In-session phishing and knowing your enemy

Eisen, Ori

doi:10.1016/s1353-4858(09)70027-3

Cited by 3 publications

(2 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are many techniques of phishing ranging from code-based key-logger (Goring et al, 2007), in-session phishing (Eisen, 2009), Domain Name System (DNS) poisoning, search engine phishing (Bargadiya et al, 2010) to mass emailing (Forte, 2009). Rusch (2005) discussed the various phishing techniques in comparison to real-world fishing, such as Dragnet, Rod-and-Reel, Lobsterpot and Gillnet phishing.…”

Section: Phishing Attacks Solutions and Requirementsmentioning

confidence: 99%

An empirical investigation of the factors that influence Internet user’s ability to correctly identify a phishing website

Purkait

Suar

2014

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

Purpose – The aim of this study is to report on the results of an empirical investigation of the various factors which have significant impacts on the Internet user’s ability to correctly identify a phishing website. Design/methodology/approach – The research participants were Internet users who have had at least some experience of financial transactions over the Internet. This study conducted a quantitative research with the help of a structured survey questionnaire along with three experimental tasks. A total of 621 valid samples were collected and the multiple regression analysis technique was used to deduce the answers to the research question. Findings – The results show that the model is useful and has explanatory power. And adjusted R2 computed as 0.927, means that 92.7 per cent of the variations in the Internet user’s ability to identify phishing website can be explained by the predictors selected for the model. Research limitations/implications – Future research should account for the Internet user’s general security practices and behaviour, attitude towards online financial activity, risk-taking ability or risk behaviour and their potential effects on Internet users' ability to identify a phishing website. Practical implications – The implications of this study provide the foundation for future research on the areas that intend to explain the Internet user’s necessity to take protection or avoid risky behaviour while performing financial transaction over the Internet. Originality/value – This study provides the body of knowledge with an empirical analysis of impact of various factors on an Internet user’s ability to identify phishing websites. The results of this study can help practitioners create a more successful research model and help researchers better understand user behaviour on the Internet.

show abstract

Section: Phishing Attacks Solutions and Requirementsmentioning

confidence: 99%

An empirical investigation of the factors that influence Internet user’s ability to correctly identify a phishing website

Purkait

Suar

2014

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

show abstract

“…There are many techniques of phishing ranging from, code‐based key‐logger (Goring et al , 2007), in‐session phishing (Eisen, 2009), domain name system (DNS) poison, search engine phishing (Bargadiya et al , 2010) to mass e‐mailing (Forte, 2009). Rusch (2005) discussed various phishing technique in comparison to real world fishing such as dragnet, rod‐and‐reel, lobsterpot, gillnet phishing.…”

Section: Introductionmentioning

confidence: 99%

Phishing counter measures and their effectiveness – literature review

Purkait

2012

Information Management &Amp; Computer Security

103

View full text Add to dashboard Cite

PurposePhishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publication outlets. In addition to that, this paper aims to identify the important trends in phishing and its countermeasures and provides a view of the research gap that is still prevailing in this field of study.Design/methodology/approachThis paper is a comprehensive literature review prepared after analysing 16 doctoral theses and 358 papers in this field of research. The papers were analyzed based on their research focus, empirical basis on phishing and proposed countermeasures.FindingsThe findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories. Also, the different approaches proposed so far are all preventive in nature. A Phisher will mainly target the innocent consumers who happen to be the weakest link in the security chain and it was found through various usability studies that neither server‐side security indicators nor client‐side toolbars and warnings are successful in preventing vulnerable users from being deceived.Originality/valueEducating the internet users about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against phishing attacks. Further research is required to evaluate the effectiveness of the available countermeasures against fresh phishing attacks. Also there is the need to find out the factors which influence internet user's ability to correctly identify phishing websites.

show abstract