Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 30184
Efficacy of Anti-phishing Measures and Strategies - A Research Analysis

Authors: Gundeep Singh Bindra

Abstract:

Statistics indicate that more than 1000 phishing attacks are launched every month. With 57 million people hit by the fraud so far in America alone, how do we combat phishing?This publication aims to discuss strategies in the war against Phishing. This study is an examination of the analysis and critique found in the ways adopted at various levels to counter the crescendo of phishing attacks and new techniques being adopted for the same. An analysis of the measures taken up by the varied popular Mail servers and popular browsers is done under this study. This work intends to increase the understanding and awareness of the internet user across the globe and even discusses plausible countermeasures at the users as well as the developers end. This conceptual paper will contribute to future research on similar topics.

Keywords: Anti-phishing, countermeasures, effectiveness, fake pages, security analysis.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1061330

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2349

References:


[1] Wikipedia "The Free Encyclopedia". http://en.wikipedia.org/wiki/Phishing. Accessed: April 25, 2010
[2] Anti Phishing Working Group "Global Phishing Survey: Trends and Domain Name Use in 2H2009" page. 4-5, Spring Edition, May 2010. http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_2H 2009.pdf. Accessed: June 9, 2010
[3] Anti Phishing Working Group "Phishing Activity Trends Report, 4th Quarter 2009" page. 4, October - December 2009. http://www.antiphishing.org/reports/apwg_report_Q4_2009.pdf. Accessed: June 9, 2010
[4] Personalized Sign-In Seal - Yahoo Inc. https://protect.login.yahoo.com. Accessed: May 2, 2010
[5] How do I create a sign-in seal? - Yahoo Inc. http://help.yahoo.com/l/us/yahoo/edit/privacy/edit-41.html. Accessed: June 5, 2010
[6] Sign in to Yahoo! - Yahoo Mail Homepage. https://login.yahoo.com/config/login_verify2?&.src=ym. Accessed: May 15, 2010
[7] Naveen Agarwal, Scott Renfro, Arturo Bejar - Yahoo Inc "Yahoo!'s sign-in seal and current anti-phishing solutions" page 3, Published : May 24, Oakland, California, W2SP 2007: Web 2.0 Security and Privacy 2007., in press. http://w2spconf.com/2007/papers/paper-190- z_1282.pdf. Accessed: May 22, 2010
[8] DomainKeys help detect forged email - Yahoo Inc. http://help.yahoo.com/l/us/yahoo/mail/classic/context/context-07.html. Accessed: June 13, 2010
[9] CertifiedEmail, managed by Goodmail Systems - Yahoo Inc. http://antispam.yahoo.com/certifiedemail. Accessed: June 3, 2010
[10] Google Upgrades Gmail - PC World. http://www.pcworld.com/article/118567/google_upgrades_gmail.html. Accessed: July 7, 2010
[11] Gmail preventing Phishing ! - Blog by Arjun Prabhu. http://www.arjunprabhu.com/blog/archives/2005/03/03/gmailpreventing- phishing. Accessed: July 9, 2010
[12] Spice up your inbox with colors and themes, Posted by Annie Chen, Gmail engineer - The Official Gmail Blog. http://gmailblog.blogspot.com/2008/11/spice-up-your-inbox-withcolors- and.html. Accessed: May 12, 2010
[13] The super-trustworthy, anti-phishing key, Posted by Brad Taylor, Gmail Spam Czar - The Official Gmail Blog. http://gmailblog.blogspot.com/2009/07/new-in-labs-super-trustworthyanti. html. Accessed: May 17, 2010
[14] Choosing a smart password, Posted by Michael Santerre, Consumer Operations Associate - The Official Gmail Blog. http://gmailblog.blogspot.com/2009/10/choosing-smart-password.html. Accessed: June 13, 2010
[15] Microsoft Adds New Spam Filtering Technology Across E-Mail Platforms - Microsoft News Center. http://www.microsoft.com/presspass/features/2003/nov03/11- 17spamfilter.mspx. Accessed: June 22, 2010
[16] Fighting Junk E-Mail : Hotmail Filters - Windows Live. http://mail.live.com/mail/junkemail.aspx. Accessed: June 19, 2010
[17] Don't Let Your Company Get Hooked by Phishing - Microsoft Corporation. http://www.microsoft.com/mscorp/safety/technologies/antiphishing/guid ance.mspx. Accessed: June 15, 2010
[18] Sender ID Framework - Microsoft Corporation. http://www.microsoft.com/mscorp/safety/technologies/senderid/default. mspx. Accessed: June 18, 2010
[19] Homepage - Rediff.com. http://www.rediffmail.com. Accessed: July 16, 2010
[20] Microsoft Phishing Filter at a Glance - Microsoft Corporation. http://www.microsoft.com/mscorp/safety/technologies/antiphishing/at_g lance.mspx. Accessed: July 12, 2010
[21] Anti-phishing White Paper - Microsoft Corporation. http://www.microsoft.com/downloads/details.aspx?FamilyId=B4022C66 -99BC-4A30-9ECC-8BDEFCF0501D&displaylang=en. Accessed: July 17, 2010
[22] Microsoft's Approach to Anti-Phishing - Microsoft Corporation. http://www.microsoft.com/mscorp/safety/technologies/antiphishing/visio n.mspx. Accessed: July 18, 2010
[23] Google Safe Browsing - Add-ons for Firefox. http://www.google.com/tools/firefox/safebrowsing/. Accessed: July 6, 2010
[24] FirePhish Anti-Phishing Extension - Add-ons for Firefox. https://addons.mozilla.org/en-US/firefox/addon/2366/. Accessed: July 15, 2010
[25] Opera Fraud and Malware Protection - Opera Software ASA. http://www.opera.com/docs/fraudprotection. Accessed: July 15, 2010
[26] Opera Introduces Fraud Protection, Powered by GeoTrust and PhishTank - Opera Software ASA. Accessed: July 16, 2010
[27] Malware protection - Opera Software ASA. http://my.opera.com/desktopteam/blog/2008/06/06/malware-protection. Accessed: July 16, 2010
[28] Security settings: Phishing and malware detection - Google Chrome Help. http://www.google.com/support/chrome/bin/answer.py?hl=en&answer= 99020. Accessed: August 5, 2010
[29] Database for information on phishing sites reported by the public - PhishTank. http://www.phishtank.com/. Accessed: July 18, 2010
[30] Phishing Alerts - FraudWatch International. http://www.fraudwatchinternational.com/phishing/index.php. Accessed: July 19, 2010
[31] Anti-Phishing Toolbar - Netcraft. http://toolbar.netcraft.com/. Accessed: June 20, 2010
[32] Phishing Filter Add-in for MSN Search Toolbar - Microsoft Corporation. http://www.microsoft.com/mscorp/safety/technologies/antiphishing/at_g lance.mspx. Accessed: June 21, 2010
[33] ScamBlocker Toolbar - Earthlink. http://www.earthlink.net/partners/sprint/software/toolbar/. Accessed: June 28, 2010
[34] TrustWatch anti-phishing service - Geotrust. http://www.geotrust.com/comcasttoolbar/. Accessed: June 27, 2010
[35] Anti - Fraud Toolbar - Cloudmark. http://www.cloudmark.com/en/home.html. Accessed: June 30, 2010
[36] Lorrie Cranor, Serge Egelman, Jason Hong, and Yue Zhang "Phinding phish: An evaluation of anti-phishing toolbars". The 14th Annual Network & Distributed System Security (NDSS) Symposium 2007 - San Diego, CA - 28th February - 2nd March., in press. http://www.isoc.org/isoc/conferences/ndss/07/papers/phinding_phish.pd f. Accessed: August 11, 2010.
[37] Anti Phishing Working Group "Consumer Advice: How to Avoid Phishing Scams". http://www.antiphishing.org/consumer_recs.html. Accessed: June 28,, 2010
[38] Mitesh Bargadiya, Vijay Chaudhari, Mohd. Ilyas Khan, Bhupendra Verma "The Web Identity Prevention: Factors to consider in the antiphishing design", Vol. 2(7), 2010, 2807-2812, pp. 2811, ISSN: 0975- 5462., in press. http://www.ijest.info/docs/IJEST10-02-07-67.pdf. Accessed: August 1, 2010
[39] TrustedSource.org, PhishRegistry.org and SpamArchive.org, Secure Computing Research Portal - CipherTrust. http://research.ciphertrust.com/. Accessed: August 16, 2010
[40] MakeAlert "Trademark and brand protection for domain names" - Domain Tools. http://www.domaintools.com/mark-alert/. Accessed: July 12, 2010
[41] Advanced Search - Google. http://www.google.co.in/advanced_search?hl=en. Accessed: August 19, 2010
[42] KeyScrambler - QFX Software. http://www.qfxsoftware.com/. Accessed: August 24, 2010