Analysis and Improvement of Anti-Phishing Schemes

نویسندگان

  • Dinei A. F. Florêncio
  • Cormac Herley
چکیده

The problem of phishing has attracted considerable attention recently, and a number of solutions and enhanced security measures have been proposed. We perform a detailed analysis of several antiphishing schemes, and attacks and improvements. While several antiphishing technologies address commonly observed phishing tactics, the space evolves rapidly, and a good prevention technique should be robust to anticipated as well as observed attacks. We present a number of attacks and techniques that might be easily employed by phishers and examine the robustness of a recently proposed password re-use antiphishing system. We compare with other proposed phishing prevention techniques and find that it withstands several attacks that render current anti-phishing approaches obsolete and fares better in a large scale deployment than others.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Improvement Of Email Threats Detection By User Training

With the generalization of mobile communication systems, solicitations of all kinds in the form of messages and emails are received by users with increasing proportion of malicious ones. They are customized to pass anti-spam filters and ask the person to click or to open the joined dangerous attachment. Current filters are very inefficient against spear phishing emails. It is proposed to improv...

متن کامل

Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks

In this paper, we propose a new class of Human Interactive Proofs (HIPs) that allow a human to distinguish one computer from another. Unlike traditional HIPs, where the computer issues a challenge to the user over a network, in this case, the user issues a challenge to the computer. This type of HIP can be used to detect phishing attacks, in which websites are spoofed in order to trick users in...

متن کامل

Prevention Schemes Against Phishing Attacks on Internet Banking Systems

With the rise of Internet banking, phishing has become a major problem in online banking systems. Over time, highly evolved phishing attacks, such as active phishing, have emerged as a serious issue. Thus, we suggest two server authentication schemes based on SSL/TLS to protect Internet banking customers from phishing attacks. The first scheme uses the X.509 client certificate, which includes a...

متن کامل

Anti-Phishing Landing Page: Turning a 404 into a Teachable Moment for End Users

This paper describes the design and implementation of the Anti-Phishing Working Group (APWG) anti-phishing landing page, a web page with a succinct anti-phishing training message designed to be displayed in place of a phishing website that has been taken down. The landing page is currently being used by financial institutions, phish site take-down vendors, government organizations and online me...

متن کامل

Multilayer Approach to Defend Phishing Attacks

Spam messes up users inbox, consumes resources and spread attacks like DDoS, MiM, phishing etc. Phishing is a byproduct of email and causes financial loss to users and loss of reputation to financial institutions. In this paper we examine the characteristics of phishing and technology used by Phishers. In order to counter anti-phishing technology, phishers change their mode of operation; theref...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2006