Why Johnny can’t rely on anti-phishing educational interventions to protect himself against contemporary phishing attacks?

Phishing is a way of stealing people’s sensitive information such as username, password and banking details by disguising as a legitimate entity (i.e. email, website). Anti-phishing education considered to be vital in strengthening “human”, the weakest link in information security. Previous research in anti-phishing education focuses on improving educational interventions to better interact the end user. However, one can argue that existing anti-phishing educational interventions are limited in success due to their outdated teaching content incorporated. Furthermore, teaching outdated anti-phishing techniques might not help combat contemporary phishing attacks. Therefore, this research focuses on investigating the obfuscation techniques of phishing URLs used in anti-phishing education against the contemporary phishing attacks reported in PhishTank.com. Our results showed that URL obfuscation with IP address has become insignificant and it revealed two emerging URL obfuscation techniques, that attackers use lately, haven’t been incorporated into existing anti-phishing educational interventions

Plugging the “Phishing” Hole: Legislation Versus Technology

This iBrief analyzes the Anti-Phishing Act of 2005, legislation aimed at curbing the problem of phishing. Phishing is the sending of fraudulent emails which appear to be from legitimate businesses and thereby fooling the recipients into divulging personal information such as credit card numbers. While this legislation may provide some assistance in the fight against phishing, it is limited by the global nature of the Internet and the ease with which phishers can hide and avoid judgments. This iBrief therefore concludes that although the Anti-Phishing Act can play a supporting role in the battle, technological solutions are the most effective means of reducing or eliminating phishing attacks

Plugging the “Phishing” Hole: Legislation Versus Technology

This iBrief analyzes the Anti-Phishing Act of 2005, legislation aimed at curbing the problem of phishing. Phishing is the sending of fraudulent emails which appear to be from legitimate businesses and thereby fooling the recipients into divulging personal information such as credit card numbers. While this legislation may provide some assistance in the fight against phishing, it is limited by the global nature of the Internet and the ease with which phishers can hide and avoid judgments. This iBrief therefore concludes that although the Anti-Phishing Act can play a supporting role in the battle, technological solutions are the most effective means of reducing or eliminating phishing attacks

NoFish; Total Anti-Phishing Protection System

Phishing attacks have been identified by researchers as one of the major cyber-attack vectors which the general public has to face today. Although software companies launch new anti-phishing products, these products cannot prevent all the phishing attacks. The proposed solution, 201C;No Fish201D; is a total anti-phishing protection system created especially for end-users as well as for organizations. In this paper, a realtime anti-phishing system, which has been implemented using four main phishing detection mechanisms, is proposed. The system has the following distinguishing properties from related studies in the literature: language independence, use of a considerable amount of phishing and legitimate data

The Phishing Master Anti-Phishing Game

Games are one type of measure developed to raise security awareness. We present the design of a anti-phishing game for public events or for public spaces. We collected feedback on the game and got an impression of individuals\u27 interaction with the game, through a small user study with a convenience sample at a public event. Participants left overall positive feedback on the game. Our anti-phishing game seems to be a good alternative to classical anti-phishing measures -- in particular for public security awareness events. However, further work is required to integrate the received feedback and then evaluate the game in a controlled study

Investigation of Phishing Attacks and Means to Utilize Anti Phishing Techniques

Advancement of technology have both positive and negative impacts. Some of the negative impacts are cyber crimes. Cyber crimes have become more dangerous. Phishing is one of the cyber crime which results in exploitation of data. There are many phishing attacks which are identified every day. There are different techniques in phishing attacks. We have to reduce those attacks by employing suitable anti-phishing techniques. Some of the anti-phishing techniques and algorithms are discussed in this paper. History of phishing and the lifecycle are also discussed in this paper. People should be aware of all such phishing and the anti-phishing techniques. They have to be careful while checking their mails and should not click on any links or downloadable malware files