Phishing within e-commerce: A trust and confidence game
作者: Greg Megaw , Stephen V. Flowerday
DOI: 10.1109/ISSA.2010.5588333
关键词: Phishing 、 E-commerce 、 The Internet 、 Network security 、 Electronic mail 、 Computer science 、 Authentication 、 Computer security 、 Vulnerability (computing) 、 Email authentication 、 Internet privacy
摘要: E-Commerce has been plagued with problems since its inception and this paper examines one of these problems: The lack user trust in E-commerce created by the risk phishing. Phishing grown exponentially together expansion Internet. This growth advancement technology not only benefitted honest Internet users, but enabled criminals to increase their effectiveness which caused considerable damage budding area commerce. Moreover, it negatively impacted on both online business, breaking down relationship between them. In an attempt explore problem, following was considered; firstly, e-commerce's vulnerability phishing attacks. By referring Common Criteria Security Model, various critical security areas within e-commerce are identified, that, weakness. Secondly, methods techniques used such as emails, websites addresses, distributed attacks redirected well data that phishers seek obtain, is examined. Furthermore, way reduce turn users explored. Here importance Trust Uncertainty Reduction Theory plus fine balance control Finally, presents Critical Success Factors aid prevention control, being: User Authentication, Website Email Data Cryptography, Communication, Active Risk Mitigation.
sci-hub.se 参考文章(19)
Blaine Nelson, Anthony D. Joseph, Steve Martin, Anil Sewani, Karl Chen, Analyzing Behavioral Features for Email Classification. conference on email and anti-spam. ,(2005)
Zulfikar Ramzan, Candid Wueest, Phishing Attacks: Analyzing Trends in 2006. conference on email and anti-spam. ,(2007)
Randall J. Atkinson, Security for the Internet Protocol. Defense Technical Information Center. ,(1995) , 10.21236/ADA301902
Stephen Flowerday, Rossouw von Solms, Trust: An Element of Information Security information security conference. pp. 87- 98 ,(2006) , 10.1007/0-387-33406-8_8
M. Chandrasekaran, R. Chinchani, S. Upadhyaya, PHONEY: mimicking user response to detect phishing attacks world of wireless, mobile and multimedia networks. pp. 668- 672 ,(2006) , 10.1109/WOWMOM.2006.87
Markus Jakobsson, Steven Myers, Delayed password disclosure Proceedings of the 2007 ACM workshop on Digital identity management - DIM '07. pp. 17- 26 ,(2007) , 10.1145/1314403.1314407
Saeed Abu-Nimeh, Dario Nappa, Xinlei Wang, Suku Nair, A comparison of machine learning techniques for phishing detection Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit on - eCrime '07. pp. 60- 69 ,(2007) , 10.1145/1299015.1299021
Julie S. Downs, Mandy B. Holbrook, Lorrie Faith Cranor, Decision strategies and susceptibility to phishing symposium on usable privacy and security. pp. 79- 90 ,(2006) , 10.1145/1143120.1143131
Sujata Garera, Niels Provos, Monica Chew, Aviel D. Rubin, A framework for detection and measurement of phishing attacks Proceedings of the 2007 ACM workshop on Recurring malcode - WORM '07. pp. 1- 8 ,(2007) , 10.1145/1314389.1314391
Troy Ronda, Stefan Saroiu, Alec Wolman, Itrustpage: a user-assisted anti-phishing tool european conference on computer systems. ,vol. 42, pp. 261- 272 ,(2008) , 10.1145/1352592.1352620