Top

Cognitive Computation

Published in:

01-09-2010

Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies

Authors: Maher Aburrous, M. A. Hossain, Keshav Dahal, Fadi Thabtah

Published in: Cognitive Computation | Issue 3/2010

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Phishing is a form of electronic identity theft in which a combination of social engineering and Web site spoofing techniques is used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing Web site attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing Web site attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed.

previous article Flexible Latching: A Biologically-Inspired Mechanism for Improving the Management of Homeostatic Goals

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Alnajim A, Munro M. An evaluation of users’ tips effectiveness for phishing websites detection, 978-1-4244-2917-2/08, IEEE; 2008. p. 63–68.

APWG. Phishing activity trends report. 2005. http://antiphishing.org/reports/apwg_report_DEC2005_FINAL.pdf. Accessed 12 Apr 2007.

APWG. Phishing activity trends report. 2008. http://antiphishing.org/reports/apwg_report_sep2008_final.pdf. Accessed 9 March 2009.

APWG. 2009. http://www.apwg.org/reports/APWG_GlobalPhishingSurvey_1H2009.pdf. Accessed 8 Aug 2009.

Brooks J. Anti-phishing best practices: keys to aggressively and effectively protecting your organization from phishing attacks, White Paper, Cyveillance; 2006.

Business Security Guidance. How to protect insiders from social engineering threats. 2006. www.microsoft.com/technet/security/default.mspx. Accessed 8 Apr 2006.

Chou N, Ledesma R, Teraguchi Y, Boneh D, Mitchell J. Client side defense against web-based identity theft. In: Proceeding of the 11th annual Network and Distributed System Security Symposium (NDSS ‘04); 2004.

Dhamija R, Tygar J. The battle against phishing: dynamic security skins. In: Proceedings of ACM Symposium on Usable Security and Privacy (SOUPS 2005); 2005. p. 77–88.

Dhamija R, Tygar J, Marti H. Why phishing works. In: CHI ‘06: Proceedings of the SIGCHI conference on human factors in computing systems. ACM Press, New York; 2006. p. 581–590.

10.

FDIC. Putting an end to account-hijacking identity theft, FDIC, Technical Report [Online]. 2004. Available: http://www.fdic.gov/consumers/consumer/idtheftstudy/identitytheft.pdf. Accessed 18 Apr 2007.

11.

FFIEC. E-Banking Introduction, Federal Financial Institutions Examination Council, Information Technology Examination Handbook (IT Handbook InfoBase). 2003. Available Online: http://www.ffiec.gov/ffiecinfobase/booklets/e_banking/ebanking_00_intro_def.html. Accessed 15 June 2007.

12.

Fu A, Wenyin L, Deng X. Detecting phishing web pages with visual similarity assessment based on Earth Mover’s Distance (EMD). IEEE Trans Dependable Secur Comput. 2006;3(4):301–11.CrossRef

13.

Gabber E, Gibbons P, Kristol D, Matias Y, Mayer A. Consistent, yet anonymous, web access with LPWA. Commun ACM. 1999;42(2):42–7.CrossRef

14.

Gartner. 2007. (http://www.gartner.com/it/page.jsp?id=565125). Accessed 10 Sept 2007.

15.

Gefen D. Reflections on the dimensions of trust and trustworthiness among online consumers. ACM SIGMIS Database. 2002;33(3):38–53.CrossRef

16.

Herzberg A, Gbara A. Protecting naive web users, Draft of July 18; 2004.

17.

Jagatic T, Johnson N, Jakobsson M, Menczer F. Social phishing, community. ACM. 2007;50(10):94–100.CrossRef

18.

Jakobsson M. Modeling and preventing phishing attacks, School of Informatics Indiana University at Bloomington; 2005.

19.

Jakobsson M, Tsow A, Shah A, Blevis E, Lim Y. What instills trust? A qualitative study of phishing. Bloomington: Indiana University; 2007. p. 356–61.

20.

James L. Phishing exposed, Tech Target Article sponsored by: Sunbelt software. 2006. searchexchange.com.

21.

Kinjo H, Snodgrass JG. Is there a picture superiority effect in perceptual implicit tasks? Eur J Cogn. 2000;12(2):145–64.CrossRef

22.

Kirda E, Kruegel C. Filching attack of on-line status. J Netw Secur Technol Appl. 2005;6(4):17–20.

23.

Kirda E, Kruegel C Protecting users against phishing attacks with antiphishing. In: Proceedings of the 29th annual international Computer Software and Applications Conference (COMPSAC); 2005b. p. 517–524.

24.

Liu W, Guanglin H, Liu X, Xiaotie D, Zhang M. Phishing webpage detection. In: Proceedings of the 2005 eight international conference on Document Analysis and Recognition (ICDAR’05), IEEE; 2005. p. 560–564.

25.

Microsoft Corporation. Microsoft phishing filter: a new approach to building trust in E-Commerce Content, White Paper; 2008.

26.

Ollmann G. The phishing guide, understanding and preventing phishing attacks (online available). 2004. http://www.nextgenss.com/papers/NISR-WP-Phishing.pdf.

27.

PassMark. Two-factor two-way authentication, PassMark Security. 2005. http://www.passmarksecurity.com.

28.

Pettersson J, Fischer-Hübner S, Danielsson N, Nilsson J, Bergmann M, Clauss S, Kriegelstein T, Krasemann H. Making prime usable. In: Proceedings of SOUPS’05. ACM Press, Pittsburgh; 2005. p. 53–64.

29.

Phishtank. 2008 http://www.phishtank.com/phish_archive.php. Accessed 14 Nov 2008.

30.

Rhodes JS. Human memory limitations and web site usability. 1998. Moving WebWord from http://www.webword.com/moving/memory.html. Accessed 28 May 2008.

31.

Ross B, Jackson C, Miyake N, Boneh D, Mitchell J. Stronger password authentication using browser extensions. In: Proceedings of the 14th Usenix Security Symposium; 2005.

32.

Sharif T. Phishing filter in IE7. 2005. http://blogs.msdn.com/ie/archive/2005/09/09/463204.aspx. Accessed 6 Apr 2007.

33.

Stenberg G. Conceptual and perceptual factors in the picture superiority effect. Eur J Cogn. 2006;18(6):813–47.CrossRef

34.

Stepp M. Phishhook: a tool to detect and prevent phishing attacks. In: DIMACS workshop on theft in E-Commerce: content, identity, and service; 2005.

35.

Suh B, Han I. Effect of trust on customer acceptance of Internet banking. Electron Commer Res Appl. 2002;1(3):247–63.CrossRef

36.

Watson D, Holz T, Mueller S. Know your enemy: phishing, behind the scenes of phishing attacks, The Honeynet Project & Research Alliance; 2005.

37.

Wu M, Miller R, Little G. Web wallet: preventing phishing attacks by revealing user intentions. MIT Computer Science and Artificial Intelligence Lab; 2006.

38.

Ye Z, Smith S. Trusted paths for browsers. ACM Trans Inform Syst Secur. 2005;8(2):153–86.CrossRef

39.

Zin A, Yunos Z. How to make online banking secure, article published in The Star InTech; 2005.

Title: Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies
Authors: Maher Aburrous
M. A. Hossain
Keshav Dahal
Fadi Thabtah
Publication date: 01-09-2010
Publisher: Springer-Verlag
Published in: Cognitive Computation / Issue 3/2010
Print ISSN: 1866-9956
Electronic ISSN: 1866-9964
DOI: https://doi.org/10.1007/s12559-010-9042-7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2010

First Words Learning: A Cortical Model

Computer-Aided Diagnosis of Ataxia SCA-2 Using a Blind Source Separation Algorithm

Phoneme Recognition by Means of a Growing Hierarchical Recurrent Self-Organizing Model Based on Locally Adapting Neighborhood Radii

Flexible Latching: A Biologically-Inspired Mechanism for Improving the Management of Homeostatic Goals

Bidirectional LSTM Networks for Context-Sensitive Keyword Detection in a Cognitive Virtual Agent Framework

Reducing Features Using Discriminative Common Vectors

Premium Partner