Phishing is an especially challenging cyber security threat as it does not attack computer systems, but targets the user who works on that system by relying on the vulnerability of their decision-making ability. Phishing attacks can be used to gather sensitive information from victims and can have devastating impact if they are successful in deceiving the user. Several anti-phishing tools have ...

Different from spam and regular phishing attacks, spear phishing attacks target a small group of people, and the attackers usually make elaborate plans before attacking. There is existing work on classifying spear phishing emails where a threshold value is used to balance misclassified normal emails and misclassified malicious emails. However, most existing systems use a uniform threshold for a...

The objective of this paper is to report on research to construct a model, which should provide guidance to an organization on how to address all dimensions associated with phishing and assist in solving the problem holistically. The emphasis will be placed on the human and organizational dimensions. Most research in this area has shown that only certain dimensions used to combat phishing attac...

Notification service is a popular functionality provided by almost all modern smartphone platforms. To facilitate customization for developers, many smartphone platforms support highly customizable notifications, which allow the third party applications to specify the trigger events, the notification views to be displayed, and the allowed user operations on the notification views. In this paper...

This paper presents a proposal for scalable detection and isolation of phishing. The main ideas are to move the protection from end users towards the network provider and to employ the novel bad neighbourhood concept, in order to detect and isolate both phishing e-mail senders and phishing web servers. In addition, we propose to develop a self-management architecture that enables ISPs to protec...

Security exploits can include cyber threats such as computer programs that can disturb the normal behaviour of computer systems (viruses), unsolicited e-mail (spam), malicious software (malware), monitoring software (spyware), attempting to make computer resources unavailable to their intended users (Distributed Denial-of-Service or DDoS attack), the social engineering, and online identity thef...

PhishGuru is an embedded training system that teaches users to avoid falling for phishing attacks by delivering a training message when the user clicks on the URL in a simulated phishing email. In previous lab and real-world experiments, we validated the effectiveness of this approach. Here, we extend our previous work with a 515-participant, real-world study in which we focus on long-term rete...

As the battle against phishing continues, many questions remain about where stakeholders should place their efforts to achieve effective prevention, speedy detection, and fast action. Do stakeholders have sufficient incentives to act? What should be the top priorities for the anti-phishing community? To provide insights into these questions we conducted 31 in-depth interviews with anti-phishing...

We anticipate a potential phishing strategy by obfuscation of Web links using Internationalized Resource Identifier (IRI). In the IRI scheme, the glyphs of many characters look very similar while their Unicodes are different. Hence, certain different IRIs may show high similarity. Therefore, it is quite difficult for normal Web users to distinguish them. The potential phishing attacks based on ...