A Defense-in-Depth Approach to Phishing

Abstract

Phishing is a form of crime in which identity theft is accomplished by use of deceptive electronic mail and a fake site on the World Wide Web. Phishing threatens financial institutions, retail companies, and consumers daily and phishers remain successful by researching anti-phishing countermeasures and adapting their attack methods to the countermeasures, either to exploit them, or completely circumvent them. An effective solution to phishing requires a multi-faceted defense strategy. We propose a model for phishing. We report on a survey we conducted of user detection of phishing. We also report on experiments to assess the success of automated methods for assessing clues to phishing email. We present recommendations for a defense-in-depth strategy to prevent phishing.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2006
Accession Number
ADA456923

Entities

People

  • David S. Barnes

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Commerce
  • Computer Programs
  • Computer Science
  • Countermeasures
  • Cybersecurity
  • Detection
  • Electronic Commerce
  • Electronic Mail
  • Information Systems
  • Internet
  • Phishers
  • Reliability
  • Social Engineering
  • Social Media
  • Students
  • Web Browsers
  • Websites

Readers

  • Cybersecurity.

Technology Areas

  • Microelectronics