Abstract
Looking past the systems people use, they target the people using the systems.
- Abu-Nimeh, S., Nappa, D., Wang, X., and Nair, S. A comparison of machine learning techniques for phishing detection. In Proceedings of The Anti-Phishing Working Group's Second Annual eCrime Researchers Summit (Pittsburgh, PA, Oct. 4--5, 2007), 60--69. Google ScholarDigital Library
- Anti-Phishing Working Group. APWG & Carnegie Mellon University's phishing education landing page; http://education.apwg.org/r/en/Google Scholar
- Anti-Phishing Working Group. Phishing Activity Trends Report: Third Quarter Report, Jan. 2010; http://apwg.org/reports/apwg_report_Q3_2009.pdfGoogle Scholar
- Arthur, C. Facebook hit by phishing attack. The Guardian (Apr. 30, 2009); http://www.guardian.co.uk/technology/2009/apr/30/facebook-phishing-scamGoogle Scholar
- Blizzard Entertainment. Battle.net Authenticator FAQ; http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24660Google Scholar
- Cavalli, E. World of Warcraft phishing attempts on the rise. Wired (Apr. 29, 2009); http://www.wired.com/gamelife/2009/04/world-of-warcraft-phishing-attempts-on-the-rise/Google Scholar
- Cova, M., Kruegel, C., and Vigna, G. There is no free phish: An analysis of 'free' and live phishing kits. In Proceedings of the Second USENIX Workshop on Offensive Technologies (San Jose, CA, July 28, 2008). Usenix; http://portal.acm.org/citation.cfm?id=1496706 Google ScholarDigital Library
- Dhamija, R., Tygar, J.D., and Hearst, M.A. Why phishing works. In Proceedings of the CHI Conference on Human Factors in Computing Systems (Quebec, Apr. 24--27). ACM Press, New York, 2006, 581--590; http://portal.acm.org/citation.cfm?id=1124861 Google ScholarDigital Library
- Downs, J.S., Holbrook, M.B., and Cranor, L.F. Decision strategies and susceptibility to phishing. In Proceedings of the SOUPS Symposium on Usable Privacy and Security (Pittsburgh, July 12--14). ACM Press, New York, 2006. Google ScholarDigital Library
- Egelman, S., Cranor, L.F., and Hong, J.I. You've been warned: An empirical study of the effectiveness of Web browser phishing warnings. In Proceedings of the CHI Conference on Human Factors in Computing Systems (Florence, Italy, Apr. 5--10). ACM Press, New York, 2008, 1065--1074. Google ScholarDigital Library
- Fette, I., Sadeh, N., and Tomasic, A. Learning to detect phishing emails. In Proceedings of the 16th International World Wide Web Conference (Banff, Canada, May 8--12, 2007), 649--656. Google ScholarDigital Library
- Garera, S., Provos, N., Chew, M., and Rubin, A.D. A framework for detection and measurement of phishing attacks. In Proceedings of the WORM Workshop on Rapid Malcode (Alexandria, VA, Nov. 2). ACM Press, New York, 2007; http://portal.acm.org/citation.cfm?id=1314391 Google ScholarDigital Library
- Görling, S. An overview of the Sender Policy Framework as an anti-phishing mechanism. Internet Research 17, 2 (2007), 169--179.Google ScholarCross Ref
- Herley, C. and Florencio, D. A Profitless endeavor: Phishing as a tragedy of the commons. In Proceedings of the New Security Paradigms Workshop (Lake Tahoe, CA, Sept. 22--25, 2008). Google ScholarDigital Library
- Herley, C. and Florencio, D. Nobody sells gold for the price of silver: Dishonesty, uncertainty, and the underground economy. In Proceedings of Workshop on the Economics of Information Security (London, June 24--25, 2009).Google Scholar
- Hong, J. Why have there been so many security breaches recently? Blog@CACM (Apr. 27, 2011); http://cacm.acm.org/blogs/blog-cacm/107800-why-have-there-been-so-many-security-breaches-recently/fulltextGoogle Scholar
- Hong, J.I. Statistical analysis of phished email users intercepted by the APWG/CMU phishing education landing page. In Proceedings of the Anti-Phishing Working Group Counter eCrime Operations Summit IV (Sao Paulo, Brazil, May 11--13, 2010); http://www.antiphishing.org/events/2010_opSummit.htmlGoogle Scholar
- Jackson, C., Simon, D.R., Tan, D.S., and Barth, A. An evaluation of extended validation and picture-in-picture phishing attacks. In Proceedings of the 11th International Conference on Financial Cryptography (Trinidad/Tobago, Feb. 12--15, 2007), 281--293. Google ScholarDigital Library
- Jagatic, T.N., Johnson, N.A., Jakobsson, M., and Menczer, F. Social phishing. Commun. ACM 50, 10 (Oct. 2007), 94--100. Google ScholarDigital Library
- Jakobsson, M. and Myers, S. Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft. Wiley-Interscience, 2006. Google ScholarDigital Library
- Keizer, G. California enacts tough anti-phishing law. InformationWeek (Oct. 3, 2005); http://informationweek.com/news/171202672Google Scholar
- Krastev, N. U.S. indicts dozens from Eastern Europe in Internet theft scheme. Radio Free Europe (Oct. 1, 2010); http://www.rferl.org/content/US_Indicts_Dozens_From_Eastern_Europe_In_Internet_Theft_Scheme/2173545.htmlGoogle Scholar
- Kumaraguru, P., Rhee, Y., Sheng, S. et al. Getting users to pay attention to anti-phishing education: Evaluation of retention and transfer. In Proceedings of the Anti-Phishing Working Group's Second Annual eCrime Researchers Summit (Pittsburgh, Oct. 3--5, 2007), 70--81. Google ScholarDigital Library
- Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L.F., and Hong, J.I. Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology 10, 2 (2010), 1--31. Google ScholarDigital Library
- Litan, A. Phishing attack victims likely targets for identity theft. Gartner Group, May 2004.Google Scholar
- Markoff, J. Larger prey are targets of phishing. New York Times (Apr. 16, 2008); http://www.nytimes.com/2008/04/16/technology/16whale.htmlGoogle Scholar
- Moore, T. and Clayton, R. Examining the impact of Website take-down on phishing. In Proceedings of the Anti-Phishing Working Group's Second Annual eCrime Researchers Summit (Pittsburgh, Oct. 3--5, 2007), 1--13. Google ScholarDigital Library
- PhishTank. PhishTank Stats, 2011; http://www.phishtank.com/stats.phpGoogle Scholar
- Schechter, S.E., Dhamija, R., Ozment, A., and Fischer, I. The emperor's new security indicators: An evaluation of Website authentication and the effect of role playing on usability studies. In Proceedings of the IEEE Symposium on Security and Privacy (Washington, D.C., 2007), 51--65. Google ScholarDigital Library
- Sheng, S., Holbrook, M.B., Kumaraguru, P., Cranor, L.F., and Downs, J.S. Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the CHI Conference on Human Factors in Computing Systems (Atlanta, Apr. 10--15). ACM Press, New York, 2010, 373--382. Google ScholarDigital Library
- Sheng, S., Kumaraguru, P., Acquisti, A., Cranor, L.F., and Hong, J.I. Improving phishing countermeasures: An analysis of expert interviews. In Proceedings of the Fourth Anti-Phishing Working Group eCrime Researchers Summit (Tacoma, WA, Oct. 20--21, 2009).Google ScholarCross Ref
- Sheng, S., Magnien, B., Kumaraguru, P. et al. Anti-Phishing Phil: The design and evaluation of a game that teaches people not to fall for phish. In Proceedings of the Third Symposium on Usable Privacy and Security (Pittsburgh, July 18--20). ACM Press, New York, 2007, 88--99. Google ScholarDigital Library
- Sheng, S., Wardman, B., Warner, G., Cranor, L.F., Hong, J.I., and Zhang, C. An empirical analysis of phishing blacklists. In Proceedings of the Sixth Conference on Email and Anti-Spam (Mountain View, CA, July 16--17, 2009).Google Scholar
- Stajano, F. and Wilson, P. Understanding scam victims: Seven principles for systems security. Commun. ACM 54, 3 (Mar. 2011), 70--75. Google ScholarDigital Library
- Verisign. Fraud Alert: Phishing: The Latest Tactics and Potential Business Impact. White Paper, 2009; http://www.verisign.com/static/phishing-tactics.pdfGoogle Scholar
- Wu, M., Miller, R.C., and Garfinkel, S. Do security toolbars actually prevent phishing attacks? In Proceedings of the CHI Conference on Human Factors in Computing Systems (Montréal, Apr. 24--27). ACM Press, New York, 2006, 601--610. Google ScholarDigital Library
- Xiang, G. and Hong, J.I. A hybrid phish detection approach by identity discovery and keywords retrieval. In Proceedings of the International World Wide Web Conference (Madrid, Apr. 20--24, 2009), 571--580. Google ScholarDigital Library
- Xiang, G., Rose, C., Hong, J.I., and Pendleton, B. A hierarchical adaptive probabilistic approach for zero-hour phish detection. In Proceedings of the ESORICS 15th European Symposium on Research in Computer Security (Athens, 2010), 571--589. Google ScholarDigital Library
- Zhang, Y., Hong, J.I., and Cranor, L.F. Cantina: A content-based approach to detecting phishing Web sites. In Proceedings of the 16th International World Wide Web Conference (Banff, Canada, May 8--12, 2007), 639--648. Google ScholarDigital Library
Index Terms
- The state of phishing attacks
Recommendations
Phishing Attacks: Phishing in depth
If an email that we receive appears actually to have been sent by our bank, we are less likely to question its authenticity, says Dario Forte, but we may still be the target of a phishing attack, whose objective is to trick us into revealing sensitive ...
Fighting against phishing attacks: state of the art and future challenges
In the last few years, phishing scams have rapidly grown posing huge threat to global Internet security. Today, phishing attack is one of the most common and serious threats over Internet where cyber attackers try to steal user's personal or financial ...
Mitigating Phishing Attacks: An Overview
ACM SE '19: Proceedings of the 2019 ACM Southeast ConferenceSocial engineering is the process of getting a person to provide a service or complete a task that may give away private or confidential information. Phishing is the most common type of social engineering. In phishing, an attacker poses as a trustworthy ...
Comments