Open AccessProceedings Article
Client-Side Defense Against Web-Based Identity Theft.
Reads0
Chats0
TLDR
A framework for client-side defense is proposed: a browser plug-in that examines web pages and warns the user when requests for data may be part of a spoof attack.Abstract:
Web spoofing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information We discuss some aspects of common attacks and propose a framework for client-side defense: a browser plug-in that examines web pages and warns the user when requests for data may be part of a spoof attack While the plugin, SpoofGuard, has been tested using actual sites obtained through government agencies concerned about the problem, we expect that web spoofing and other forms of identity theft will be continuing problems inread more
Citations
More filters
Journal ArticleDOI
Social phishing
TL;DR: Sometimes a "friendly" email message tempts recipients to reveal more online than they otherwise would, playing right into the sender's hand.
Proceedings ArticleDOI
Cantina: a content-based approach to detecting phishing web sites
TL;DR: The design, implementation, and evaluation of CANTINA, a novel, content-based approach to detecting phishing web sites, based on the TF-IDF information retrieval algorithm, are presented.
Proceedings ArticleDOI
Learning to detect phishing emails
TL;DR: This method is applicable, with slight modification, to detection of phishing websites, or the emails used to direct victims to these sites, and correctly identify over 96% of the phishing emails while only mis-classifying on the order of 0.1%" of the legitimate emails.
Proceedings ArticleDOI
Do security toolbars actually prevent phishing attacks
TL;DR: It is found that many subjects do not understand phishing attacks or realize how sophisticated such attacks can be, and security toolbars are found to be ineffective at preventingPhishing attacks.
Proceedings ArticleDOI
The battle against phishing: Dynamic Security Skins
Rachna Dhamija,J. D. Tygar +1 more
TL;DR: A new scheme is proposed, Dynamic Security Skins, that allows a remote web server to prove its identity in a way that is easy for a human user to verify and hard for an attacker to spoof.
References
More filters
Proceedings Article
Bro: a system for detecting network intruders in real-time
TL;DR: Bro as mentioned in this paper is a stand-alone system for detecting network intruders in real-time by passively monitoring a network link over which the intruder's traffic transits, which emphasizes high-speed (FDDI-rate) monitoring, realtime notification, clear separation between mechanism and policy and extensibility.
Journal ArticleDOI
Bro: a system for detecting network intruders in real-time
Vern Paxson,Vern Paxson +1 more
TL;DR: An overview of the Bro system's design, which emphasizes high-speed (FDDI-rate) monitoring, real-time notification, clear separation between mechanism and policy, and extensibility, is given.
Proceedings ArticleDOI
Robust image hashing
TL;DR: A novel image indexing technique that may be called an image hash function, which uses randomized signal processing strategies for a non-reversible compression of images into random binary strings, and is shown to be robust against image changes due to compression, geometric distortions, and other attacks.
Web Spoofing: An Internet Con Game
TL;DR: Web spoofing allows an attacker to create a “shadow copy” of the entire World Wide Web, allowing the attacker to monitor all of the victim’s activities including any passwords or account numbers the victim enters.
Web Spoofing Revisited: SSL and Beyond
TL;DR: This paper systematically shows how a malicious server can forge every one of the above cues, including the very existence of an SSL session, by systematically showing how a browser-user communcation model today is secure enough to warrant this assumption.