This paper presents a project which was conducted in a capstone course in Information Security. The project focused on conducting research concerning the various aspects of phishing, such as why phishing works and who is more likely to be deceived by phishing. Students were guided through the process of conducting research: finding background and related work on the topic, determining the hypot...

The problem of phishing has attracted considerable attention recently, and a number of solutions and enhanced security measures have been proposed. We perform a detailed analysis of several antiphishing schemes, and attacks and improvements. While several antiphishing technologies address commonly observed phishing tactics, the space evolves rapidly, and a good prevention technique should be ro...

Phishing attacks are one of the trending cyber-attacks that apply socially engineered messages that are communicated to people from professional hackers aiming at fooling users to reveal their sensitive information, the most popular communication channel to those messages is through users’ emails. This paper presents an intelligent classification model for detecting phishing emails using knowle...

Due to the limitations of anti-phishing software and limitations in creating such software, we propose the usage of metamodelling frameworks and software tools for implementing software systems where phishing prevention is already designed as a part of the system itself. An expressive computational, verifiable and validatable metamodel is created that captures user behaviour. Next it is shown t...

Phishing scheme is a new emerged security issue of E-Commerce Crime in globalization. In this paper, the legal scaffold of Malaysia, United States and United Kingdom are analyzed and followed by discussion on critical issues that rose due to phishing activities. The result revealed that inadequacy of current legal framework is the main challenge to govern this epidemic. However, lack of awarene...

Phishing takes advantage of the way humans interact with computers or interpret messages. A security ceremony is one way of extending the reach of current methods for social, technical and contextual analysis of security protocols to include humans. It is an extension of the concept of network security protocol and includes user interface and human-protocol interaction. We propose a model with ...

In this paper, we introduce a prior-based transfer learning method for our statistical machine learning classifier which based on the logistic regression to detect the phishing sites that relies on our selected features of the URLs. Because of the mismatched distributions of the features in different phishing domains, we employ multiple models for different regions. Since it is impossible for u...

To implement a phishing scam, attackers must create a fake website and send spam to attract visitors. To date, empirical research into phishing’s impact has studied either the spam being sent or the website lifetimes. In this paper, we examine both phishing websites and the associated spam to gauge the overall effectiveness of phishing attack and defense. We find that while the bulk of spam is ...

One significant trend in online user authentication is using Web Single Sign-On (SSO) systems. Especially, open Web SSO standards such as OpenID and OAuth are rapidly gaining adoption on the Web, and they enable over one billion user accounts. However, the largescale threat from phishing attacks to real-worldWeb SSO systems has been significantly underestimated and insufficiently analyzed. In t...

This paper presents the results of a study performed over phishing threats and vulnerabilities present in nowadays authentication environments. The main goal of this paper is to present our solution, the anti-phishing model which can be applied to any web environment, and not just to e-banking or the financial sector, without limitations nor additional requirements. We start presenting a brief ...