Efficacy of Anti-phishing Measures and Strategies - A Research Analysis
Statistics indicate that more than 1000 phishing attacks are launched every month. With 57 million people hit by the fraud so far in America alone, how do we combat phishing?This publication aims to discuss strategies in the war against Phishing. This study is an examination of the analysis and critique found in the ways adopted at various levels to counter the crescendo of phishing attacks and new techniques being adopted for the same. An analysis of the measures taken up by the varied popular Mail servers and popular browsers is done under this study. This work intends to increase the understanding and awareness of the internet user across the globe and even discusses plausible countermeasures at the users as well as the developers end. This conceptual paper will contribute to future research on similar topics.
[1] Wikipedia "The Free Encyclopedia".
http://en.wikipedia.org/wiki/Phishing. Accessed: April 25, 2010
[2] Anti Phishing Working Group "Global Phishing Survey: Trends and
Domain Name Use in 2H2009" page. 4-5, Spring Edition, May 2010.
http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_2H
2009.pdf. Accessed: June 9, 2010
[3] Anti Phishing Working Group "Phishing Activity Trends Report, 4th
Quarter 2009" page. 4, October - December 2009.
http://www.antiphishing.org/reports/apwg_report_Q4_2009.pdf.
Accessed: June 9, 2010
[4] Personalized Sign-In Seal - Yahoo Inc. https://protect.login.yahoo.com.
Accessed: May 2, 2010
[5] How do I create a sign-in seal? - Yahoo Inc.
http://help.yahoo.com/l/us/yahoo/edit/privacy/edit-41.html. Accessed:
June 5, 2010
[6] Sign in to Yahoo! - Yahoo Mail Homepage.
https://login.yahoo.com/config/login_verify2?&.src=ym. Accessed: May
15, 2010
[7] Naveen Agarwal, Scott Renfro, Arturo Bejar - Yahoo Inc "Yahoo!'s
sign-in seal and current anti-phishing solutions" page 3, Published :
May 24, Oakland, California, W2SP 2007: Web 2.0 Security and
Privacy 2007., in press. http://w2spconf.com/2007/papers/paper-190-
z_1282.pdf. Accessed: May 22, 2010
[8] DomainKeys help detect forged email - Yahoo Inc.
http://help.yahoo.com/l/us/yahoo/mail/classic/context/context-07.html.
Accessed: June 13, 2010
[9] CertifiedEmail, managed by Goodmail Systems - Yahoo Inc.
http://antispam.yahoo.com/certifiedemail. Accessed: June 3, 2010
[10] Google Upgrades Gmail - PC World.
http://www.pcworld.com/article/118567/google_upgrades_gmail.html.
Accessed: July 7, 2010
[11] Gmail preventing Phishing ! - Blog by Arjun Prabhu.
http://www.arjunprabhu.com/blog/archives/2005/03/03/gmailpreventing-
phishing. Accessed: July 9, 2010
[12] Spice up your inbox with colors and themes, Posted by Annie Chen,
Gmail engineer - The Official Gmail Blog.
http://gmailblog.blogspot.com/2008/11/spice-up-your-inbox-withcolors-
and.html. Accessed: May 12, 2010
[13] The super-trustworthy, anti-phishing key, Posted by Brad Taylor, Gmail
Spam Czar - The Official Gmail Blog.
http://gmailblog.blogspot.com/2009/07/new-in-labs-super-trustworthyanti.
html. Accessed: May 17, 2010
[14] Choosing a smart password, Posted by Michael Santerre, Consumer
Operations Associate - The Official Gmail Blog.
http://gmailblog.blogspot.com/2009/10/choosing-smart-password.html.
Accessed: June 13, 2010
[15] Microsoft Adds New Spam Filtering Technology Across E-Mail
Platforms - Microsoft News Center.
http://www.microsoft.com/presspass/features/2003/nov03/11-
17spamfilter.mspx. Accessed: June 22, 2010
[16] Fighting Junk E-Mail : Hotmail Filters - Windows Live.
http://mail.live.com/mail/junkemail.aspx. Accessed: June 19, 2010
[17] Don't Let Your Company Get Hooked by Phishing - Microsoft
Corporation.
http://www.microsoft.com/mscorp/safety/technologies/antiphishing/guid
ance.mspx. Accessed: June 15, 2010
[18] Sender ID Framework - Microsoft Corporation.
http://www.microsoft.com/mscorp/safety/technologies/senderid/default.
mspx. Accessed: June 18, 2010
[19] Homepage - Rediff.com. http://www.rediffmail.com. Accessed: July 16,
2010
[20] Microsoft Phishing Filter at a Glance - Microsoft Corporation.
http://www.microsoft.com/mscorp/safety/technologies/antiphishing/at_g
lance.mspx. Accessed: July 12, 2010
[21] Anti-phishing White Paper - Microsoft Corporation.
http://www.microsoft.com/downloads/details.aspx?FamilyId=B4022C66
-99BC-4A30-9ECC-8BDEFCF0501D&displaylang=en. Accessed: July
17, 2010
[22] Microsoft's Approach to Anti-Phishing - Microsoft Corporation.
http://www.microsoft.com/mscorp/safety/technologies/antiphishing/visio
n.mspx. Accessed: July 18, 2010
[23] Google Safe Browsing - Add-ons for Firefox.
http://www.google.com/tools/firefox/safebrowsing/. Accessed: July 6,
2010
[24] FirePhish Anti-Phishing Extension - Add-ons for Firefox.
https://addons.mozilla.org/en-US/firefox/addon/2366/. Accessed: July
15, 2010
[25] Opera Fraud and Malware Protection - Opera Software ASA.
http://www.opera.com/docs/fraudprotection. Accessed: July 15, 2010
[26] Opera Introduces Fraud Protection, Powered by GeoTrust and
PhishTank - Opera Software ASA. Accessed: July 16, 2010
[27] Malware protection - Opera Software ASA.
http://my.opera.com/desktopteam/blog/2008/06/06/malware-protection.
Accessed: July 16, 2010
[28] Security settings: Phishing and malware detection - Google Chrome
Help.
http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=
99020. Accessed: August 5, 2010
[29] Database for information on phishing sites reported by the public -
PhishTank. http://www.phishtank.com/. Accessed: July 18, 2010
[30] Phishing Alerts - FraudWatch International.
http://www.fraudwatchinternational.com/phishing/index.php. Accessed:
July 19, 2010
[31] Anti-Phishing Toolbar - Netcraft. http://toolbar.netcraft.com/.
Accessed: June 20, 2010
[32] Phishing Filter Add-in for MSN Search Toolbar - Microsoft
Corporation.
http://www.microsoft.com/mscorp/safety/technologies/antiphishing/at_g
lance.mspx. Accessed: June 21, 2010
[33] ScamBlocker Toolbar - Earthlink.
http://www.earthlink.net/partners/sprint/software/toolbar/. Accessed:
June 28, 2010
[34] TrustWatch anti-phishing service - Geotrust.
http://www.geotrust.com/comcasttoolbar/. Accessed: June 27, 2010
[35] Anti - Fraud Toolbar - Cloudmark.
http://www.cloudmark.com/en/home.html. Accessed: June 30, 2010
[36] Lorrie Cranor, Serge Egelman, Jason Hong, and Yue Zhang "Phinding
phish: An evaluation of anti-phishing toolbars". The 14th Annual
Network & Distributed System Security (NDSS) Symposium 2007 - San
Diego, CA - 28th February - 2nd March., in press.
http://www.isoc.org/isoc/conferences/ndss/07/papers/phinding_phish.pd
f. Accessed: August 11, 2010.
[37] Anti Phishing Working Group "Consumer Advice: How to Avoid
Phishing Scams". http://www.antiphishing.org/consumer_recs.html.
Accessed: June 28,, 2010
[38] Mitesh Bargadiya, Vijay Chaudhari, Mohd. Ilyas Khan, Bhupendra
Verma "The Web Identity Prevention: Factors to consider in the antiphishing
design", Vol. 2(7), 2010, 2807-2812, pp. 2811, ISSN: 0975-
5462., in press. http://www.ijest.info/docs/IJEST10-02-07-67.pdf.
Accessed: August 1, 2010
[39] TrustedSource.org, PhishRegistry.org and SpamArchive.org, Secure
Computing Research Portal - CipherTrust.
http://research.ciphertrust.com/. Accessed: August 16, 2010
[40] MakeAlert "Trademark and brand protection for domain names" -
Domain Tools. http://www.domaintools.com/mark-alert/. Accessed: July
12, 2010
[41] Advanced Search - Google.
http://www.google.co.in/advanced_search?hl=en. Accessed: August 19,
2010
[42] KeyScrambler - QFX Software. http://www.qfxsoftware.com/.
Accessed: August 24, 2010
[1] Wikipedia "The Free Encyclopedia".
http://en.wikipedia.org/wiki/Phishing. Accessed: April 25, 2010
[2] Anti Phishing Working Group "Global Phishing Survey: Trends and
Domain Name Use in 2H2009" page. 4-5, Spring Edition, May 2010.
http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_2H
2009.pdf. Accessed: June 9, 2010
[3] Anti Phishing Working Group "Phishing Activity Trends Report, 4th
Quarter 2009" page. 4, October - December 2009.
http://www.antiphishing.org/reports/apwg_report_Q4_2009.pdf.
Accessed: June 9, 2010
[4] Personalized Sign-In Seal - Yahoo Inc. https://protect.login.yahoo.com.
Accessed: May 2, 2010
[5] How do I create a sign-in seal? - Yahoo Inc.
http://help.yahoo.com/l/us/yahoo/edit/privacy/edit-41.html. Accessed:
June 5, 2010
[6] Sign in to Yahoo! - Yahoo Mail Homepage.
https://login.yahoo.com/config/login_verify2?&.src=ym. Accessed: May
15, 2010
[7] Naveen Agarwal, Scott Renfro, Arturo Bejar - Yahoo Inc "Yahoo!'s
sign-in seal and current anti-phishing solutions" page 3, Published :
May 24, Oakland, California, W2SP 2007: Web 2.0 Security and
Privacy 2007., in press. http://w2spconf.com/2007/papers/paper-190-
z_1282.pdf. Accessed: May 22, 2010
[8] DomainKeys help detect forged email - Yahoo Inc.
http://help.yahoo.com/l/us/yahoo/mail/classic/context/context-07.html.
Accessed: June 13, 2010
[9] CertifiedEmail, managed by Goodmail Systems - Yahoo Inc.
http://antispam.yahoo.com/certifiedemail. Accessed: June 3, 2010
[10] Google Upgrades Gmail - PC World.
http://www.pcworld.com/article/118567/google_upgrades_gmail.html.
Accessed: July 7, 2010
[11] Gmail preventing Phishing ! - Blog by Arjun Prabhu.
http://www.arjunprabhu.com/blog/archives/2005/03/03/gmailpreventing-
phishing. Accessed: July 9, 2010
[12] Spice up your inbox with colors and themes, Posted by Annie Chen,
Gmail engineer - The Official Gmail Blog.
http://gmailblog.blogspot.com/2008/11/spice-up-your-inbox-withcolors-
and.html. Accessed: May 12, 2010
[13] The super-trustworthy, anti-phishing key, Posted by Brad Taylor, Gmail
Spam Czar - The Official Gmail Blog.
http://gmailblog.blogspot.com/2009/07/new-in-labs-super-trustworthyanti.
html. Accessed: May 17, 2010
[14] Choosing a smart password, Posted by Michael Santerre, Consumer
Operations Associate - The Official Gmail Blog.
http://gmailblog.blogspot.com/2009/10/choosing-smart-password.html.
Accessed: June 13, 2010
[15] Microsoft Adds New Spam Filtering Technology Across E-Mail
Platforms - Microsoft News Center.
http://www.microsoft.com/presspass/features/2003/nov03/11-
17spamfilter.mspx. Accessed: June 22, 2010
[16] Fighting Junk E-Mail : Hotmail Filters - Windows Live.
http://mail.live.com/mail/junkemail.aspx. Accessed: June 19, 2010
[17] Don't Let Your Company Get Hooked by Phishing - Microsoft
Corporation.
http://www.microsoft.com/mscorp/safety/technologies/antiphishing/guid
ance.mspx. Accessed: June 15, 2010
[18] Sender ID Framework - Microsoft Corporation.
http://www.microsoft.com/mscorp/safety/technologies/senderid/default.
mspx. Accessed: June 18, 2010
[19] Homepage - Rediff.com. http://www.rediffmail.com. Accessed: July 16,
2010
[20] Microsoft Phishing Filter at a Glance - Microsoft Corporation.
http://www.microsoft.com/mscorp/safety/technologies/antiphishing/at_g
lance.mspx. Accessed: July 12, 2010
[21] Anti-phishing White Paper - Microsoft Corporation.
http://www.microsoft.com/downloads/details.aspx?FamilyId=B4022C66
-99BC-4A30-9ECC-8BDEFCF0501D&displaylang=en. Accessed: July
17, 2010
[22] Microsoft's Approach to Anti-Phishing - Microsoft Corporation.
http://www.microsoft.com/mscorp/safety/technologies/antiphishing/visio
n.mspx. Accessed: July 18, 2010
[23] Google Safe Browsing - Add-ons for Firefox.
http://www.google.com/tools/firefox/safebrowsing/. Accessed: July 6,
2010
[24] FirePhish Anti-Phishing Extension - Add-ons for Firefox.
https://addons.mozilla.org/en-US/firefox/addon/2366/. Accessed: July
15, 2010
[25] Opera Fraud and Malware Protection - Opera Software ASA.
http://www.opera.com/docs/fraudprotection. Accessed: July 15, 2010
[26] Opera Introduces Fraud Protection, Powered by GeoTrust and
PhishTank - Opera Software ASA. Accessed: July 16, 2010
[27] Malware protection - Opera Software ASA.
http://my.opera.com/desktopteam/blog/2008/06/06/malware-protection.
Accessed: July 16, 2010
[28] Security settings: Phishing and malware detection - Google Chrome
Help.
http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=
99020. Accessed: August 5, 2010
[29] Database for information on phishing sites reported by the public -
PhishTank. http://www.phishtank.com/. Accessed: July 18, 2010
[30] Phishing Alerts - FraudWatch International.
http://www.fraudwatchinternational.com/phishing/index.php. Accessed:
July 19, 2010
[31] Anti-Phishing Toolbar - Netcraft. http://toolbar.netcraft.com/.
Accessed: June 20, 2010
[32] Phishing Filter Add-in for MSN Search Toolbar - Microsoft
Corporation.
http://www.microsoft.com/mscorp/safety/technologies/antiphishing/at_g
lance.mspx. Accessed: June 21, 2010
[33] ScamBlocker Toolbar - Earthlink.
http://www.earthlink.net/partners/sprint/software/toolbar/. Accessed:
June 28, 2010
[34] TrustWatch anti-phishing service - Geotrust.
http://www.geotrust.com/comcasttoolbar/. Accessed: June 27, 2010
[35] Anti - Fraud Toolbar - Cloudmark.
http://www.cloudmark.com/en/home.html. Accessed: June 30, 2010
[36] Lorrie Cranor, Serge Egelman, Jason Hong, and Yue Zhang "Phinding
phish: An evaluation of anti-phishing toolbars". The 14th Annual
Network & Distributed System Security (NDSS) Symposium 2007 - San
Diego, CA - 28th February - 2nd March., in press.
http://www.isoc.org/isoc/conferences/ndss/07/papers/phinding_phish.pd
f. Accessed: August 11, 2010.
[37] Anti Phishing Working Group "Consumer Advice: How to Avoid
Phishing Scams". http://www.antiphishing.org/consumer_recs.html.
Accessed: June 28,, 2010
[38] Mitesh Bargadiya, Vijay Chaudhari, Mohd. Ilyas Khan, Bhupendra
Verma "The Web Identity Prevention: Factors to consider in the antiphishing
design", Vol. 2(7), 2010, 2807-2812, pp. 2811, ISSN: 0975-
5462., in press. http://www.ijest.info/docs/IJEST10-02-07-67.pdf.
Accessed: August 1, 2010
[39] TrustedSource.org, PhishRegistry.org and SpamArchive.org, Secure
Computing Research Portal - CipherTrust.
http://research.ciphertrust.com/. Accessed: August 16, 2010
[40] MakeAlert "Trademark and brand protection for domain names" -
Domain Tools. http://www.domaintools.com/mark-alert/. Accessed: July
12, 2010
[41] Advanced Search - Google.
http://www.google.co.in/advanced_search?hl=en. Accessed: August 19,
2010
[42] KeyScrambler - QFX Software. http://www.qfxsoftware.com/.
Accessed: August 24, 2010
@article{"International Journal of Information, Control and Computer Sciences:54680", author = "Gundeep Singh Bindra", title = "Efficacy of Anti-phishing Measures and Strategies - A Research Analysis", abstract = "Statistics indicate that more than 1000 phishing attacks are launched every month. With 57 million people hit by the fraud so far in America alone, how do we combat phishing?This publication aims to discuss strategies in the war against Phishing. This study is an examination of the analysis and critique found in the ways adopted at various levels to counter the crescendo of phishing attacks and new techniques being adopted for the same. An analysis of the measures taken up by the varied popular Mail servers and popular browsers is done under this study. This work intends to increase the understanding and awareness of the internet user across the globe and even discusses plausible countermeasures at the users as well as the developers end. This conceptual paper will contribute to future research on similar topics.
", keywords = "Anti-phishing, countermeasures, effectiveness, fake pages, security analysis.", volume = "4", number = "9", pages = "1404-7", }
