Anti-phishing in offense and defense

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2008, Pages 345-354

  Yue, Chuan ^a   Wang, Haining ^a  

^a The College of William and Mary   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANTI-PHISHING; DETECTION TECHNIQUES; FIREFOX; HUMAN USERS; INTERNET USERS; NEW APPROACHES; PHISHING; PHISHING ATTACKS; USABILITY STUDIES; WEB SITES;

COMPUTER APPLICATIONS; SECURITY SYSTEMS; WORLD WIDE WEB;

WEB BROWSERS;

EID: 60649094724     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2008.32     Document Type: Conference Paper

References (41)

1. B. Adida. BeamAuth: Two-factor web authentication with a bookmark. In Proceedings of the CCS, pages 48-57, 2007.
2. D. Birk, M. Dornseif, S. Gajek, and F. Gröbert. Phishing phishers - tracing identity thieves and money launderer. Technical Report, Horst-Görtz Institute of Ruhr-University of Bochum, 2006.
3. A. Bortz, D. Boneh, and P. Nandy. Exposing private information by timing web applications. In Proceedings of the WWW, pages 621-628, 2007.
4. N. Chou, R. Ledesma, Y. Teraguchi, and J. C. Mitchell. Client-side defense against web-based identity theft. In Proceedings of the NDSS, 2004.
5. R. Dhamija and J.D. Tygar. The battle against phishing: Dynamic security skins. In Proceedings of the SOUPS, pages 77-88, 2005.
6. J. S. Downs, M. B. Holbrook, and L. F. Cranor. Decision strategies and susceptibility to phishing. In Proceedings of the SOUPS, pages 79-90, 2006.
7. S. Egelman, L. F. Cranor, and J. Hong. You've been warned: An empirical study of the effectiveness of web browser phishing warnings. In Proceedings of the CHI, pages 1065-1074, 2008.
8. D. Florêncio and C. Herley. Password rescue: A new approach to phishing prevention. In Proceedings of the HOTSEC, 2006.
9. D. Florêncio and C. Herley. A large-scale study of web password habits. In Proceedings of the WWW, pages 657-666, 2007.
10. D. Florêncio, C. Herley, and B. Coskun. Do strong web passwords accomplish anything? In Proceedings of the HOTSEC, 2007.
11. S. Garera, N. Provos, M. Chew, and A. D. Rubin. A framework for detection and measurement of phishing attacks. In Proceedings of the WORM, 2007.
12. T. N. Jagatic, N. A. Johnson, M. Jakobsson, and F. Menczer. Social phishing. Commun. ACM, 50(10):94-100, 2007.
13. M. Jakobsson and S. Myers. Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft. Wiley-Interscience, ISBN 0-471-78245-9, 2006.
14. M. Jakobsson and J. Ratkiewicz. Designing ethical phishing experiments: a study of (ROT13) rOnl query features. In Proceedings of the WWW, pages 513-522, 2006.
15. M. Jakobsson and A. Young. Distributed phishing attacks. In Proceedings of the workshop on Resilient Financial Information Systems, 2005.
16. P. Kumaraguru, Y. Rhee, A. Acquisti, L. F. Cranor, J. Hong, and E. Nung. Protecting people from phishing: The design and evaluation of an embedded training email system. In Proceedings of the CHI, pages 905-914, 2007.
17. C. Ludl, S. McAllister, E. Kirda, and C. Kruegel. On the effectiveness of techniques to detect phishing sites. In Proceedings of the DIMVA, 2007.
18. T. Moore and R. Clayton. Examining the impact of website take-down on phishing. In Proceedings of the APWG eCrime Researchers Summit, 2007.
19. B. Parno, C. Kuo, and A. Perrig. Phoolproof phishing prevention. In Proceedings of the Financial Cryptography, pages 1-19, 2006.
20. B. Pinkas and T. Sander. Securing passwords against dictionary attacks. In Proceedings of the CCS, pages 161-170, 2002.
21. Rachna Dhamija and J.D. Tygar and Marti Hearst. Why phishing works. In Proceedings of the CHI, pages 581-590, 2006.
22. B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell. Stronger password authentication using browser extensions. In Proceedings of the USENIX Security Symposium, pages 17-32, 2005.
23. S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer. The emperor's new security indicators: An evaluation of website authentication and the effect of role playing on usability studies. In Proceedings of the IEEE Symposium on Security and Privacy, pages 51-65, 2007.
24. S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti, L. F. Cranor, J. Hong, and E. Nunge. Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish. In Proceedings of the SOUPS, pages 88-99, 2007.
25. L. von Ahn, M. Blum, N. Hopper, and J. Langford. CAPTCHA: Using hard AI problems for security. In Proceedings of the Eurocrypt, pages 294-311, 2003.
26. T. Whalen and K. M. Inkpen. Gathering evidence: use of visual security cues in web browsers. In Proceedings of the conference on Graphics interface, pages 137-144, 2005.
27. M. Wu. Fighting Phishing at the User Interface. PhD thesis, MIT, 2006.
28. M. Wu, R. C. Miller, and S. L. Garfinkel. Do security toolbars actually prevent phishing attacks? In Proceedings of the CHI, pages 601-610, 2006.
29. M. Wu, R. C. Miller, and G. Little. Web Wallet: preventing phishing attacks by revealing user intentions. In Proceedings of the SOUPS, pages 102-113, 2006.
30. Z. E. Ye and S. Smith. Trusted paths for browsers. In Proceedings of the USENIX Security Symposium, pages 263-279, 2002.
31. K.-P. Yee and K. Sitaker. Passpet: convenient password management and phishing protection. In Proceedings of the SOUPS, pages 32-43, 2006.
32. Y. Zhang, S. Egelman, L. F. Cranor, and J. Hong. Phinding phish: Evaluating anti-phishing tools. In Proceedings of the NDSS, 2007.
33. Y. Zhang, J. Hong, and L. Cranor. CANTINA: A content-based approach to detecting phishing web sites. In Proceedings of the WWW, pages 639-648, 2007.
34. APWG: Phishing Scams by Targeted Company. http://www.millersmiles.co.uk/ scams.php.
35. Firefox 2 Phishing Protection Effectiveness Testing. http://www.mozilla. org/security/phishing-test.html.
36. Firefox Phishing Protection. http://www.mozilla.com/en-US/firefox/ phishing-protection/.
37. Gone Phishing: Evaluating Anti-Phishing Tools for Windows. http://www.3sharp.com/projects/antiphishing/gone-phishing.pdf.
38. Inaccessibility of CAPTCHA. http://www.w3.org/TR/turingtest/.
39. Know your Enemy: Phishing. http://www.honeynet.org/papers/phishing/.
40. Microsoft Phishing Filter. http://www.microsoft.com/protect/products/ yourself/.
41. PhishTank. http://www.phishtank.com/.