A phishing attack is a criminal activity which mimics a certain legitimate webpage using a fake webpage with an intention of luring end-users to visit the fake website thereby stealing their personal information such as usernames, passwords and other personal details such as credit card information. Phishing has seen an alarming trend of increase in both the volume and the sophistication of phi...

Recent studies have shown that phishers are using phishing kits to deploy attacks faster, easier and more massive. Detecting in deployed websites might help detect campaigns earlier. To the best of our knowledge, there no datasets providing a set used were attacked by phishing. In this work, we propose PhiKitA, novel dataset contains also generated these kits. We applied MD5 hashes, fingerprint...

This study examines resolution skills in phishing email detection, defined as the abilities of individuals to discern correct judgments from incorrect judgments in probabilistic decisionmaking. An illustration of the resolution skills is provided. A number of antecedents to resolution skills in phishing email detection, including familiarity with the sender, familiarity with the email, online t...

Phishing websites attempt to convince people to deliver their passwords, user IDs and other sensitive information by imitating legitimate websites such as banks, product vendors, or service providers. Using a phishing kit (compressed file) is a preferred way of creating phishing websites as it allows fast deployment of a phishing site. A kit may contain one or more images that are similar to th...

In India many people are now dependent on online banking. This raises security concerns as the banking websites are forged and fraud can be committed by identity theft. These forged websites are called as Phishing websites and created by malicious people to mimic web pages of real websites and it attempts to defraud people of their personal information. Detecting and identifying phishing websit...

This paper describes a novel approach to profiling phishing emails based on the combination of multiple independent clusterings of the email documents. Each clustering is motivated by a natural representation of the emails. A data set of 2048 phishing emails provided by a major Australian financial institution was pre-processed to extract features describing the textual content, hyperlinks and ...

We have conducted a user study to assess whether improved browser security indicators and increased awareness of phishing have led to users’ improved ability to protect themselves against such attacks. Participants were shown a series of websites and asked to identify the phishing websites. We use eye tracking to obtain objective quantitative data on which visual cues draw users’ attention as t...

The World Wide Web provides every internet citizen with voluminous and heterogeneous data. Therefore, it becomes an essential to mine this available data to make it presentable, useful, and pertinent to a particular problem. Web mining deals with the extraction of these interesting patterns and developing useful abstracts from diversified sources. To improve the security of Web services one wou...

Embedded phishing exercises, which send test phishing emails, are utilized by organizations to reduce the susceptibility of its employees to this type of attack. Research studies seeking to evaluate the effectiveness of these exercises have generally been limited by small sample sizes. These studies have not been able to measure possible factors that might bias results. As a result, companies h...