In this paper, we explain that by only applying a simple filtering algorithm into various proxy systems, almost all phishing attacks can be blocked without loss of convenience to the user. We propose a system based on a simple filtering algorithm which we call the Sanitizing Proxy System (SPS). The key idea of SPS is that Web phishing attack can be immunized by removing part of the content that...

One of the broadly used internet attacks to deceive customers financially in banks and agencies is unknown “zero-day” phishing Emails “zero-day” phishing Emails is a new phishing email that it has not been trained on old dataset, not included in black list. Accordingly, the current paper seeks to Detection and Prediction of unknown “zero-day” phishing Emails by provide a new framework called Ph...

Phishing is an instance of social engineering techniques used to deceive users into giving their sensitive information using an illegitimate website that looks and feels exactly like the target organization website. Most phishing detection approaches utilizes Uniform Resource Locator (URL) blacklists or phishing website features combined with machine learning techniques to combat phishing. Desp...

Phishing attackers masquerade as genuine senders and try to steal consumers' personal identity data and financial account credentials. In spite of aggressive efforts, technology companies have had limited success in restricting phishing attacks. Unfortunately the nature of phishing attacks changed over time from passive, such as password guessing and eavesdropping to active attacks, such as emp...

Phishing takes advantage of the way humans interact with computers or interpret messages. A security ceremony is one way of extending the reach of current methods for social, technical and contextual analysis of security protocols to include humans. It is an extension of the concept of network security protocol and includes user interface and human-protocol interaction. We propose a model with ...

To implement a phishing scam, attackers must create a fake website and send spam to attract visitors. To date, empirical research into phishing’s impact has studied either the spam being sent or the website lifetimes. In this paper, we examine both phishing websites and the associated spam to gauge the overall effectiveness of phishing attack and defense. We find that while the bulk of spam is ...

Phishing is increasing dramatically with the development of modern technologies and the global worldwide computer networks. This results in the loss of customer’s confidence in e-commerce and online banking, financial damages, and identity theft. Phishing is fraudulent effort aims to acquire sensitive information from users such as credit card credentials, and social security number. In this ar...

Phishing scams pose a serious threat to end-users and commercial institutions alike. E-mail continues to be the favorite vehicle to perpetrate such scams, mainly due to its widespread use combined with the ability to easily spoof them. Several approaches, both generic and specialized, have been proposed to address this growing problem. However, phishing techniques, growing in ingenuity as well ...

Phishing emails usually contain a message from a credible looking source requesting a user to click a link to a website where user is asked to enter a password or other confidential information. Most phishing emails aim at withdrawing money from financial institutions or getting access to private information. Phishing has increased enormously over the last years and is a serious threat to globa...

We investigate the degree to which privacy preserving technologies (PPT) are able to protect an organization against a variety of attacks aimed at undermining their privacy. We studied a PPT at a United States based organization and executed multiple attacks associated with network monitoring, phishing, and online social networks (OSNs). To begin, we received written authorization to conduct th...