An evaluation of extended validation and picture-in-picture phishing attacks

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4886 LNCS, Issue , 2007, Pages 281-293

  Jackson, Collin ^a   Simon, Daniel R ^b   Tan, Desney S ^b   Barth, Adam ^a  

^a STANFORD UNIVERSITY   (United States)

^b MICROSOFT RESEARCH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; USER INTERFACES; WEB SERVICES; WEBSITES;

FAKE BROWSER WINDOW; PHISHING ATTACKS;

COMPUTER CRIME;

EID: 38549121705     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-77366-5_27     Document Type: Conference Paper

References (30)

1. Felten, E.W., Balfanz, D., Dean, D., Wallach, D.S.: Web Spoofing: An Internet Con Game. In: 20th National Information Systems Security Conference (October 1997)
2. Anti-phishing working group: http://www.antiphishing.org
3. Loftesness, S.: Responding to "Phishing" Attacks" (2004), http://www.glenbrook.com/opinions/phishing.htm
4. Franco, R.: Better Website Identification and Extended Validation Certificates in IE and Other Browsers, IEBlog (November 2005)
5. Gabrilovich, E., Gontmakher, A.: The Homograph Attack. The Homograph Attack 45(2) (2002)
6. Chou, N., Ledesma, R., Teraguchi, Y., Mitchell, J.: Client-side defense against web-based identity theft. In: NDSS. Proceedings of Network and Distributed Systems Security (2004)
7. Google, Inc.: Google safe browsing for firefox (2006), http://www.google.com/tools/firefox/safebrowsing/
8. Netcraft: Netcraft Anti-Phishing Toolbar (2006), http://toolbar.netcraft. com/
9. GeoTrust, Inc.: TrustWatch Toolbar (2006), http://toolbar.trustwatch.com/
10. Zhang, Y., Egelman, S., Cranor, L., Hong, J.: Phinding Phish: Evaluating AntiPhishing Tools. In: NDSS. Proceedings of the 14th Annual Network and Distributed System Security Symposium (2007)
11. Whalen, T., Inkpen, K.M.: Gathering evidence: Use of visual security cues in web browsers. In: GI 2005. Proceedings of the 2005 conference on Graphics interface, School of Computer Science, University of Waterloo, Waterloo, Ontario, Canada, pp. 137-144. Canadian Human-Computer Communications Society (2005)
12. Dhamija, R., Tygar, J., Hearst, M.: Why Phishing Works. In: Proc. CHI. (2006)
13. Netcraft: Cardholders targetted by Phishing attack using visa-secure.com (October 2004), http://news.netcraft.com/
14. Inc., V.: VeriSign Certification Practice Statement (November 2006), http://www.verisign.com/repository/CPS/VeriSignCPSv3.3.pdf
15. Whitten, A., Tygar, J.: Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. In: 8th Usenix Security Symposium, pp. 169-184 (1999)
16. Wu, M., Miller, R., Garfinkel, S.: Do Security Toolbars Actually Prevent Phishing Attacks? In: Proc. CHI. (2006)
17. Passmark: http://www.passmarksecurity.com
18. Ye, Z.E., Smith, S., Anthony, D.: Trusted Paths for Browsers. ACM Transactions on Information and System Security 8(2), 153-186 (2005)
19. Dhamija, R., Tygar, J.: The Battle Against Phishing: Dynamic Security Skins. In: SOUPS 2005. Proceedings of the Symposium on Usable Privacy and Security (2005)
20. Dierks, T., Allen, C.: The TLS Protocol - Version 1.0. IETF RFC 2246 (January 1999)
21. Parno, B., Kuo, C., Perrig, A.: Authentication and Fraud Detection: Phoolproof phishing prevention. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, Springer, Heidelberg (2006)
22. Chappell, D.: Introducing Windows CardSpace (2006), http://msdn2. microsoft.com/en-us/library/aa480189.aspx
23. Halderman, J.A., Waters, B., Felten, E.: A convenient method for securely managing passwords. In: WWW 2005. Proceedings of the 14th International World Wide Web Conference (2005)
24. Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.: Stronger Password Authentication Using Browser Extensions. In: Proceedings of the 14th Usenix Security Symposium (2005)
25. Yee, K., Sitaker, K.: Passpet: Convenient password management and phishing protection. In: SOUPS 2006. Proceedings of the second symposium on Usable privacy and security, pp. 32-43. ACM Press, New York (2006)
26. Wu, M., Miller, R.C., Little, G.: Web Wallet: Preventing Phishing Attacks by Revealing User Intentions. In: SOUPS 2006. Proceedings of the Symposium on Usable Privacy and Security (2006)
27. Chiasson, S., van Oorschot, P., Biddle, R.: A Usability Study and Critique of Two Password Managers. In: Proc. 15th USENIX Security Symposium (2006)
28. Juels, A., Jakobsson, M., Stamm, S.: Active Cookies for Browser Authentication. In: NDSS. Proceedings of the 14th Annual Network and Distributed System Security Symposium (2007)
29. Fu, A.Y., Deng, X., Wenyin, L., Little, G.: The methodology and an application to fight against Unicode attacks. In: SOUPS 2006. Proceedings of the second symposium on Usable privacy and security, pp. 91-101. ACM Press, New York (2006)
30. Nielsen, J.: The top ten web design mistakes of 1999 (May 1999), http://www.useit.com/alertbox/990530.html