Phishing is a mounting security problem that organisations and users continue to face. Organisations generally apply a single-layer level of defence against information security threats, which includes phishing. This single-layer level of defence is certainly not adequate against modern-day phishing attacks. It is essential for organisations to implement a holistic approach, while considering h...

In the last few years, phishing attacks have been increasing eventually. As internet is developing, security for it becoming a challenging task. Cyber-attacks and threats are rapidly. These days many fake websites created to deceive victims by collecting their login credentials, bank details, etc. Many anti-phishing products launched into market use blacklists, heuristics, visual machine learni...

Mostly, security professionals can spot a phish a mile off. If they do err, it’s usually on the side of caution, for instance when real organizations fail to observe best practice and generate phish-like marketing messages. Many sites are now addressing the problem with phishing quizzes, intended to teach the everyday user to distinguish phish from phowl (sorry). Academic papers on why people f...

Phishing is described as the art of emulating a website of a creditable firm intending to grab user’s private information such as usernames, passwords and social security number. Phishing websites comprise a variety of cues within its content-parts as well as browser-based security indicators. Several solutions have been proposed to tackle phishing. Nevertheless, there is no single magic bullet...

Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. Phishing education needs to be considered as a means to combat this threat. This paper reports on a design and development of a mobile game prototype as an educational tool helping computer users to protect themselves against phishing attacks. The...

Phishing exhibits characteristics of asymmetric conflict and guerrilla warfare. Phishing sites, upon detection, are subject to removal by takedown specialists. In response, phishers create large numbers of new phishing attacks to evade detection and stretch the resources of the defenders. We propose the Colonel Blotto Phishing (CBP) game, a twostage Colonel Blotto game with endogenous dimension...

Phishing uses both social engineering and technical means to carry out attacks. Therefore, human factors incorrect human trust decisions play an important role in phishing. Many online authentication techniques place a disproportional burden on human abilities. Assumptions made about human-protocol behaviour are often flawed. In our approach we use the concept of a ceremony to analyse and impro...

PhishGuru is an embedded training system that teaches users to avoid falling for phishing attacks by delivering a training message when the user clicks on the URL in a simulated phishing email. In previous lab and real-world experiments, we validated the effectiveness of this approach. Here, we extend our previous work with a 515-participant, real-world study in which we focus on long-term rete...

Phishing attacks rise in quantity and quality. With short online lifetimes of those attacks, classical blacklist based approaches are not su cient to protect online users. While attackers manage to achieve high similarity between original and fraudulent websites, this fact can also be used for attack detection. In many cases attackers try to make the Internet address (URL) from a website look s...

Phishing attacks exploit users’ inability to distinguish legitimate websites from fake ones. Strategies for combating phishing include the prevention and detection of phishing scams, tools to help users identify phishing websites, and training users not to fall for phish. While a great deal of effort has been devoted to the first two approaches, less research has been done in the area of traini...