Socio-technological phishing prevention

Phishing is deceptive collection of personal information leading to embezzlement, identity theft, and so on. Preventive and combative measures have been taken by banking institutions, software vendors, and network authorities to fight phishing. At the forefront of this resilience are consortiums such as APWG (Anti-Phishing Working Group) and PhishTank, the latter being a collaborative platform where everyone can submit potentially phishing web-pages and classify web-pages as either phish or genuine. PhishTank also has an API that the browsers use to notify users when she tries to load a phishing page. There are some organizations and individuals who are very active and highly accurate in classifying web-pages on PhishTank. In this paper, we propose a defense model that uses these experts to fight phishing. Categories and subject descriptors: Identity theft

[1]  Paul A. Watters,et al.  Why do users trust the wrong messages? A behavioural model of phishing , 2009, 2009 eCrime Researchers Summit.

[2]  Markus Jakobsson,et al.  Phishing IQ Tests Measure Fear, Not Ability , 2007, Financial Cryptography.

[3]  Mohamed G. Gouda,et al.  Pharewell to Phishing , 2008, SSS.

[4]  Duminda Wijesekera,et al.  An Intrusion Detection System for Detecting Phishing Attacks , 2007, Secure Data Management.

[5]  Rolf Oppliger,et al.  Effective Protection Against Phishing and Web Spoofing , 2005, Communications and Multimedia Security.

[6]  J. Doug Tygar,et al.  The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.

[7]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[8]  Richard Clayton,et al.  Insecure Real-World Authentication Protocols (or Why Phishing Is So Profitable) , 2005, Security Protocols Workshop.

[9]  Steven J. Murdoch,et al.  Verified by Visa and MasterCard SecureCode: Or, How Not to Design Authentication , 2010, Financial Cryptography.

[10]  Christopher Soghoian Legal risks for phishing researchers , 2008 .

[11]  Shinta Nakayama,et al.  Preventing False Positives in Content-Based Phishing Detection , 2009, 2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.