Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Phishing counter measures and their effectiveness – literature review

Phishing counter measures and their effectiveness – literature review Purpose – Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publication outlets. In addition to that, this paper aims to identify the important trends in phishing and its countermeasures and provides a view of the research gap that is still prevailing in this field of study. Design/methodology/approach – This paper is a comprehensive literature review prepared after analysing 16 doctoral theses and 358 papers in this field of research. The papers were analyzed based on their research focus, empirical basis on phishing and proposed countermeasures. Findings – The findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories. Also, the different approaches proposed so far are all preventive in nature. A Phisher will mainly target the innocent consumers who happen to be the weakest link in the security chain and it was found through various usability studies that neither server‐side security indicators nor client‐side toolbars and warnings are successful in preventing vulnerable users from being deceived. Originality/value – Educating the internet users about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against phishing attacks. Further research is required to evaluate the effectiveness of the available countermeasures against fresh phishing attacks. Also there is the need to find out the factors which influence internet user's ability to correctly identify phishing websites. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information Management & Computer Security Emerald Publishing

Phishing counter measures and their effectiveness – literature review

Swapan Purkait
Information Management & Computer Security , Volume 20 (5): 39 – Nov 23, 2012
Download PDF
39 pages

Loading next page...
 
/lp/emerald-publishing/phishing-counter-measures-and-their-effectiveness-literature-review-WTcs02ftad
Publisher
Emerald Publishing
Copyright
Copyright © 2012 Emerald Group Publishing Limited. All rights reserved.
ISSN
0968-5227
DOI
10.1108/09685221211286548
Publisher site
See Article on Publisher Site

Abstract

Purpose – Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publication outlets. In addition to that, this paper aims to identify the important trends in phishing and its countermeasures and provides a view of the research gap that is still prevailing in this field of study. Design/methodology/approach – This paper is a comprehensive literature review prepared after analysing 16 doctoral theses and 358 papers in this field of research. The papers were analyzed based on their research focus, empirical basis on phishing and proposed countermeasures. Findings – The findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories. Also, the different approaches proposed so far are all preventive in nature. A Phisher will mainly target the innocent consumers who happen to be the weakest link in the security chain and it was found through various usability studies that neither server‐side security indicators nor client‐side toolbars and warnings are successful in preventing vulnerable users from being deceived. Originality/value – Educating the internet users about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against phishing attacks. Further research is required to evaluate the effectiveness of the available countermeasures against fresh phishing attacks. Also there is the need to find out the factors which influence internet user's ability to correctly identify phishing websites.

Journal

Information Management & Computer SecurityEmerald Publishing

Published: Nov 23, 2012

Keywords: Phishing; Phishing counter measures; Internet; Literature review; Electronic commerce

References

  • Phishing detection using distributed Bayesian additive regression trees
    Abu‐Nimeh, S.
  • Experimental case studies for investigating e‐banking phishing techniques and attack strategies
    Aburrous, M.; Hossain, M.A.; Dahal, K.; Thabtah, F.
  • BeamAuth: two‐factor web authentication with a bookmark
    Adida, B.
  • Fighting phishing attacks: a lightweight trust architecture for detecting spoofed emails
    Adida, B.; Hohenberger, S.; Rivest, R.
  • Lightweight encryption for e‐mail
    Adida, B.; Hohenberger, S.; Rivest, R.
  • Spamato – an extendable spam filter system
    Albrecht, K.; Burri, N.; Wattenhofer, R.
  • Fighting internet fraud: anti‐phishing effectiveness for phishing websites detection
    Alnajim, A.M.
  • Phishing attacks and perceptions of service quality: a content analysis of internet banking in Turkey
    Altintas, M.H.; Gursakal, N.
  • Identity theft
    Anderson, K.B.; Durbin, E.; Salinger, M.A.
  • Global Phishing Survey: Trends and Domain Name Use in 1H2010
    APWG
  • Undertaking a structured literature review or structuring a literature review: tales from the field
    Armitage, A.; Keeble‐Allen, D.
  • PwdIP‐hash a lightweight solution to phishing and pharming attacks
    Aslam, B.; Wu, L.; Zou, C.C.
  • Phishing attacks and solutions
    Badra, M.; El‐Sawda, S.; Hajjeh, I.
  • Organizations respond to phishing: exploring the public relations tackle box
    Baker, E.M.; Baker, W.H.; Tedesco, J.C.
  • Consumer privacy and trust online: an experimental analysis of anti‐phishing promotional effects
    Baker, E.M.; Tedesco, J.C.; Baker, W.H.
  • Social engineering: assessing vulnerabilities in practice
    Bakhshi, T.; Papadaki, M.; Furnell, S.
  • The web identity prevention: factors to consider in the anti‐phishing design
    Bargadiya, M.; Chaudhari, V.; Khan, M.I.; Verma, B.
  • New filitering approaches for phishing email
    Bergholz, A.; Beer, J.D.; Glahn, S.; Moens, M.; Paa, G.; Strobel, S.
  • Johnny in internet cafe: user study and exploration of password autocomplete in web browsers
    Bicakci, K.; Atalay, N.B.; Kiziloz, H.E.
  • Phishing phace‐off
    Bielski, L.
  • Security breaches hitting home
    Bielski, L.
  • Authentication in an internet banking environment; towards developing a strategy for fraud detection
    Bignell, K.B.
  • Unveiling the mask of phishing: threats, preventive measures, and responsibilities
    Bose, I.; Leung, A.C.M.
  • Assessing anti‐phishing preparedness: a study of online banks in Hong Kong
    Bose, I.; Leung, A.C.M.
  • What drives the adoption of antiphishing measures by Hong Kong banks?
    Bose, I.; Leung, A.C.M.
  • Criminal law tackles computer fraud and misuse
    Brainbridge, D.
  • Phishing, pharming and identity theft
    Brody, R.G.; Mulig, E.; Kimball, V.
  • A framework of anti‐phishing measures aimed at protecting the online consumer's identity
    Butler, R.
  • Bigger phish to fry: California's antiphishing statute and its potential imposition of secondary liability on internet service providers
    Calman, C.
  • Anti‐phishing based on automated individual white‐list
    Cao, Y.; Han, W.; Le, Y.
  • Phsihng for undergraduate students
    Case, C.J.; King, D.L.
  • Detecting phishing e‐mails by heterogeneous classification
    Castillo, M.D.; Iglesias, A.; Serrano, J.I.
  • Mitigating phishing attacks: a detection, response and evaluation framework
    Ceesay, E.N.
  • Towards phishing e‐mail detection based on their structural properties
    Chandrasekaran, M.; Narayanan, K.; Upadhyaya, S.
  • Voice phishing detection technique based on minimum classification error method incorporating codec parameters
    Chang, J.‐H.; Lee, K.‐H.
  • Fighting phishing with discriminative keypoint features
    Chen, K.; Chen, J.; Huang, C.; Chen, C.
  • Detecting visually similar web pages: application to phishing detection
    Chen, T.‐C.
  • Detecting visually similar web pages: application to phishing detection
    Chen, T.‐C.; Dick, S.; Miller, J.
  • Client‐side defense against web‐based identity theft
    Chou, N.; Ledesma, R.; Teraguchi, Y.; Mitchell, J.C.
  • The impact of computer security policy content elements on mitigating phishing attacks
    Ciampa, M.D.
  • Motivation for the avoidance of phishing threat
    Comesongsri, V.
  • Email spam filtering: a systematic review
    Cormack, G.V.
  • It won't happen to me: promoting secure behaviour among internet users
    Davinson, N.; Sillence, E.
  • Phish and HIPs: human interactive proofs to detect phishing attacks
    Dhamija, R.; Tygar, J.D.
  • The battle against phishing: dynamic security skins
    Dhamija, R.; Tygar, J.D.
  • Why phishing works
    Dhamija, R.; Tygar, J.D.; Hearst, M.
  • Managing legal, consumers and commerce risks in phishing
    Dinna, N.M.M.; Leau, Y.B.; Habeeb, S.A.H.; Yanti, A.S.
  • Phishing for user security awareness
    Dodge, R.C.; Carver, C.; Ferguson, A.J.
  • Organization and training of a cyber security team
    Dodge, R.C.; Ragsdale, D.J.; Reynolds, C.
  • Exploring a national cyber security exercise for universities
    Dodge, R.C.; Hoffman, L.; Rosenberg, T.; Ragsdale, D.
  • Defending the weakest link: phishing websites detection by analysing user behaviours
    Dong, X.; Clark, J.A.; Jacob, J.L.
  • Decision strategies and susceptibility to phishing
    Downs, J.S.; Holbrook, M.B.; Cranor, L.F.
  • Behavioral response to phishing
    Downs, J.S.; Holbrook, M.B.; Cranor, L.F.
  • You've been warned: an empirical study of the effectiveness of web browser phishing warnings
    Egelman, S.; Cranor, L.F.; Hong, J.
  • In‐session phishing and knowing your enemy
    Eisen, O.
  • Identity theft: an exploratory study with implications for marketers
    Eisenstein, E.M.
  • Online identity theft: phishing technology, chokepoints and countermeasures
    Emigh, A.
  • Phishing update, and how to avoid getting hooked
    Emm, D.
  • Reducing online privacy risk to facilitate e‐service adoption: the influence of perceived ease of use and corporate credibility
    Featherman, M.S.; Miyazaki, A.D.; Sprott, D.E.
  • On the potential of proactive domain blacklisting
    Felegyhazi, M.; Kreibich, C.; Paxson, V.
  • Learning to detect phishing emails
    Fette, I.; Sadeh, N.; Tomasic, A.
  • A large‐scale study of web password habits
    Florencio, D.; Herley, C.
  • What makes web sites credible? A report on a large quantitative study
    Fogg, B.J.; Marshall, J.; Laraki, O.; Osipovich, A.; Varma, C.; Fang, N.; Paul, J.; Rangnekar, A.; Shon, J.; Swani, S.; Treinen, A.
  • Anatomy of a phishing attack: a high‐level overview
    Forte, D.
  • Web identity security: advanced phishing attacks and counter measures
    Fu, A.Y.
  • Detecting phishing web pages with visual similarity assessment based on earth movers distance (EMD)
    Fu, A.Y.; Wenyin, L.; Deng, X.
  • E‐commerce security: a question of trust
    Furnell, S.M.
  • Getting caught in the phishing net
    Furnell, S.M.
  • Phishing: can we spot the signs?
    Furnell, S.M.
  • It's a jungle out there: predators, prey and protection in the online wilderness
    Furnell, S.M.
  • The irreversible march of technology
    Furnell, S.M.
  • How to make secure e‐mail easier to user
    Garfinkel, S.L.; Margrave, D.; Schiller, J.I.; Nordlander, E.; Miller, R.C.
  • Gartner news room; Gartner says number of phishing attacks on US consumers increased 40 percent in 2008
    Gartner
  • Anti‐keylogging measures for secure internet login: an example of the law of unintended consequences
    Goring, S.P.; Rabaiotti, J.R.; Jones, A.J.
  • An overview of the sender policy framework (SPF) as an anti‐phishing mechanism
    Gorling, S.
  • SPP: an anti‐phishing single password protocol
    Gouda, M.G.; Liu, A.L.; Leung, L.M.; Alam, M.A.
  • A legal overview of phishing
    Granova, A.; Eloff, J.H.P.
  • Writing narrative literature reviews for peer‐reviewed journals: secrets of the trade
    Green, B.N.; Johnson, C.D.; Adams, A.
  • Vishing. InfoSecCD'08
    Griffin, S.E.; Rackley, C.C.
  • A convenient method for securely managing passwords
    Halderman, J.A.; Waters, B.; Felten, E.W.
  • An efficient phishing webpage detector
    He, M.; Horng, S.; Fan, P.; Khan, M.K.; Run, R.; Lai, J.; Chen, R.; Sutanto, A.
  • A profitless endeavor: phishing as tragedy of the commons
    Herley, C.; Florencio, D.
  • Financial Cryptography and Data Security
    Herley, C.; Oorschot, P.C.V.; Patrick, A.S.
  • DNS‐based email sender authentication mechanisms: a critical review
    Herzberg, A.
  • Why Johnny can't surf (safely)? Attacks and defenses for web users
    Herzberg, A.
  • Security and identification indicators for browsers against spoofing and phishing attacks
    Herzberg, A.; Jbara, A.
  • All you need to be a phisherman is patience and a worm
    Hinde, S.
  • 2005 IT security highlights – the day of the amateur hacker has gone, but there are still plenty of amateur users'
    Hunter, P.
  • Social phishing
    Jagatic, T.; Johnson, N.; Jakobsson, M.; Menczer, F.
  • Designing ethical phishing experiments: a study of (ROT13) rOnl query features
    Jakobsson, M.; Ratkiewicz, J.
  • What Instills Trust? A Qualitative Study of Phishing
    Jakobsson, M.; Tsow, A.; Shah, A.; Blevis, E.; Lim, Y.K.
  • Assessing image‐based authentication techniques in a web‐based environment
    Jali, M.Z.; Furnell, S.M.; Dowland, P.S.
  • Phishing exposed. Tech target article sponsored by: Sunbelt software
    James, L.
  • Pvault: a client server system providing mobile access to personal data
    Jammalamadaka, R.C.; Mehrotra, S.; Venkatasubramanian, N.
  • Usability meets security – the identity‐manager as your personal security assistant for the internet
    Jendricke, U.; Markotten, D.G.
  • An empirical study of spam traffic and the use of DNS black lists
    Jung, J.; Sit, E.
  • Human factors in web authentication
    Karlof, C.K.
  • Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, October 28‐31
    Karlof, C.K.; Tygar, J.D.; Wanger, D.; Shankar, U.
  • The dark side of the internet: attacks, costs and responses
    Kim, W.; Jeong, O.; Kim, C.; So, J.
  • Protecting users against phishing attacks with antiphish
    Kirda, E.; Kruegel, C.
  • Protecting users against phishing attacks
    Kirda, E.; Kruegel, C.
  • Goin phishing
    Knight, W.
  • Caught in the net
    Knight, W.
  • Spoofing – a look at an evolving threat
    Kruck, G.P.; Kruck, S.E.
  • PhishGuru: a system for educating users about semantic attacks
    Kumaraguru, P.
  • Teaching Johnny not to fall for phish
    Kumaraguru, P.; Sheng, S.; Acuisti, A.; Cranor, L.F.; Hong, J.
  • Protecting people from phishing: the design and evaluation of an embedded training email system
    Kumaraguru, P.; Rhee, Y.; Acquisti, A.; Cranor, L.; Hong, J.; Nunge, E.
  • Getting users to pay attention to anti‐phishing education: evaluation of retention and transfer
    Kumaraguru, P.; Rhee, Y.; Hasan, S.; Acquisti, A.; Cranor, L.; Hong, J.
  • School of phish: a real‐world evaluation of anti‐phishing training
    Kumaraguru, P.; Cranshaw, J.; Acquisti, A.; Cranor, L.; Hong, J.; Blair, A.B.; Pham, T.
  • Fighting identity theft: the coping perspective
    Lai, F.; Li, D.; Hsieh, C.
  • Social networking and the risk to companies and institutions
    Langheinrich, M.; Karjoth, G.
  • Gone phishing
    Larcom, G.; Elbirt, A.J.
  • Enforcing intellectual property rights to deter phishing
    Larson, J.S.
  • A multifaceted approach to spam reduction
    Leiba, B.; Borenstein, N.S.
  • Depress phishing by CAPTCHA with OTP
    Leung, C.M.
  • Visual security is feeble for anti‐phishing
    Leung, C.M.
  • A systems approach to conduct an effective literature review in support of information systems research
    Levy, Y.; Ellis, T.J.
  • Exploring the identity‐theft prevention efforts of consumers in the United States
    Lewis, J.L.
  • Usability evaluation of anti‐phishing toolbars
    Li, L.; Helenius, M.
  • The phishing hook: issues and reality
    Liao, Q.; Luo, X.
  • An antiphishing strategy based on visual similarity assessment
    Liu, W.; Deng, X.; Huang, G.; Fu, A.Y.
  • Fighting cybercrime: technical, juridical and ethical challenges
    Lovet, G.
  • An empirical study of the effect of perceived risk upon intention to use online applications
    Lu, H.; Hsu, C.; Hsu, H.
  • Optimising anti‐phishing solutions based on user awareness, education and the use of the latest web security solutions
    Lungu, I.; Tabusca, A.
  • Identity theft in cyberspace: crime control methods and their effectiveness in combating phishing attacks
    Lynch, J.
  • Phishing infrastructure fluxes all the way
    McGrath, D.K.; Kalafut, A.; Gupta, M.
  • Angling for phishers: legislative responses to deceptive e‐mail
    Mcnealy, J.
  • Hands‐on, simulated, and remote laboratories: a comparative literature review
    Ma, J.; Nickerson, J.V.
  • Beyond blacklists: learning to detect malicious web sites from suspicious URLs
    Ma, J.; Saul, L.K.; Savage, S.; Voelker, G.M.
  • Using a personal device to strengthen password authentication from an untrusted computer
    Mannan, M.; Oorschot, P.C.V.
  • Identity theft in an online world
    Marshall, A.M.; Tompsett, B.C.
  • Phishing for answers: exploring the factors that influence a participant's ability to correctly identify email
    Martin, T.D.
  • Phishing secrets: history, effects, and countermeasures
    Martino, A.S.; Perramon, X.
  • Visual‐similarity‐based phishing detection
    Medvet, E.; Kirda, E.; Kruegel, C.
  • Scoping identity theft
    Mercuri, R.T.
  • Authentication using multiple communication channels
    Mizuno, S.; Yamada, K.; Takahashi, K.
  • Attack on the GridCode one‐time password
    Molloy, I.; Li, N.
  • Examining the impact of website take‐down on phishing
    Moore, T.; Clayton, R.
  • Evaluating the wisdom of crowds in assessing phishing websites
    Moore, T.; Clayton, R.
  • The water is wide: network security at Kenyon College, 1995‐2005
    Murphy, J.M.
  • Building security and trust in online banking
    Nilsson, M.; Adams, A.; Herd, S.
  • Securing information assets: understanding, measuring and protecting against social engineering attacks
    Nohlberg, M.
  • Fraudulent and malicious sites on the web
    Obied, A.; Alhajj, R.
  • Obtaining the threat model for e‐mail phishing
    Olivo, K.C.; Santin, A.O.; Oliveira, L.S.
  • Protecting TLS‐SA implementations for the challenge‐response feature of EMV‐CAP against challenge collision attacks
    Oppliger, R.; Hauser, R.
  • SSL/TLS session‐aware user authentication – or how to effectively thwart the man‐in‐the‐middle
    Oppliger, R.; Hauser, R.; Basin, D.
  • SSL/TLS session‐aware user authentication
    Oppliger, R.; Hauser, R.; Basin, D.
  • SSL/TLS session‐aware user authentication revisited
    Oppliger, R.; Hauser, R.; Basin, D.
  • A proof of concept implementation of SSL/TLS session‐aware user authentication
    Oppliger, R.; Hauser, R.; Basin, D.; Rodenhaeuser, A.; Kaiser, B.
  • Phoolproof phishing prevention
    Parno, B.; Kuo, C.; Perrig, A.
  • Canning spam: proposed solutions to unwanted email
    Pfleeger, S.L.; Bloom, G.