Chapter 3 Improving Phishing Countermeasures

نویسندگان

  • Alessandro Acquisti
  • Lorrie Cranor
  • Jason Hong
چکیده

As the battle against phishing continues, many questions remain about where stakeholders should place their efforts to achieve effective prevention, speedy detection, and fast action. Do stakeholders have sufficient incentives to act? What should be the top priorities for the anti-phishing community? To provide insights into these questions we conducted 31 in-depth interviews with anti-phishing experts between May 2008 and May 2009. We selected experts from academia, Computer Emergency Response Team (CERT) centers, the Anti-Phishing Working Group (APWG) officers, law enforcement, and key industry stakeholders. We sought their expertise on the current and future state of phishing attacks, countermeasures that should be implemented to fight phishing more effectively , and incentives that various stakeholders have in their fight against phishing. The experts we interviewed agreed that phishing is evolving into a more organized effort. It is becoming part of a larger crime ecosystem , where it is increasingly blended with malware and used as a gateway for other attacks. Some of the experts suggested that incentives for fighting phishing may be misaligned, in the sense that the stakeholders who are in a position to have the 32 largest impact do not have much incentive to devote resources to anti-phishing efforts. In terms of countermeasures, experts identified improving law enforcement and shutting down money trails as top priorities. They also identified operating systems vendors, web application providers, browsers, and Internet service providers as stakeholders with key technology influence on phishing. Finally, experts agreed that education is an important factor that is not emphasized enough; however, they did not agree on the extent of the impact that education may have. We present these findings and a set of recommendations to improve countermeasures. Although previous reports have studied phishing and issued recommendations, to the best of our knowledge this is the first study that synthesizes the opinions of experts from different fields, and examines the incentives of various stakeholders to contribute to anti-phishing efforts. In response to the growing phishing problem, government agencies, industry groups, and consumer groups have conducted studies and issued recommendations [35, 52, 100, 105]. The Financial Services Technology Consortium's report is the first report that analyzed how phishing works by articulating the life cycle of phishing. It also encouraged financial institutions to assess the costs and risks associated with phishing, develop better intelligence on phishers through improved sharing, and invest and adopt in better mutual authentication. However, the report …

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Phishing counter measures and their effectiveness - literature review

Purpose – Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publ...

متن کامل

Analysis of Phishing Attacks and Countermeasures

One of the biggest problems with the Internet technology is the unwanted spam emails. The welldisguised phishing email comes in as part of the spam and makes its entry into one’s inbox quite frequently nowadays. While phishing is normally considered a consumer issue, the fraudulent tactics the phishers use are now intimidating the corporate sector as well. In this paper, we analyze the various ...

متن کامل

Submitted in partial fulfillment of the requirements for

Phishing is a kind of attack in which criminals use spoofed emails and fraudulent web sites to trick people into giving up personal information. This thesis looks at the phishing problem holistically by examining various stakeholders and their countermeasures, and by surveying experts’ opinions about the current and future threats and the kinds of countermeasures that should be put in place. It...

متن کامل

Chapter 6 Phishing Susceptibility Study

Phishing attacks, in which scammers send emails and other messages to con victims into providing their login credentials and personal information, snare millions of victims each year [43]. A variety of efforts aim to combat phishing through law enforcement, automated detection, and end-user education. Researchers have studied why people fall for phishing attacks; however, little research has be...

متن کامل

Website Forgery: Understanding Phishing Attacks & Nontechnical Countermeasures for Ordinary Users Website Forgery: Understanding Phishing Attacks & Nontechnical Countermeasures for Ordinary Users

Website Forgery is a type of web based attack where the phisher builds a website that is completely independent or a replica of a legitimate website, with the goal of deceiving a user by extracting information that could be used to defraud or launch other attacks upon the victim. In this paper we attempt to identify the different types of website forgery phishing attacks and non-technical count...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2009