PHISHING |
| Don’t be a phish: Steps in User Education: Phishing is the process of sending deceptive e-mails posing to be from Government, Banks etc. in order to obtain confidential personal information. Phishing has risen to alarming levels in the recent past and the phishing attacks have evolved in their complexity. Social context information has become an externally important tool in the hands of Phishers. They send personalized e-mails by using the information provided in the social networking sites. Phishers have identified the vulnerability of the users and have come up with new attacks to convince the users to compromise their personal information. In such a scenario, it becomes extremely important for the users to be educated and equipped to recognize such attacks. Hence, this paper emphasizes and explains the use of phishing IQ tests with class discussions to educate users. Education includes introducing the user to both authentic and deceptive e-mails and make them identify the legitimate mails. This technique was introduced as a part of the curriculum in Introduction of Computing Courses. Statistics showed that by taking this course users became more equipped to identify phishing attacks thereby reducing the risk of user vulnerability. Author : Stefan A. Robila , James W. Ragucci Reference: ACM, 2006.
Social Phishing: It has been observed that Context aware phishing causes greater harm than impersonal spam because of the intimacy and techniques of social engineering involved. This came to be known as Social phishing in the recent past. The following paper talks about a controlled phishing attack experiment performed in Indiana University, Bloomington. A deceptive e-mail was sent to the students of Indiana University to compromise their university credentials. Targets were selected based on the amount of quality of publicly available information disclosed about themselves in social networking sites. The success rates of this attack are explained in detail. Author : Tom Jagatic, Nathanierl Johnson, Markus Jakobsson, and Filippo Menczer Reference: ACM, December 2005.
Protecting Users against Phishing Attacks: The number of sites which mock the official websites has increased in the recent past where the user could be fooled to enter confidential information. This could be reduced to a great extent if there is some application in the browser which could generate warnings for the user whenever sensitive information is typed into a form on a web site that is considered a phishing site. Antiphish is a solution offered by this paper which has been incorporated into the Firefox browser as an add-on to protect users against phishing attacks. The paper explains in detail how Antiphish can be used to protect user information online. Author : Engin Kirda and Christopher Kruegel Reference: The Computer Journal, 2005.
New instant phishing pop-up kits on the rampage: The paper introduces a new threat discovered recently of a phishing pop-up kit which can create a whole phishing website by using a single line of code which has to be just double clicked to install. The paper explains the convenience of online attackers in using such an ingenious way of attacking servers. Author : Sarah Hilley Reference: The Computer Journal Vol 49 No. 5, 2006
|