Phishing Secrets: History, Effects, Countermeasures
نویسندگان
چکیده
This paper presents the results of a study performed over phishing threats and vulnerabilities present in nowadays authentication environments. The main goal of this paper is to present our solution, the anti-phishing model which can be applied to any web environment, and not just to e-banking or the financial sector, without limitations nor additional requirements. We start presenting a brief history of phishing, common solutions, some statistics about phishing attempts, social impact and monetary losses and our patented anti-phishing model. Following is an explanation about how different vulnerabilities have been addressed such as Man-In-The-Middle attacks, phishing, pharming, SQL injection, social engineering, format string attacks, buffer overflow, brute force and many other vulnerabilities. The proposed method has been the basis of a PhD thesis aimed at defining a model for secure operation of an Internet Banking environment, even in the presence of malware on the client side. The authentication model is based on a mutual multi-factor authentication process where both entities must be authenticated with more than one authentication factor. The proposed model has been designed to be easily applicable with minimum impact to the current Internet banking systems. Its goal is to be resistant to the nowadays too frequent phishing and pharming attacks, and also to more classical ones like social engineering or man-in-the-middle attacks. The key point of this model is the need for multi-factor mutual authentication, instead of simply basing the security on the digital certificate of the financial entity, since in many cases users are not able to discern the validity of a certificate, and may not even pay attention to it. Thanks to the rules defined in this proposal, the security level of the Web Banking environment will increase and customers’ trust will be enhanced, thus allowing a more beneficial use of this service. The proposed model has been simulated in order to demonstrate its effectiveness and feasibility.
منابع مشابه
Phishing Secrets: History, Effects, and Countermeasures
This paper presents the results of a study performed over phishing threats and vulnerabilities present in nowadays authentication environments. The main goal of this paper is to present our solution, the anti-phishing model which can be applied to any web environment, and not just to e-banking or the financial sector, without limitations nor additional requirements. We start presenting a brief ...
متن کاملPhishing counter measures and their effectiveness - literature review
Purpose – Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publ...
متن کاملAnalysis of Phishing Attacks and Countermeasures
One of the biggest problems with the Internet technology is the unwanted spam emails. The welldisguised phishing email comes in as part of the spam and makes its entry into one’s inbox quite frequently nowadays. While phishing is normally considered a consumer issue, the fraudulent tactics the phishers use are now intimidating the corporate sector as well. In this paper, we analyze the various ...
متن کاملChapter 3 Improving Phishing Countermeasures
As the battle against phishing continues, many questions remain about where stakeholders should place their efforts to achieve effective prevention, speedy detection, and fast action. Do stakeholders have sufficient incentives to act? What should be the top priorities for the anti-phishing community? To provide insights into these questions we conducted 31 in-depth interviews with anti-phishing...
متن کاملSubmitted in partial fulfillment of the requirements for
Phishing is a kind of attack in which criminals use spoofed emails and fraudulent web sites to trick people into giving up personal information. This thesis looks at the phishing problem holistically by examining various stakeholders and their countermeasures, and by surveying experts’ opinions about the current and future threats and the kinds of countermeasures that should be put in place. It...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- I. J. Network Security
دوره 11 شماره
صفحات -
تاریخ انتشار 2010