Phishing exhibits characteristics of asymmetric conflict and guerrilla warfare. Phishing sites, upon detection, are subject to removal by takedown specialists. In response, phishers create large numbers of new phishing attacks to evade detection and stretch the resources of the defenders. We propose the Colonel Blotto Phishing (CBP) game, a twostage Colonel Blotto game with endogenous dimension...

Phishing is an online identity theft, which aims to steal sensitive information such as username, password and online banking details from victims. To prevent this, phishing education needs to be considered. Game based education is becoming more and more popular. This paper introduces a mobile game prototype for the android platform based on a story, which simplifies and exaggerates real life. ...

Phishing is a malicious form of Internet fraud with the aim to steal valuable information such as credit cards, social security numbers, and account information. This is accomplished primarily by crafting a faux online presence to masquerade as a legitimate institution and soliciting information from unsuspecting customers. Phishing attacks involving websites are among the most commonplace and ...

Phishing is a current social engineering attack that results in online identity theft. Phishing Web pages generally use similar page layouts, styles (font families, sizes, and so on), key regions, and blocks to mimic genuine pages in an effort to convince Internet users to divulge personal information, such as bank account numbers and passwords. A novel technique to visually compare an assumed ...

Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. Phishing scams have been receiving extensive press coverage because such attacks have been escalating in number and sophistication. According to a study by Gartner, 57 million US Internet users have identified the receipt of email linked t...

In this paper we present BayeShield, a novel anti-phishing tool that uses a conversational approach to partner with users in determining whether a website is phishing when the website is suspicious but not blacklisted. We describe the iterative user-centered development of BayeShield's user interface, discussing its evolution and the design principles we followed. In an empirical evaluation, Ba...

Phishing is a form of online fraud that aims to steal a user’s sensitive information such as online banking passwords or credit card numbers. In this paper, we present a technique to quickly detect suspected email using Neural Network Pruning approach. The goal is to determine whether the email is suspected or legitimate. A Multilayer feedforward neural network with Pruning Strategy is used for...

Every day, internet thieves employ new ways to obtain personal identity people and get access to their personal information. Phishing is a somehow complex method that has recently been considered by internet thieves. First, the present study aims to explain phishing, and why an organization should deal with it and its challenges of providing. In addition, different kinds of this attack and clas...

Hands-on laboratory exercises are a very important component of computer security and information assurance education. This paper reports the laboratory exercises we designed to demonstrate two ways of conducting phishing attack: 1) Embedding a hyperlink in a fake email which redirects the victim to a fake website; 2) Using ARP cache poisoning to redirect web access to a fake website. The two w...

Phishing is a form of online identity theft associated with both social engineering and technical subterfuge. As such, it has become a major threat to information security and personal privacy. According to Gartner Inc., in 2007, more than $3.2 billion was lost due to phishing attacks in the US, and 3.6 million people lost money in such attacks. In this article, we present an effective image-ba...