One of the most common and costly forms of deception and fraud online is phishing. Due to the ramifications of successful phishing attacks, security experts and researchers seek to better understand this phenomenon. Prior phishing research has addressed the “bait” and “hook” components of phishing attacks, the human-computer interaction that takes place as users judge the veracity of phishing e...

Phishing websites attempt to deceive people to expose their passwords, user IDs and other sensitive information by mimicking legitimate websites such as banks, product vendors, and service providers. Phishing websites are a pervasive and ongoing problem. Examining and analyzing a phishing website is a good first step in an investigation. Examining and analyzing phishing websites can be a manual...

We argue that phishing IQ tests fail to measure susceptibility to phishing attacks. We conducted a study where 40 subjects were asked to answer a selection of questions from existing phishing IQ tests in which we varied the portion (from 25% to 100%) of the questions that corresponded to phishing emails. We did not find any correlation between the actual number of phishing emails and the number...

Phishing is a widespread and effective computer-mediated social attack. Phishers have proven highly adaptable in terms of exploiting new communications channels – witness ‘vishing’ and ‘SMiShing’ – and are becoming increasingly sophisticated. At the same time, research has shown that current anti-phishing measures are less than adequate. One concern in terms of malicious software is targeted at...

There is no agreed upon definition for Phishing. Although, the medium of attack may vary, the goal is to steal confidential information from an individual. Classical Phishing attacks via mass mailing have a low return of investment rate. Generally, one mass mailing of 100,000 emails may collect between 10 to 100 victims. On the contrary, Phishing scams targeted to a specific group of people in ...

Phishing, or web spoofing, is a growing problem: the Anti-Phishing Working Group (APWG) received almost 14,000 unique phishing reports in August 2005, a 56% jump over the number of reports in December 2004 [3]. $150,000 [17]. For financial institutions, phishing is a particularly insidious problem, since trust forms the foundation for customer relationships, and phishing attacks undermine confi...

There are currently dozens of freely available tools to combat phishing and other web-based scams, many of which are web browser extensions that warn users when they are browsing a suspected phishing site. We developed an automated test bed for testing antiphishing tools. We used 200 verified phishing URLs from two sources and 516 legitimate URLs to test the effectiveness of 10 popular anti-phi...

Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical...

Article history: Received 4 August 2007 Received in revised form 24 January 2008 Accepted 5 March 2008 Available online 13 March 2008 Phishing has enormous impacts on the financial industry. This research aims to investigate antiphishing preparedness of banks in Hong Kong. Web sites of registered Hong Kong banks are analyzed. Information related to phishing and anti-phishing measures adopted by...

Spam messes up users inbox, consumes resources and spread attacks like DDoS, MiM, phishing etc. Phishing is a byproduct of email and causes financial loss to users and loss of reputation to financial institutions. In this paper we examine the characteristics of phishing and technology used by Phishers. In order to counter anti-phishing technology, phishers change their mode of operation; theref...