SpoofKiller: You can teach people how to pay, but not how to pay attention

Proceedings - 2nd Workshop on Socio-Technical Aspects in Security and Trust, STAST 2012, Co-located with 25th IEEE Computer Security Foundations Symposium, CSF 2012

Volumn , Issue , 2012, Pages 3-10

  Jakobsson, Markus ^a   Siadati, Hossein ^b  

^a Paypal ^*  (United States)

^b Extricatus LLC   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

FRAUDSTERS;

SECURITY OF DATA;

SECURITY SYSTEMS;

EID: 84871984931     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/STAST.2012.12     Document Type: Conference Paper

References (29)

1. N. Chou, R. Ledesma, Y. Teraguchi, D. Boneh, and J. C. Mitchell. Client-side defense against web-based identity theft. 2004.
2. P. Daniel. Android users demographics, November 19, 2010, http://www.phonearena.com/news/Android-users-demographics-id14786/.
3. R. Dhamija and J. D. Tygar. The battle against phishing: Dynamic security skins. In Proceedings of the 2005 symposium on Usable privacy and security, SOUPS '05, pages 77-88, New York, NY, USA, 2005. ACM.
4. R. Dhamija, J. D. Tygar, and M. Hearst. Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems, CHI '06, pages 581-590, New York, NY, USA, 2006. ACM.
5. E. W. Felten, D. Balfanz, D. Dean, and D. S. Wallach. Web spoofing: An internet con game, Technical Report 540-96 (revised Feb. 1997), Department of Computer Science, Princeton University http://www.cs.princeton.edu/sip/pub/ spoofing.pdf.
6. I. Fette, N. Sadeh, and A. Tomasic. Learning to detect phishing emails. In Proceedings of the 16th international conference on World Wide Web, WWW '07, pages 649-656, New York, NY, USA, 2007. ACM.
7. E. Fulcher. Cognitive psychology. 2003, http://www.eamonfulcher.com/ CogPsych/page5.htm.
8. S. Garera, N. Provos, M. Chew, and A. D. Rubin. A framework for detection and measurement of phishing attacks. In Proceedings of the 2007 ACM workshop on Recurring malcode, WORM '07, pages 1-8, New York, NY, USA, 2007. ACM.
9. S. L. Garfinkel and R. C. Miller. Johnny 2: a user test of key continuity management with s/mime and outlook express. In Proceedings of the 2005 symposium on Usable privacy and security, SOUPS '05, pages 13-24, New York, NY, USA, 2005. ACM.
10. I. Goldberg. e-gold stomps on phishing?, http://www. financialcryptography.com/mt/archives/ 000190.html, July, 2004.
11. A. Herzberg. Why Johnny can't surf (safely)? Attacks and defenses for web users. Computers & Security, pages 63-71, 2009.
12. A. Herzberg and A. Gbara. Security and identification indicators for browsers against spoofing and phishing attacks. Cryptology ePrint Archive, Report 2004/155, 2004.
13. G. V. A. Ivan Petrovich Pavlov. Conditioned reflexes : an investigation of the physiological activity of the cerebral cortex. Dover Publications, September 2003.
14. C. Jackson, D. R. Simon, D. S. Tan, and A. Barth. An evaluation of extended validation and picture-in-picture phishing attacks. In Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security, FC'07/USEC'07, pages 281-293, Berlin, Heidelberg, 2007. Springer-Verlag.
15. T. N. Jagatic, N. A. Johnson, M. Jakobsson, and F. Menczer. Social phishing. Commun. ACM, 50(10):94-100, 2007.
16. M. Jakobsson and J. Ratkiewicz. Designing ethical phishing experiments: a study of (ROT13) rOnl query features. In WWW '06: Proceedings of the 15th international conference on World Wide Web, pages 513-522, New York, NY, USA, 2006. ACM.
17. M. Jakobsson, A. Tsow, A. Shah, E. Blevis, and Y.-K. Lim. What instills trust? a qualitative study of phishing. In FC'07/USEC'07: Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security, pages 356-361. Springer-Verlag, 2007.
18. I. Kirlappos and M. A. Sasse. Security education against phishing: A modest proposal for a major re-think. IEEE Security and Privacy, 99(PrePrints), 2011.
19. P. Kumaraguru, Y. Rhee, S. Sheng, S. Hasan, A. Acquisti, L. F. Cranor, and J. Hong. Getting users to pay attention to anti-phishing education: evaluation of retention and transfer. In Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit, eCrime '07, pages 70-81, New York, NY, USA, 2007. ACM.
20. J. M. McCune, A. Perrig, and M. K. Reiter. Seeing is believing; using camera phones for human verifiable authentication. Int. J. Secur. Netw., 4:43-56, February 2009.
21. J. Riegelsberger, M. A. Sasse, and J. D. McCarthy. The mechanics of trust: a framework for research and design. Int. J. Hum.-Comput. Stud., 62:381-422, March 2005.
22. B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell. Stronger password authentication using browser extensions. In Proceedings of the 14th conference on USENIX Security Symposium - Volume 14, pages 2-2, Berkeley, CA, USA, 2005. USENIX Association.
23. S. Srikwan and M. Jakobsson. Using cartoons to teach Internet security. Cryptologia, 32(2):137-154, 2008.
24. F. Stajano and P. Wilson. Understanding scam victims: seven principles for systems security. Commun. ACM, 54:70-75, Mar. 2011.
25. R. Wash. Folk models of home computer security. In Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS '10, pages 11:1-11:16, New York, NY, USA, 2010. ACM.
26. T. Whalen and K. M. Inkpen. Gathering evidence: use of visual security cues in web browsers. In Proceedings of Graphics Interface 2005, GI '05, pages 137-144, School of Computer Science, University of Waterloo, Waterloo, Ontario, Canada, 2005. Canadian Human-Computer Communications Society.
27. L. Woolston. Mobclix index: Android marketplace, November 17, 2010, http://blog.mobclix.com/2010/11/17/mobclix-index-android-marketplace/.
28. M. Wu, R. C. Miller, and S. L. Garfinkel. Do security toolbars actually prevent phishing attacks? In Proceedings of the SIGCHI conference on Human Factors in computing systems, CHI '06, pages 601-610, New York, NY, USA, 2006. ACM.
29. M. Wu, R. C. Miller, and G. Little. Web wallet: preventing phishing attacks by revealing user intentions. In Proceedings of the second symposium on Usable privacy and security, SOUPS '06, pages 102-113, New York, NY, USA, 2006. ACM.