Effective protection against phishing and web spoofing

Authors:
Rolf Oppliger;Sebastian Gajek
Affiliations:
eSECURITY Technologies, Gümligen, Switzerland;Horst Görtz Institute for IT-Security, Ruhr University, Bochum, Germany
Venue:
CMS'05 Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Year:
2005

Citing 7
Cited 6

Trusted Paths for Browsers

Proceedings of the 11th USENIX Security Symposium
Déjà Vu: a user study using images for authentication

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Analysis of the SSL 3.0 protocol

WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
WWW electronic commerce and java trojan horses

WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Cut-&-paste attacks with JAVA

ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Modeling and preventing phishing attacks

FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Visual spoofing of SSL protected web sites and effective countermeasures

ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience

Phishing attacks and solutions

Proceedings of the 3rd international conference on Mobile multimedia communications
SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle

Computer Communications
A scalable and self-adapting notification framework

DEXA'10 Proceedings of the 21st international conference on Database and expert systems applications: Part II
Socio-technological phishing prevention

Information Security Tech. Report
Understanding the weaknesses of human-protocol interaction

FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Content-based control of HTTPs mail for implementation of IT-convergence security environment

Journal of Intelligent Manufacturing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Phishing and Web spoofing have proliferated and become a major nuisance on the Internet. The attacks are difficult to protect against, mainly because they target non-cryptographic components, such as the user or the user-browser interface. This means that cryptographic security protocols, such as the SSL/TLS protocol, do not provide a complete solution to tackle the attacks and must be complemented by additional protection mechanisms. In this paper, we summarize, discuss, and evaluate the effectiveness of such mechanisms against (large-scale) phishing and Web spoofing attacks.