Phishing is an important security issue to the Internet, which has a significant economic impact. The main solution to counteract this threat is currently reactive blacklisting; however, as phishing attacks are mainly performed over short periods of time, reactive methods are too slow. As a result, new approaches to early identify malicious websites are needed. In this paper a new proactive dis...

This paper analyzes trends seen in phishing attacks throughout 2006 based on real-world data obtained through Symantec’s phishing data collection fabric. We examine both the prevalence and breakdown of phishing web sites as well as the frequency and breakdown of phishing emails. Beyond just the extent of data collected, our study differs from previously published studies in this area in two reg...

Online banking and e-commerce applications have good protection against attacks directed direct towards their computer systems. This, the attacker has considered and instead use " social engineering " attacks, such as phishing to gain access to the information inside [1] [15] [20]. Phishing is a growing problem that many different companies are trying to develop a working protection against. Th...

We anticipate a potential phishing strategy by obfuscation of Web links using Internationalized Resource Identifier (IRI). In the IRI scheme, the glyphs of many characters look very similar while their Unicodes are different. Hence, certain different IRIs may show high similarity. The potential phishing attacks based on this strategy are very likely to happen in the near future with the boostin...

Phishing is a kind of attack in which criminals use spoofed emails and fraudulent web sites to trick people into giving up personal information. Victims perceive these emails as associated with a trusted brand, while in reality they are the work of con artists interested in identity theft [57]. These increasingly sophisticated attacks not only spoof email and web sites, but they can also spoof ...

PhishGuru is an embedded training system that teaches users to avoid falling for phishing attacks by delivering a training message when the user clicks on the URL in a simulated phishing email. In previous lab and real-world experiments, we validated the effectiveness of this approach. Here, we extend our previous work with a 515-participant, real-world study in which we focus on long-term rete...

I. INTRODUCTION Increasing use of Internet banking and shopping by a broad spectrum of users results in greater potential profits from phishing attacks. Phish are fake websites that masquerade as legitimate sites, to trick unsuspecting users into sharing sensitive information: credentials, passwords, financial information, or other personal information that can enable fraud. This threat is espe...

User training is a commonly used method for preventing victimization from phishing attacks. In this study, we focus on training children, since they are active online but often overlooked in interventions. We present an experiment in which children at Dutch primary schools received an antiphishing training. The subjects were subsequently tested for their ability to distinguish phishing from non...

Phishing is a mounting security problem that organisations and users continue to face. Organisations generally apply a single-layer level of defence against information security threats, which includes phishing. This single-layer level of defence is certainly not adequate against modern-day phishing attacks. It is essential for organisations to implement a holistic approach, while considering h...

Phishing has been a major problem for information systems managers and users for several years now. In 2008, it was estimated that phishing resulted in close to $50 billion in damages to U.S. consumers and businesses. Even so, research has yet to explore many of the reasons why Internet users continue to be exploited. The goal of this paper is to better understand the behavioral factors that ma...