Abstract
This chapter surveys phishing attacks and their countermeasures. We first examine the underlying ecosystem that facilitates these attacks. Then we go into some detail with regard to the techniques phishers use, the kind of brands they target, as well as variations on traditional attacks. Finally, we describe several proposed countermeasures to phishing attacks and their relative merits.
Chapter PDF
References
Symantec, Inc.: Internet security threat report volume XIII (April 2008)
Z. Ramzan, C. Wueest: Phishing attacks: analyzing trends in 2006, Conference on Email and Anti-Spam (August 2007)
Symantec, Inc.: Symantec report on the underground economy (November 2008), available at http://www.symantec.com/business/theme.jsp?themeid=threatreport
C. Wueest: Personal communication (2008)
M. Jakobsson, Z. Ramzan: Crimeware: Understanding New Attacks and Defenses (Addison Wesley, Boston, MA 2008)
M. Jakobsson, A. Juels, T. Jagatic: Cache cookies for browser authentication – extended abstract, IEEE S&P’06 (2006)
T. Jagatic, N. Johnson, M. Jakobsson, F. Menczer: Social phishing, Commun. ACM 50(10), 94–100 (2007)
O. Whitehouse: SMS/MMS: The new frontier for spam and phishing, Symantec Security Response Blog (14 July 2006), available at http://www.symantec.com/enterprise/security_response/weblog/2006/07/sms mms_one_of_the_next_frontie.html
Honeynet Project: Know your enemies: fast flux service networks (July 2007), available at http://www.honeynet.org/papers/ff/fast-flux.html
G. Aaron, D. Alperovitch, L. Mather: The relationship of phishing and domain tasting, report and analysis by APWG DNS Policy Working Group
S/MIME Working Group: http://www.imc.org/ietf-smime/
E. Allman, J. Callas, M. Delaney, M. Libbey, J. Fenton, M. Thomas: Domain keys identified mail, IETF Internet Draft (2005)
M. Wu, R. Miller, S.L. Garfinkel: Do security toolbars actually prevent phishing attacks?, Conference on Human Factors in Computing Systems (2006)
S. Schechter, R. Dhamija, A. Ozment, I. Fischer: The emperor’s new security indicators: an evaluation of website authentication and the effect of role playing on usability studies, IEEE Symposium on Security and Privacy (2007)
A. Sotirov, M. Stevens, J. Appelbaum, A. Lenstra, D. Molnar, D.A. Osvik, B. de Weger: MD5 considered harmful today: creating a rogue CA certificate, available at http://www.win.tue.nl/hashclash/rogue-ca/
L. James: Phishing Exposed (Syngress, Rockland 2005)
M. Jakobsson, S. Myers (Eds.): Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft (Wiley, Hoboken 2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Ramzan, Z. (2010). Phishing Attacks and Countermeasures. In: Stavroulakis, P., Stamp, M. (eds) Handbook of Information and Communication Security. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04117-4_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-04117-4_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04116-7
Online ISBN: 978-3-642-04117-4
eBook Packages: EngineeringEngineering (R0)