Abstract
Approaches against Phishing can be classified into modifications of the traditional PIN/TAN-authentication on the one hand and approaches that try to reduce the probability of a scammer being successful without changing the existing PIN/TAN-method on the other hand. We present a new approach, based on challenge-response-authentication. Since our proposal does not require any new hardware on the client side, it can be implemented with little additional cost by financial institutions or other web retailers and therefore is a good compromise compared to the other approaches. A big drawback is that it doesn’t protect against man-in-the-middle attacks but most of the other approaches don’t either.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
FBI National Press Office: FBI Says Web Spoofing Scams are a Growing Problem, Washington D.C (2003), http://www.fbi.gov/pressrel/pressrel03/spoofing072103.htm
Anti-Phishing Working Group: Proposed Solutions to Address the Threat of Email Spoofing Scams (2003)
Anti-Phishing Working Group: Phishing Activity Trends Report (2005), http://www.antiphishing.org/APWG_Phishing_Activity_Report-January2005.pdf
Litan, A.: Phishing Victims Likely Will Suffer Identity Theft Fraud (2004)
Nassauische Sparkasse: Tipps zur Sicherheit gegen Phishing-Attacken (2004), http://www.naspa.de/05_ebanking/05_6_7_tipps_phishing.php
heise news: Phishing-Tricks werden immer ausgefeilter (2004), http://www.heise.de/newsticker/meldung/52935
Bundesverband deutscher Banken: Online-Banking-Sicherheit. Informationen für Online-Banking-Nutzer, Berlin (2004), http://www.bdb.de/index.asp?channel=901010
Chou, N., Ledesma, R., Teraguchi, Y., Boneh, D., Mitchell, J.C.: Client-side defense against web-based identity theft (2004), http://crypto.stanford.edu/SpoofGuard/webspoof.pdf
Dragoon, A.: Fighting Phish, Fakes and Frauds (2004), http://www.cio.com/archive/090104/phish.html
Böhm, H.: Phishing-Betrüger bevorzugen den Finanzsektor, Wien (2004), http://www.zt-prentner.at/phishing/Pressemitteilung%20Phishing%20Long.pdf
heise news: Anti-Spam-Arbeitsgruppe MARID der IETF streicht die Segel (2004), http://www.heise.de/newsticker/meldung/51379
Financial Times Deutschland: AOL bringt neues Sicherheitskonzept gegen Phishing-Mails (2004), http://www.ftd.de/tm/me/1095597904304.html?nv=wn
KOBIL Systems GmbH: Whitepaper KOBIL SecOVID (2003), http://www.kobil.de/d/support/download/documents/Whitepaper_SecOVID_ver31_20030519.pdf
Schmidt, N.: Tokens statt PIN/TAN: Sicheres Online-Banking ohne Kartenleser (2004), http://www.zdnet.de/itmanager/tech/0,39023442,39125970,00.htm
Oppliger, R.: Sichere streichlisten. digma. Zeitschrift für Datenrecht und Informationssicherheit 1, 34–35 (2005)
Essmayr, W., Leonhardsberger, H., Probst, S., Stockner, W., Weippl, E.: Qualitative evaluation of authentication approaches for ebanking. Technical Report SCCH-TR-0215, Software Competence Center Hagenberg, Hagenberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Plössl, K., Federrath, H., Nowey, T. (2005). Protection Mechanisms Against Phishing Attacks. In: Katsikas, S., López, J., Pernul, G. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2005. Lecture Notes in Computer Science, vol 3592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11537878_3
Download citation
DOI: https://doi.org/10.1007/11537878_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28224-2
Online ISBN: 978-3-540-31796-8
eBook Packages: Computer ScienceComputer Science (R0)