Title :
Fighting Phishing with Trusted Email
Author :
Crain, Jordan ; Opyrchal, Lukasz ; Prakash, Atul
Author_Institution :
Miami Univ., Oxford, OH, USA
Abstract :
Phishing is the combination of social engineering and technical exploits designed to convince a victim to provide personal information, usually for the monetary gain of the attacker (phisher). Attempts to stop phishing by preventing a user from interacting with a malicious web site have shown to be ineffective. We introduce a method to aid in the prevention of phishing by combining automatic and transparent email signing with an email client plugin. The plugin can detect unsigned spoofed messages. In this manner, the user is prevented (or at least discouraged) from visiting malicious web sites, thus stopping the data-gathering phase of the phishing attack before it begins. We describe the system, implementation, weaknesses, and our ongoing user experiments.
Keywords :
computer crime; data privacy; unsolicited e-mail; email client plugin; phishing; social engineering; technical exploits; trusted email; Availability; Design engineering; Electronic mail; Information security; Internet; Privacy; Reliability engineering; State estimation; Target recognition; Viruses (medical); email; phishing; privacy; spam;
Conference_Titel :
Availability, Reliability, and Security, 2010. ARES '10 International Conference on
Conference_Location :
Krakow
Print_ISBN :
978-1-4244-5879-0
DOI :
10.1109/ARES.2010.98
