websites when subject to phishing attacks. Similarly, we show that users exhibit marked differences in the way their brains process the previously familiar websites from unfamiliar websites. These findings have several defensive and offensive implications. In particular, we discuss how these differences may be used by the system designers in the future to differentiate between legitimate and illegitimate websites automatically based on neural signals. Similarly, we discuss the potential for future malicious attackers, with access to neural signals, in compromising the privacy of users by detecting whether a website is previously familiar or unfamiliar to the user. Compared to prior research, our novelty lies in several aspects. First, we employ a neuroimaging methodology (fNIRS) not tapped into by prior security research for the problem domain we are studying. Second, we provide a focused study design and comprehensive investigation of the neural processing underlying the specific tasks of legitimate vs. illegitimate and familiar vs. unfamiliar websites. Third, we use an experimental set-up much more amenable to real-world settings, compared to previous fMRI studies. Beyond these scientific innovations, our work also serves to corroborate and extend several of the findings of the prior literature with independent methodologies, tools and settings.