Security and identification indicators for browsers against spoofing and phishing attacks

Herzberg, Amir; Jbara, Ahmad

doi:10.1145/1391949.1391950

Cited by 100 publications

(65 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This algorithm was instigated in PHP and radical java. Amir Herzberg, Ahmad Jbara et al [8] pronounced that at this time web users, and in specificadolescentconsumers, are susceptible topoles apartweb spoofing bouts; and away, phishing and spoofingattacks are in datumprogressivelyconjoint. They premeditated, instigated and veteranbrowser and protocol leeway, that will aidperceive web-spoofing and phishing attacks.…”

Section: Literature Analysismentioning

confidence: 99%

An Intellect Learning on E-Mail Security and Fraud, Spam and Phishing

P.S¹,

S²,

Kumar³

2015

IJNSA

View full text Add to dashboard Cite

show abstract

Section: Literature Analysismentioning

confidence: 99%

An Intellect Learning on E-Mail Security and Fraud, Spam and Phishing

P.S¹,

S²,

Kumar³

2015

IJNSA

View full text Add to dashboard Cite

show abstract

“…It is often easier for attackers to exploit human and social weaknesses of the defences than to defeat the technological countermeasures [18]. This is also evident in anti-phishing literature as most research focused on technical solutions such as: developing browser toolbars/plug-ins [23] preventative measures, characteristics and email structure [6], [20], [22], algorithms for detecting, identifying and measuring phishing emails and sites [8], [11], [32] and evaluating the effectiveness of web browser toolbar warnings/indicators [4], [7], [12], [31]. Many employees cannot identify the difference between a genuine and a spoofed website [4], [21].…”

Section: The Need For a Holistic Anti-phishing Frameworkmentioning

confidence: 99%

An Enterprise Anti-phishing Framework

Frauenstein¹,

Solms²

2013

Information Assurance and Security Education and Training

View full text Add to dashboard Cite

Abstract. The objective of this paper is to report back on an organizational framework, which consisted of human, organization and technology (HOT) dimensions in holistically addressing aspects associated with phishing. Most anti-phishing literature studied either focused on technical controls or education in isolation however; education is core to all aspects in the above-mentioned framework. It is evident, from literature, that little work has been conducted on anti-phishing preventative measures in the context of organizations but rather from a personal user-level. In the framework, the emphasis is placed on the human factors in addressing phishing attacks.

show abstract

“…To attempt to improve how trust decisions are made, substantial efforts have been made to better convey statements of security to users [1,3,9,12,20,29] and more generally, to educate users about the need to pay attention to security indicators [19,23]. While we are not against such efforts, we think of them as last resortsapproaches to take in the absence of automated protection mechanisms.…”

Section: Related Workmentioning

confidence: 99%

SpoofKiller: You Can Teach People How to Pay, but Not How to Pay Attention

Jakobsson¹,

Siadati²

2012

2012 Workshop on Socio-Technical Aspects in Security and Trust

View full text Add to dashboard Cite

We describe a novel approach to reduce the impact of spoofing by a subtle change in the login process. At the heart of our contribution is the understanding that current anti-spoof technologies fail largely as a result of the difficulties to communicate security and risk to typical users. Accordingly, our solution is oblivious to whether the user was tricked by a fraudster or not. We achieve that by modifying the user login process, and letting the browser or operating system cause different results of user login requests, based on whether the site is trusted or not. Experimental results indicate that our new approach, which we dub "SpoofKiller", will address approximately 80% of spoofing attempts. Free licenses to the technology are offered by the organization owning it, and serious discussions with a major OS vendor have been initiated, with the goal of protecting payments made from apps running on their platform.

show abstract

Security and identification indicators for browsers against spoofing and phishing attacks

Cited by 100 publications

References 25 publications

An Intellect Learning on E-Mail Security and Fraud, Spam and Phishing

An Intellect Learning on E-Mail Security and Fraud, Spam and Phishing

An Enterprise Anti-phishing Framework

SpoofKiller: You Can Teach People How to Pay, but Not How to Pay Attention

Contact Info

Product

Resources

About