{"title":"Fighting Phishing with Trusted Email","authors":"Jordan Crain, L. Opyrchal, A. Prakash","doi":"10.1109/ARES.2010.98","DOIUrl":null,"url":null,"abstract":"Phishing is the combination of social engineering and technical exploits designed to convince a victim to provide personal information, usually for the monetary gain of the attacker (phisher). Attempts to stop phishing by preventing a user from interacting with a malicious web site have shown to be ineffective. We introduce a method to aid in the prevention of phishing by combining automatic and transparent email signing with an email client plugin. The plugin can detect unsigned spoofed messages. In this manner, the user is prevented (or at least discouraged) from visiting malicious web sites, thus stopping the data-gathering phase of the phishing attack before it begins. We describe the system, implementation, weaknesses, and our ongoing user experiments.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2010.98","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 14
Abstract
Phishing is the combination of social engineering and technical exploits designed to convince a victim to provide personal information, usually for the monetary gain of the attacker (phisher). Attempts to stop phishing by preventing a user from interacting with a malicious web site have shown to be ineffective. We introduce a method to aid in the prevention of phishing by combining automatic and transparent email signing with an email client plugin. The plugin can detect unsigned spoofed messages. In this manner, the user is prevented (or at least discouraged) from visiting malicious web sites, thus stopping the data-gathering phase of the phishing attack before it begins. We describe the system, implementation, weaknesses, and our ongoing user experiments.