Protecting Users against Phishing Attacks
The Computer Journal
JavaScript: The Definitive Guide
JavaScript: The Definitive Guide
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Method for Evaluating the Security Risk of a Website Against Phishing Attacks
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
There is no free phish: an analysis of "free" and live phishing kits
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
A phishing analysis of web based systems
Proceedings of the 2011 International Conference on Communication, Computing & Security
A quantitative approach to estimate a website security risk using whitelist
Security and Communication Networks
PhishSafe: leveraging modern JavaScript API's for transparent and robust protection
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
Phishing is an online identity theft that aims to steal sensitive information such as user names, passwords, and credit card numbers. Although phishing is a simple social engineering attack, it has proven to be surprisingly effective. Hence, the number of phishing scams is continuing to grow, and the costs of the resulting damages is increasing. Researchers as well as the IT industry have identified the urgent need for anti-phishing solutions and recently, a number of solutions to mitigate phishing attacks have been proposed. Several of these approaches are browser plugins. In 2005, we implemented a Firefox anti-phishing browser plug-in called AntiPhish. After releasing AntiPhish, we decided to port it to the Microsoft Internet Explorer (IE) browser. Supporting IE was important because a majority of Internet users are accessing the web with this browser. Our initial expectation at the beginning of the project was that porting a browser plug-in that is written for Firefox to IE could not be too difficult; after all, browser plug-ins are conceptually similar. However, creating an anti-phishing browser plug-in for the IE proved to be much more challenging than expected. In this paper, we report on our experience in implementing anti-phishing (i.e., security) browser plug-ins and summarize five lessons we learned from our undertaking.