RESEARCH PAPERS

phishing research papers




The battle against phishing: Dynamic security skins
free download

ABSTRACT Phishing is a model problem for illustrating usability concerns of privacy and security because both system designers and attackers battle using user interfaces to guide (or misguide) users. We propose a new scheme, Dynamic Security Skins, that allows a 

Phishing mongers and posers
free download

Figure 1a is modeled after some live phish we captured on the Net. Let's analyze this in terms of the five criteria listed earlier. First, the email looks legitimate-at least to the extent it betrays nothing suspicious to a typical bank customer (aka target-of-opportunity). The 

Phoolproof phishing prevention
free download

ABSTRACT Phishing, or web spoofing, is a growing problem: the Anti-Phishing Working Group (APWG) received almost 14,000 unique phishing reports in August 2005, a 56% jump over the number of reports in December 2004 [3]. For financial institutions, phishing is a 

Phishing attack victims likely targets for identity theft
free download

Gartner announced the results of a survey showing that an estimated 57 million American adults received e-mail attacks from phishers-hackers or cyberthieves who pretend to be trusted service providers to steal consumer account information. Survey 

An evaluation of extended validation and picture-in-picture phishing attacks
free download

In this usability study of phishing attacks and browser anti-phishing defenses, 27 users each classified 12 web sites as fraudulent or legitimate. By dividing these users into three groups, our controlled study measured both the effect of extended validation certificates that 

On the effectiveness of techniques to detect phishing sites
free download

Phishing is an electronic online identity theft in which the attackers use a combination of social engineering and web site spoofing techniques to trick a user into revealing confidential information. This information is typically used to make an illegal economic 

Anatomy of a phishing email
free download

We are sending this verification notice to provide you with information about how Citibank safeguards your privacy, as well as to comply with US federal privacy guidelines that apply to financial institutions such as Citibank. The full terms of Citibank's privacy policy are 

Trustbar: Protecting (even naive) web users from spoofing and phishing attacks
free download

ABSTRACT In spite of the use of standard web security measures (SSL/TLS), users often fail to detectspoofedweb forms, and enter into them sensitive information such as passwords. Furthermore, users often access the spoofed sites by following a link sent to them in a ( 

Phish and hips: Human interactive proofs to detect phishing attacks
free download

In this paper, we propose a new class of Human Interactive Proofs (HIPs) that allow a human to distinguish one computer from another. Unlike traditional HIPs, where the computer issues a challenge to the user over a network, in this case, the user issues a challenge to 

Phinding phish: An evaluation of anti-phishing toolbars
free download

ABSTRACT There are currently dozens of freely available tools to help combat phishing and other web-based scams. Many of these tools come in the form of web browser extensions that warn users when they are browsing a suspected phishing site. We used verified 

Phishing email detection based on structural properties
free download

ABSTRACT –Phishing attacks pose a serious threat to end-users and commercial institutions alike. Majority of the present day phishing attacks employ e-mail as their primary carrier, in order to allure unsuspecting victims to visit the masqueraded website. While the recent 

An empirical analysis of phishing blacklists
free download

ABSTRACT In this paper, we study the effectiveness of phishing blacklists. We used 191 fresh phish that were less than 30 minutes old to conduct two tests on eight anti-phishing toolbars. We found that 63% of the phishing campaigns in our dataset lasted less than two 

Spamming, phishing, authentication, and privacy
free download

An obvious approach to spam-fighting is some form of sender authentication. If we know who really sent the email, we can deal with it: either accept it, because it's from someone we know, or-if it's spam-we can chase down whomever sent it and take some sort of 

Security and identification indicators for browsers against spoofing and phishing attacks
free download

ABSTRACT In spite of the use of standard web security measures (SSL/TLS), users enter sensitive information such as passwords into scam web sites. Such scam sites cause substantial damages to individuals and corporations. In this work, we analyze these 

What instills trust? a qualitative study of phishing
free download

This paper reports the highlights of a user study which gauges reactions to a variety of common trust indicators–such as logos, third party endorsements, and padlock icons–over a selection of authentic and phishing stimuli. In the course of the think-aloud protocol, 

Large-scale automatic classification of phishing pages
free download

ABSTRACT Phishing websites, fraudulent sites that impersonate a trusted third party to gain access to private data, continue to cost Internet users over a billion dollars each year. In this paper, we describe the design and performance characteristics of a scalable machine 

Technical trends in phishing attacks
free download

1ABSTRACT The convenience of online commerce has been embraced by consumers and criminals alike. Phishing, the act of stealing personal information via the internet for the purpose of committing financial fraud, has become a significant criminal activity on the 


FREE ENGINEERING RESEARCH PAPERS