@ARTICLE{Miyamoto:Evaluation, AUTHOR = {Daisuke Miyamoto and Hiroaki Hazeyama and Youki Kadobayashi}, TITLE = {{An Evaluation of Machine Learning-based Methods for Detection of Phishing Sites}}, JOURNAL = {Australian Journal of Intelligent Information Processing Systems}, VOLUME = {10(2)}, PAGES = {54--63}, YEAR = {2008} } @INPROCEEDINGS{Miyamoto:SPS, AUTHOR = {Daisuke Miyamoto and Hiroaki Hazeyama and Youki Kadobayashi}, TITLE = {{SPS: A Simple Filtering Algorithm Thwart Phishing Attacks}}, BOOKTITLE = {Proceedings of ASIAN INTERNET ENGINEERING CONFERENCE 2005}, MONTH = {Dec.}, YEAR = {2005} } @INPROCEEDINGS{Miyamoto:PreEvaluation, AUTHOR = {Daisuke Miyamoto and Hiroaki Hazeyama and Youki Kadobayashi}, TITLE = {A {P}roposal of the {A}da{B}oost-{B}ased {D}etection of {P}hishing {S}ites}, BOOKTITLE = {Proceedings of the 2nd Joint Workshop on Information security}, MONTH = {Aug.}, YEAR = {2007} } @INPROCEEDINGS{Miyamoto:HumanBoost, AUTHOR = {Daisuke Miyamoto and Hiroaki Hazeyama and Youki Kadobayashi}, TITLE = {{HumanBoost: Utilization of Users' Past Trust Decision for Identifying Fraudulent Websites}}, BOOKTITLE = {Proceedings of the 16th International Conference on Neural Information Processing of the Asia-Pacific Neural Network Assembly}, MONTH = {Dec.}, YEAR = {2009} } @inproceedings{Christian:Effectiveness, author = {Christian Ludl and Sean McAllister and Engin Kirda and Christopher Kruegel}, title = {{On the Effectiveness of Techniques to Detect Phishing Sites}}, booktitle = {Proceedings of The 4th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment}, year = {2007}, month = {Jul.} } @inproceedings{Guang:Hybrid, author = {Guang Xiang and Jason I. Hong}, title = {{A Hybrid Phish Detection Approach by Identity Discovery and Keywords Retrieval}}, booktitle = {Proceedings of the 17th World Wide Web Conference}, year = {2009}, month = {Apl.} } @inproceedings{Yutaka:PAKE, author = {Yutaka Oiwa and Hiromitsu Takagi and Hajime Watanabe and Hirofumi Suzuki}, title = {{PAKE-based Mutual HTTP Authentication for Preventing Phishing Attacks}}, booktitle = {Proceedings of the 17th World Wide Web Conference}, year = {2009}, month = {Apl.} } @inproceedings{Paul:Why, author = {Paul Andrew Watters}, title = {{Why Do Users Trust The Wrong Messages? A Behavioural Model of Phishing}}, booktitle = {Proceedings of the 4th annual Anti-Phishing Working Groups eCrime Researchers Summit}, month = {Sep.}, year = {2009} } @inproceedings{Shujun:Hooneypot, author = {Shujun Li and Roland Schmitz}, title = {{A Novel Anti-Phisihng Framework Based on Honeypots}}, booktitle = {Proceedings of the 4th annual Anti-Phishing Working Groups eCrime Researchers Summit}, month = {Sep.}, year = {2009} } @inproceedings{Brad:Webapp, author = {Brad Wardman and Gaurang Shukla and Gray Warner}, title = {{Identifying Vulnerable Websites by Analysis of Common Strings in Phishing URLs}}, booktitle = {Proceedings of the 4th annual Anti-Phishing Working Groups eCrime Researchers Summit}, month = {Sep.}, year = {2009} } @inproceedings{Paul:Humboldt, author = {Paul Knickbocker and Dongting Yu and Jun Li}, title = {{Humboldt: A Distributed Phishing Disruption System}}, booktitle = {Proceedings of the 4th annual Anti-Phishing Working Groups eCrime Researchers Summit}, month = {Sep.}, year = {2009} } @inproceedings{Fergus:Learning, author = {Fergus Toolan and Joe Carthy}, title = {{Phishing Detection Using Classifier Ensembles}}, booktitle = {Proceedings of the 4th annual Anti-Phishing Working Groups eCrime Researchers Summit}, month = {Sep.}, year = {2009} } @inproceedings{Robert:Clustering, author = {Robert Layton and Paul Watters}, title = {{Determining provenance in phishing websites using automated conceptual analysis}}, booktitle = {Proceedings of the 4th annual Anti-Phishing Working Groups eCrime Researchers Summit}, month = {Sep.}, year = {2009} } @inproceedings{Liping:Clustering, author = {Liping Ma and John Yearwood and Paul Watters}, title = {{Establishing Phishing Provenance Using Orthographic Features}}, booktitle = {Proceedings of the 4th annual Anti-Phishing Working Groups eCrime Researchers Summit}, month = {Sep.}, year = {2009} } @inproceedings{Suriya:Tricks, author = {R. Suriya and Kannan Saravanan and Arunkumar Thangavelu}, title = {{Establishing Phishing Provenance Using Orthographic Features}}, booktitle = {Proceedings of the 2nd International Conference on Security of Information and Networks}, month = {Oct.}, year = {2009} } @inproceedings{Maher:Fuzzy, author = {Maher Ragheb Aburrous and M. Alamgir Hossain and Fadi Thabatah and Keshav Dahal}, title = {{Intelligent Phishing Website Detection System using Fuzzy Techniques}}, booktitle = {Proceedings of the 3rd International Conference on Information and Communication Technologies: From Theory to Applications}, month = {Apr.}, year = {2008} } @inproceedings{Maher:FuzzyBank, author = {Maher Ragheb Aburrous and M. Alamgir Hossain and Fadi Thabatah and Keshav Dahal}, title = {{Modelling Intelligent Phishing Detection System for E-banking Using Fuzzy Data Mining}}, booktitle = {Proceedings of International Conference on CYBERWORLDS}, month = {Sep.}, year = {2009} } @inproceedings{Serge:Timing, author = {Serge Egelman and Janice Y. Tsai and Lorrie Faith Cranor and Alessandro Acquisiti}, title = {{Timing is everything?: the effects of timing and placement of online privacy indicators}}, booktitle = {Proceedings of the 27th International Conference On Human Factors In Computing Systems}, month = {Apr.}, year = {2009} } @inproceedings{Chenfeng:Self, author = {Chenfeng Vincent Zhou and Christopher Leckie and Shanika Karunasekera and Tao Peng}, title = {{A Self-healing, Self-protecting, Collaborative Intrusion Detection Architecture to Trace-back Fast-flux Phishing Domains}}, booktitle = {Proceedings of the 2nd IEEE Workshop on Autonomic Communication and Network Management}, month = {Apr.}, year = {2008} } @ARTICLE{Tyler:Economics, author = {Tyler Moore and Richard Clayton and Ross Anderson}, title = {{The Economics of Online Crime}}, JOURNAL = {Journal of Economic Perspectives}, VOLUME = {23(3)}, PAGES = {3--20}, YEAR = {2009} } @inproceedings{Rainer:Link, author = {Rainer B\"{o}hme and Tyler Moore}, title = {{The Iterated Weakest Link - A Model of Adaptive Security Investment}}, booktitle = {Proceedings of the 8th Workshop on the Economics of Information Security}, month = {Jun.}, year = {2009} } @inproceedings{Tyler:Temporal, author = {Tyler Moore and Richard Clayton and Henry Stern}, title = {{Temporal Correlations between Spam and Phishing Websites}}, booktitle = {Proceedings of the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats}, month = {Apr.}, year = {2009} } @inproceedings{Tyler:Evilsearch, author = {Tyler Moore and Richard Clayton}, title = {{Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing}}, booktitle = {Proceedings of the 13th International Conference on Financial Cryptography and Data Security}, month = {Feb.}, year = {2009} } @inproceedings{Tyler:Consequence, author = {Tyler Moore and Richard Clayton}, title = {{The Consequence of Non-Cooperation in the Fight Against Phishing}}, booktitle = {Proceedings of the 3rd annual Anti-Phishing Working Groups eCrime Researchers Summit}, month = {Oct.}, year = {2008} } @inproceedings{Tyler:Phishtank, author = {Tyler Moore and Richard Clayton}, title = {{Evaluating the Wisdom of Crowds in Assessing Phishing Websites}}, booktitle = {Proceedings of the 12th International Financial Cryptography and Data Security Conference}, month = {Jan.}, year = {2008} } @inproceedings{Tyler:Examining, author = {Tyler Moore and Richard Clayton}, title = {{Examining the Impact of Website Take-down on Phishing}}, booktitle = {Proceedings of the 3rd annual Anti-Phishing Working Groups eCrime Researchers Summit}, month = {Oct.}, year = {2007} } @inproceedings{Andre:Learning, author = {Andr{\'e} Bergholz and Jeong Ho Chang and Gerhard Paass and Frank Reichartz and Siehyun Strobel}, title = {{Improved Phishing Detection using Model-Based Features}}, booktitle = {Proceedings of the 5th Conference on Email and Anti-Spam}, month = {Aug.}, year = {2008} } @TECHREPORT{Sadia:PhishZoo, author = {Sadia Afroz and Rachel Greenstadt}, title = {{PhishZoo: An Automated Web Phishing Detection Approach Based on Profiling and Fuzzy Matching}}, institution = {Department of Computer Science, Drexel University}, number = {DU-CS-09-03}, month = {Jun.}, year = {2009} } @inproceedings{Ponnurangam:School, author = {Ponnurangam Kumaraguru and Justin Cranshaw and Alessandro Acquisti and Lorrie Faith Cranor and Jason I. Hong and Mary Ann and Theodore Pham}, title = {{School of Phish: A real-World Evaluation of Anti-Phishing Training}}, booktitle = {Proceedings of the 5th Symposium On Usable Privacy and Security}, month = {Jul.}, year = {2009} } @INPROCEEDINGS{Dominik:Phishing, author = {Dominik Birk and Sebastian Gajek and Felix Grobert and Ahmad-Reza Sadeghi}, title = {{Phishing Phishers - Observing and Tracing Organized Cybercrime}}, booktitle = {Proceedings of The 2nd International Conference on Internet Monitoring and Protection}, month = {Sep.}, year = {2007} } @TECHREPORT{Edward:WebSpoofing, author = {Edward W. Felten and Dirk Balfanz and Drew Dean and Dan S. Wallach}, title = {{Web Spoofing: An Internet Con Game}}, institution = {Department of Computer Science, Princeton University}, number = {Technical Report 540-96}, month = {Feb.}, year = {1997} } @TECHREPORT{Fogg:Credibility, author = {Brian Jeffrey Fogg and Leslie Marable and Julianne Stanford and Ellen R. Tauber}, title = {{How Do People Evaluate a Web Site's Credibility? Results from a Large Study}}, institution = {Stanford}, month = {Nov.}, year = {2002} } @INPROCEEDINGS{Markus:Modeling, author = {Markus Jakobsson}, title = {{Modeling and Preventing Phishing Attacks}}, booktitle = {Proceedings of Financial Cryptography and Data Security, 9th International Conference}, month = {Mar.}, year = {2005} } @TECHREPORT{Don:Factors, author = {Don Mosley}, title = {{Some Psychological Factors of Successful Phishing}}, institution = {East Carolina University}, month = {Jun.}, year = {2006} } @TECHREPORT{Zishuang:WebSpoofing, author = {Zishuang (Eileen) Ye and Yougu Yuan and Sean Smith}, title = {{Web Spoofing Revisited: SSL and Beyond}}, institution = {Department of Computer Science, Dartmouth College}, month = {Feb.}, year = {2002}, number = {TR2002-417} } @INPROCEEDINGS{Markus:Distributed, author = {Markus Jakobsson and Adam Young }, title = {{Distributed phishing attacks}}, booktitle = {Proceedings of Workshop on Resilient Financial Information Systems}, month = {Mar.}, year = {2005} } @INPROCEEDINGS{Karakasiliotis:Social, author = {Anastasios Karakasiliotis and Steven M. Furnell and Maria Papadaki}, title = {{Assessing end-user awareness of social engineering and phishing}}, booktitle = {Proceedings of the 7th Australian Information Warfare and Security Conference}, month = {Dec.}, year = {2006} } @ARTICLE{Tom:Social, AUTHOR = {Tom N. Jagatic and Nathaniel Johnson and Markus Jakobsson and Filippo Menczer}, TITLE = {{Social Phishing}}, JOURNAL = {Communications of the ACM}, VOLUME = {50(10)}, PAGES = {94--100}, YEAR = {2007} } @misc{Jimmy, author = {Jimmy Kuo}, title = {{The Phishing of Children}}, howpublished = {Available at: \url{http://mal-aware.org/}}, month = {Sep.}, year = {2007} } @INPROCEEDINGS{Anthony:Potential, author = {Anthony Y. Fu and Xiaotie Deng and Liu Wenyin}, title = {{A Potential IRI based Phishing Strategy}}, booktitle = {Proceedings of the 6th International Conference on Web Information Systems Engineering}, month = {Nov.}, year = {2005} } @inproceedings{Anthony:Unicode, author = {Anthony Y. Fu and Xiaotie Deng and Liu Wenyin and Greg Little}, title = {{The methodology and an application to fight against Unicode attacks}}, booktitle = {Proceedings of the 2nd Symposium On Usable Privacy and Security}, month = {Jul.}, year = {2006} } @inproceedings{Viktor:IDN, author = {Viktor Krammer}, title = {{Phishing Defense against IDN Address Spoofing Attacks}}, booktitle = {Proceedings of the 4th Annual Conference on Privacy, Security, and Trust}, month = {Oct.}, year = {2006} } @INPROCEEDINGS{Markus:Instills, author = {Markus Jakobsson and Alex Tsow and Ankur Shah and Eli Blevis and Youn-Kyung Lim}, title = {{What Instills Trust? A Qualitative Study of Phishing}}, booktitle = {Proceedings of Financial Cryptography and Data Security}, pages = {356--361}, month = {Dec.}, year = {2007} } @INPROCEEDINGS{Alex:Consumer, author = {Alex Tsow}, title = {{Phishing with Consumer Electronics - Malicious Home Routers}}, booktitle = {Proceedings of the WWW'06 Workshop on Models of Trust for the Web}, pages = {356--361}, month = {May}, year = {2007} } @TECHREPORT{Paul:Authentication, author = {Paul Ducklin}, title = {{CAN STRONG AUTHENTICATION SORT OUT PHISHING AND FRAUD ?}}, institution = {Sophos Pty Ltd.}, month = {Oct.}, year = {2006} } @inproceedings{Dhamija:Why, author = {Rachna Dhamija and J. Doug Tygar and Marti A. Hearst}, title = {{Why Phishing Works.}}, booktitle = {Proceedings of Conference On Human Factors In Computing Systems}, year = {2006}, month = {Apr.} } @inproceedings{Wu:Toolbar, author = {Min Wu and Rovert C. Miller and Simson L. Garfinkel}, title = {{Do Security Toolbars Actually Prevent Phishing Attacks?}}, booktitle = {Proceedings of Conference On Human Factors In Computing Systems}, month = {Apr.}, year = {2006} } @inproceedings{Markus:Designing, author = {Markus Jakobsson and Jacob Ratkiewicz}, title = {{Designing ethical phishing experiments: a study of (ROT13) rOnl query features}}, booktitle = {Proceedings of the 15th International Conference on World Wide Web}, month = {May}, year = {2006} } @inproceedings{Julue:Decision, author = {Julie S. Downs and Mandy B. Holbrook and Lorrie Faith Cranor}, title = {{Decision strategies and susceptibility to phishing}}, booktitle = {Proceedings of the 2nd Symposium On Usable Privacy and Security}, pages = {79--90}, month = {Jul.}, year = {2006} } @inproceedings{Ponnurangam:Game, author = {Ponnurangam Kumaraguru and Yong Rhee and Alessandro Acquisti and Lorrie Faith Cranor and Jason I. Hong and Elizabeth Nunge}, title = {{Protecting people from phishing: the design and evaluation of an embedded training email system}}, booktitle = {Proceedings of Conference On Human Factors In Computing Systems}, year = {2007}, month = {Apr.}, pages = {905-914} } @TECHREPORT{Aaron:Anti, author = {Aaron Emigh}, title = {{Anti-Phishing Technology}}, institution = {Radix Labs}, year = {2005} } @TECHREPORT{Cert:QTAR, author = {{www.us-cert.gov}}, title = {{Quarterly Trends and Analysis Report}}, institution = {Radix Labs}, issue = {1}, volume = {3}, institution = {US-CERT}, year = {2008} } @INPROCEEDINGS{Alexander:Crawler, author = {Alexander Moshchuk and Tanya Bragin and Steven D. Gribble and Henry M. Levy}, title = {{A crawler-based study of spyware on the Web}}, booktitle = {Proceedings of the Network and Distributed System Security Symposium}, year = {2006} } @inproceedings{Merwe:Characteristic, author = {Alta {V}an der Merwe and Marianne Loock and Marek Dabrowski}, title = {{Characteristics and Responsibilities Involved in a Phishing Attack}}, booktitle = {Proceedings of the 4th International Symposium on Information and Communication Technologies}, month = {Jan.}, year = {2005} } @inproceedings{Vivek:IQ, author = {Vivek Anandpara and Andrew Dingman and Markus Jakobsson and Debin Liu and Heather Roinestad}, title = {{Phishing IQ Tests Measure Fear, Not Ability}}, booktitle = {Proceedings of Financial Cryptography and Data Security, 11th International Conference}, year = {2007}, month = {Feb.}, pages = {362-366} } @inproceedings{Ponnurangam:Trust, author = {Ponnurangam Kumaraguru and Alessandro Acquisti and Lorrie Faith Cranor}, title = {{Trust modeling for online transactions: A phishing scenario}}, booktitle = {Proceedings of the 3rd Annual Conference on Privacy, Security, and Trust}, month = {Oct.}, year = {2005} } @inproceedings{Dhamija:HIP, author = {Rachna Dhamija and J.D. {T}ygar}, title = {{Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks}}, booktitle = {Proceedings of the 2nd International Workshop on Human Interactive Proofs}, location = {Bethlehem, PA, United States}, month = {May}, year = {2005} } @inproceedings{Dhamija:Battle, author = {Rachna Dhamija and J. Doug Tygar}, title = {{The Battle Against Phishing: Dynamic Security Skins}}, booktitle = {Proceedings of the 1st Symposium On Usable Privacy and Security}, month = {Jul.}, year = {2005} } @techreport{Amir:Trustbar, author = {Amir Herzberg and Ahmad Gbara}, title = {{TrustBar: Protecting (even Na\"{i}ve) Web Users from Spoofing and Phishing Attacks}}, institute = {Cryptology ePrint Archive, Report 2004/155}, month = {Jul.}, year = {2004} } @inproceedings{Neil:Spoofguard, author = {Neil Chou and Robert Ledesma and Yuka Teraguchi and Dan Boneh and John C. Mitchell}, title = {{Client-side defense against web-based identity theft}}, booktitle = {Proceedings of 11th Annual Network and Distributed System Security Symposium}, month = {Feb.}, year = {2004} } @misc{Netcraft:Toolbar, author = {Netcraft}, title = {{Netcraft Anti-Phishing Toolbar}}, howpublished = {Available at: \url{http://toolbar.netcraft.com/}} } @misc{CallingID:Toolbar, author = {CallingID Ltd.}, title = {{Calling ID Toolbar}}, howpublished = {Available at: \url{http://www.callingid.com/DesktopSolutions/CallingIDToolbar.aspx}}, } @misc{Cloudmark:Toolbar, author = {Cloudmark Inc.}, title = {{Cloudmark Anti-Fraud Toolbar}}, howpublished = {Available at: \url{http://www.cloudmark.com/desktop/download/}}, } @misc{Earthlink:Toolbar, author = {Earthlink Inc.}, title = {{Earthlink Toolbar}}, howpublished = {Available at: \url{http://www.earthlink.net/software/free/tool/}}, } @misc{eBay:Toolbar, author = {e{B}ay Inc.}, title = {{Using eBay Tool's Account Guard}}, howpublished = {Available at: \url{http://pages.ebay.com/help/account/securing-account.html}}, } @misc{GeoTrust:Toolbar, author = {Geo{T}rust Inc.}, title = {{TrustWatch Tool}}, howpublished = {Available at: \url{http://tool.trustwatch.com/tour/v3ie/tool-v3ietour-overview.html}}, } @misc{Joris:Security, author = {Joris Evers}, title = {{Security Expert: User education is pointless}}, howpublished = {Available at: \url{http://news.com.com/2100-7350_3-6125213.html}}, month = {Oct.}, year = {2007}, } @inproceedings{Steve:Phil, author = {Steve Sheng and Bryant Magnien and Ponnurangam Kumaraguru and Alessandro Acquisti and Lorrie Faith Cranor and Jason I. Hong and Elizabeth Nunge}, title = {{Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish}}, booktitle = {Proceedings of the 1st Symposium On Usable Privacy and Security}, month = {Jul.}, year = {2007} } @INPROCEEDINGS{Whitten:Why, author = {Alma Whitten and J. Doug Tygar}, title = {{Why Johnny Can't Encrypt}}, booktitle = {Proceedings of the 8th USENIX Security Symposium}, month = {Aug.}, year = {1999} } @inproceedings{Dhamija:HIPS, author = {Rachna Dhamija and J. Doug Tygar}, title = {{Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks}}, booktitle = {Proceedings of the 2nd International Workshop on Human Interactive Proofs}, location = {Bethlehem, PA, United States}, month = {Jul.}, year = {2005} } @misc{IF:AOLPasscode, author = {{RSA Security, Inc.}}, title = {{America Online and RSA Security Launch AOL PassCode Premium Service}}, howpublished = {Available at: \url{http://www.rsa.com/press_release.aspx?id=5033}} } @misc{IF:Passmark, author = {Passmark Security}, title = {{Protecting Your Customers from Phishing Attacks: an Introduction to Passmarks}}, howpublished = {Available at: \url{http://www.passmarksecurity.com/}} } @misc{IF:VISA, author = {VISA USA}, title = {{Verified by VISA}}, howpublished = {Available at: \url{https://usa.visa.com/personal/security/vbv/}} } @misc{IF:YURL, author = {Waterken}, title = {{Trust Management for Humans}}, howpublished = {Available at: \url{http://www.waterken.com/dev/YURL/Name/}} } @article{Zishuang:TPB, author = {Zishuang (Eileen) Ye and Sean Smith and Denise Anthony}, title = {{Trusted Paths for Browsers}}, journal = {ACM Transactions on Information and System Security}, volume = {8}, number = {2}, year = {2005}, pages = {153-186} } @misc{Washington:SSL, author = {Brian Krebs}, title = {{The New Face of Phishing}}, howpublished = {Available at: \url{http://blog.washingtonpost.com/securityfix/2006/02/the_new_face_of_phishing_1.html}} } @misc{NetCraft:SSL, author = {NetCraft LTD.}, title = {{SSL's Credibility as Phishing Defense Is Tested}}, howpublished = {Available at: \url{http://news.netcraft.com/archives/2004/03/08/ssls_credibility_as_phishing_defense_is_tested.html}} } @article{Engin:Protecting, author = {Engin Kirda and Christopher Kr{\"u}gel}, title = {{Protecting Users against Phishing Attacks}}, journal = {Computer Journal}, volume = {49}, number = {5}, year = {2006}, pages = {554-561} } @inproceedings{Dinei:Password, author = {Dinei A. F. Flor{\^e}ncio and Cormac Herley}, title = {{A large-scale study of web password habits}}, booktitle = {Proceedings of the 16th International Conference on World Wide Web}, month = {May}, year = {2007} } @inproceedings{Dinei:Analysis, author = {Dinei A. F. Flor{\^e}ncio and Cormac Herley}, title = {{Analysis and Improvement of Anti-Phishing Schemes}}, booktitle = {Proceedings of the IFIP TC-11 21st International Information Security Conference}, month = {Jul.}, year = {2006} } @inproceedings{Dinei:Rescue, author = {Dinei A. F. Flor{\^e}ncio and Cormac Herley}, title = {{Password Rescue: A New Approach to Phishing Prevention}}, booktitle = {Proceedings of the 1st USENIX Workshop on Hot Topics in Security}, month = {Jul.}, year = {2006} } @inproceedings{Dinei:Evaluating, author = {Dinei A. F. Flor{\^e}ncio and Cormac Herley}, title = {{Evaluating a trial deployment of password re-use for phishing prevention}}, booktitle = {Proceedings of the 2nd annual Anti-Phishing Working Groups eCrime Researchers Summit}, month = {Oct.}, year = {2007} } @inproceedings{Klaus:Protection, author = {Klaus Pl\"ossl and Hannes Federrath and Thomas Nowey}, title = {{Protection Mechanisms against Phishing Attacks}}, booktitle = {Proceedings of the 2nd International Conference on Trust, Privacy, and Security in Digital Business}, month = {Aug.}, year = {2005} } @inproceedings{Blake:PwdHash, author = {Blake Ross and Collin Jackson and Nick Miyake and Dan Boneh and John C. Mitchell}, title = {{Stronger Password Authentication Using Browser Extensions}}, booktitle = {Proceedings of the 14th USENIX Security Symposium}, month = {Jul.}, year = {2005} } @inproceedings{Ari:Cookie, author = {Ari Juels and Markus Jakobsson and Tom N. Jagatic}, title = {{Cache Cookies for Browser Authentication}}, booktitle = {Proceedings of 2006 IEEE Symposium on Security and Privacy}, month = {May}, year = {2006} } @inproceedings{Kevin:Cookie, author = {Kevin Fu and Emil Sit and Kendra Smith and Nick Feamster}, title = {{Dos and don'ts of client authentication on the web}}, booktitle = {Proceedings of the 10th USENIX Security Symposium}, month = {Aug.}, year = {2001} } @techreport{Chris:Cookie, author = {Chris Karlof and Umesh Shankar and J. Doug Tygar and David Wagner}, title = {{Locked cookies: Web authentication security against phishing, pharming, and active attacks}}, institution = {Electrical Engineering and Computer Sciences University of California at Berkeley}, number = {UCB/EECS-2007-25}, month = {Feb.}, year = {2007} } @inbook{Dirk:PKI, author = {Dirk Balfanz and Glenn Durfee and D.K. Smetters}, title = {{Making the impossible easy: Usable PKI}}, chapter = {16}, pages = {319--334}, publisher = {O'Reilly}, year = {2005} } @techreport{PeterD:PKI, author = {Peter Doyle and Steve Hanna}, title = {{Analysis of June 2003 survey on obstacles to PKI deployment and usage}}, institution = {OASIS Public Key Infrastructure (PKI) Technical Committee (TC)}, month = {Aug.}, year = {2003} } @inproceedings{PeterG:PKI, author = {Peter Gutmann}, title = {{Plug-and-Play PKI: A PKI your Mother can Use}}, booktitle = {Proceedings of the 11th USENIX Security Symposium}, month = {Aug.}, year = {2003} } @inproceedings{IPA:Mutual, author = {Yutaka Oiwa and Hiromitsu Takagi and Hajime Watanabe and Hideki Imai}, title = {{PAKE-based mutual HTTP authentication for preventing phishing attacks}}, booktitle = {Proceedings of the 2nd annual Anti-Phishing Working Groups eCrime Researchers Summit}, month = {Oct.}, year = {2007} } % % Phishing Pervasive % @inproceedings{Cristine:Anatomy, author = {Cristine E. Drake and Jonathan J. Oliver and Eugene J. Koontz}, title = {{Anatomy of a Phishing Email}}, booktitle = {Proceedings of the first Conference on Email and Anti-Spam}, month = {Jul.}, year = {2004} } @techreport{Abhishek:Phishing, author = {Abhishek Kumar}, title = {{Phishing - A new age weapon}}, institution = {Open Web Application Securitry Project}, month = {Jan.}, year = {2005} } @techreport{Gregg:Phishing, author = {Gregg Tally and Rshan Thomas and Tom Van Vleck}, title = {{Anti-Phishing: Best Practices for Institutions and Consumers}}, institution = {McAfee Research}, month = {Mar.}, year = {2004} } @techreport{NGS:Phishing, author = {Gunter Ollmann}, title = {{The Phishing Guide - Understanding \& Preventing Phishing Attacks}}, institution = {Next Generation Security Software Ltd.}, month = {Jun.}, year = {2005} } @techreport{jason:trends:us-cert:2006, author = {Jason Milletary}, title = {{Technical Trends in Phishing Attacks}}, institution = {{US-Cert}}, month = {Nov.}, year = {2005} } @inproceedings{Mauro:HoneySpam, author = {Mauro Andreolini and Alessandro Bulgarelli and Michele Colajanni and Francesca Mazzoni}, title = {{HoneySpam: honeypots fighting spam at the source}}, booktitle = {Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop}, month = {Aug.}, year = {2005} } @techreport{Ari:Harvesting, author = {Ari Schwartz}, title = {{Why Am I Getting All This Spam?}}, institution = {Center for Democracy \& Technology}, month = {Mar.}, year = {2003} } @misc{Ben:IM, author = {Ben Woelk}, title = {{RIT Information Security Advisory: Phone, E-mail, and IM/Social Networking Phishing Attacks}}, howpublished = {Available at: \url{http://connect.educause.edu/files/RIT_Advisory_Msg2.pdf}} } @inbook{Douglas:IM, author = {{Douglas W. Frye}}, title = {{Email, Instant Messaging and Phishing}}, booktitle = {{Network Security Policies and Procedures}}, publisher = {Springer US}, chapter = {13}, pages = {319--334}, volume = {32}, year = {2007} } @misc{AML:Software, author = {NetEconomy}, title = {{AML Compliance Sale Table}}, howpublished = {Available at: \url{http://www.neteconomy.com/amlcompliancesalestable.aspx?r=wikibs}} } @misc{AML:Cash, author = {Hiroshi Asao}, title = {{Current situations of AML market}}, howpublished = {Available at: \url{http://www.infoex.co.jp/english/profile/pdf/report070629.pdf}}, month = {Jun.}, year = {2007} } % % % % @inproceedings{Yue:Phinding, author = {Yue Zhang and Serge Egelman and Lorrie Cranor and Jason Hong}, title = {{Phinding Phish: Evaluating Anti-Phishing Tools}}, booktitle = {Proceedings of the 14th Annual Network and Distributed System Security Symposium}, year = {2007}, month = {Feb.} } @inproceedings{Yue:Cantina, author = {Yue Zhang and Jason Hong and Lorrie Cranor}, title = {{CANTINA: A Content-Based Approach to Detect Phishing Web Sites}}, booktitle = {Proceedings of the 16th World Wide Web Conference}, year = {2007}, month = {May} } @inproceedings{Ian:Learning, author = {Ian Fette and Norman M. Sadeh and Anthony Tomasic}, title = {{Learning to detect phishing emails}}, booktitle = {Proceedings of the 16th International Conference on World Wide Web}, month = {May}, year = {2007} } @inproceedings{Saeed:Learning, author = {Saeed Abu-Nimeh and Dario Nappa and Xinlei Wang and Suku Nair}, title = {{A Comparison of Machine Learning Techniques for Phishing Detection}}, booktitle = {Proceedings of the 2nd annual Anti-Phishing Working Groups eCrime Researchers Summit}, month = {Oct}, year = {2007} } @article{Ram:Learning, author = {Ram Basnet and Srinivas Mukkamala and Andrew H. Sung}, title = {{Detection of Phishing Attacks: A Machine Learning Approach}}, journal = {Studies in Fuzziness and Soft Computing}, volume = {226}, year = {2008}, pages = {373-383} } @inproceedings{Ying:Learning, author = {Ying Pan and Xuhua Ding}, title = {{Anomaly Based Web Phishing Page Detection}}, booktitle = {Proceedings of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference}, year = {2006}, month = {Sep.} } @inproceedings{Thomas:Robust, author = {Thomas A. Phelps and Robert Wilensky}, title = {{Robust Hyperlinks: Cheap, Everywhere, Now}}, booktitle = {Proceedings of the 8th International Conference on Digital Documents and Electronic Publishing, the 5th International Workshop on the Principles of Digital Document Processing}, year = {2000}, month = {Sep.} } @misc{URL:3sharp, author = {Paul Robichaux and Devin L. Ganger}, title = {{Gone Phishing: Evaluating Anti-Phishing Tools for Windows}}, howpublished = {Available at: \url{http://www.3sharp.com/projects/antiphishing/gone-phishing.pdf}} } @misc{DNS:Cache, author = {{US-CERT}}, title = {{Multiple DNS implementations vulnerable to cache poisoning}}, howpublished = {Available at: \url{http://www.kb.cert.org/vuls/id/800113}}, month = {Jul.}, year = {2008} } @misc{Symantec:Pharming, author = {Symantec}, title = {{Drive-By Pharming: How Clicking on a Link Can Cost You Dearly}}, year = {2007}, month = {Feb.}, howpublished = {Available at: \url{http://www.symantec.com/enterprise/security_response/weblog/2007/02/driveby_pharming_how_clicking_1.html}} } @misc{apwg-trend-report:q1:2008, author = {{Anti-Phishing Working Group}}, title = {{Phishing Activity Trends Report - Q1, 2008}}, month = {Aug.}, year = {2008}, howpublished = {Available at: \url{http://www.apwg.com/reports/apwg_report_Q1_2008.pdf}} } @misc{phishtank, author = {OpenDNS}, title = {{PhishTank - Join the fight against phishing}}, howpublished = {Available at: \url{http://www.phishtank.com}} } @misc{opendns, author = {OpenDNS}, title = {{Providing A Safer And Faster Internet}}, howpublished = {Available at: \url{http://www.opendns.com}} } @misc{apwg, author = {{Anti Phishing Working Group}}, title = {{APWG: Committed to Wiping Out Internet Scams and Fraud}}, howpublished = {Available at: \url{http://www.apwg.com}} } @misc{Dragos:Blog author = {Dragos Lungu Dot Com}, title = {Phish Tank vs. Anti-Phishing Working Group}, howpublished = {Available at: \url{http://www.dragoslungu.com/2007/05/17/phishtank-vs-anti-phishing-working-group/}} month = {Jul.}, year = {2007}, } % % Phishing report by gartner % @misc{Gartner:2005, author = {Tom McCall and Radley Moss}, title = {{Gartner Survey Shows Frequent Data Security Lapses and Increased Cyber Attacks Damage Consumer Trust in Online Commerce}}, howpublished = {Available at: \url{http://www.gartner.com/press_releases/asset_129754_11.html}}, month = {Jun.}, year = {2005} } @misc{Gartner:2007, author = "Tom McCall", title = {{Gartner Survey Shows Phishing Attacks Escalated in 2007; More than \$3 Billion Lost to These Attacks}}, howpublished = {Available at: \url{http://www.gartner.com/it/page.jsp?id=565125}}, month = {Dec.}, year = {2007} } @misc{PhishingEmail:Paypal, author = {MillerSmiles.co.uk}, title = {{PayPal Phishing Scams}}, howpublished = {Available at: \url{http://www.millersmiles.co.uk/report/8221}} } @book{Robert:Influence, author = {Robert B. Cialdini}, year = {1981}, title = {{Influence: Science and Practice, 2nd Edition}}, publisher = {Allyn \& Bacon}, edition = {4th}, year = {2001} } @misc{Blocking:Bluecoat, author = {{Blue Coat Systems, Inc.}}, title = {{spyware prevention - Blue Coat Systems. Inc. - proxy servers}}, howpublished = {Available at: \url{http://www.bluecoat.com/}} } @misc{Blocking:Trafficshield, author = {{F5 Networks, Inc.}}, title = {{TrafficShield Application Firewall}}, howpublished = {Available at: \url{http://www.f5.com/f5products/products/TrafficShield/}}, }