Skip to main content
SpringerLink
Log in

Phishing Attacks and Countermeasures

  • Chapter
Handbook of Information and Communication Security

Abstract

This chapter surveys phishing attacks and their countermeasures. We first examine the underlying ecosystem that facilitates these attacks. Then we go into some detail with regard to the techniques phishers use, the kind of brands they target, as well as variations on traditional attacks. Finally, we describe several proposed countermeasures to phishing attacks and their relative merits.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 349.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 449.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 599.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Symantec, Inc.: Internet security threat report volume XIII (April 2008)

    Google Scholar 

  2. Z. Ramzan, C. Wueest: Phishing attacks: analyzing trends in 2006, Conference on Email and Anti-Spam (August 2007)

    Google Scholar 

  3. Symantec, Inc.: Symantec report on the underground economy (November 2008), available at http://www.symantec.com/business/theme.jsp?themeid=threatreport

  4. C. Wueest: Personal communication (2008)

    Google Scholar 

  5. M. Jakobsson, Z. Ramzan: Crimeware: Understanding New Attacks and Defenses (Addison Wesley, Boston, MA 2008)

    Google Scholar 

  6. M. Jakobsson, A. Juels, T. Jagatic: Cache cookies for browser authentication – extended abstract, IEEE S&P’06 (2006)

    Google Scholar 

  7. T. Jagatic, N. Johnson, M. Jakobsson, F. Menczer: Social phishing, Commun. ACM 50(10), 94–100 (2007)

    Article  Google Scholar 

  8. O. Whitehouse: SMS/MMS: The new frontier for spam and phishing, Symantec Security Response Blog (14 July 2006), available at http://www.symantec.com/enterprise/security_response/weblog/2006/07/sms mms_one_of_the_next_frontie.html

  9. Honeynet Project: Know your enemies: fast flux service networks (July 2007), available at http://www.honeynet.org/papers/ff/fast-flux.html

  10. G. Aaron, D. Alperovitch, L. Mather: The relationship of phishing and domain tasting, report and analysis by APWG DNS Policy Working Group

    Google Scholar 

  11. S/MIME Working Group: http://www.imc.org/ietf-smime/

  12. E. Allman, J. Callas, M. Delaney, M. Libbey, J. Fenton, M. Thomas: Domain keys identified mail, IETF Internet Draft (2005)

    Google Scholar 

  13. M. Wu, R. Miller, S.L. Garfinkel: Do security toolbars actually prevent phishing attacks?, Conference on Human Factors in Computing Systems (2006)

    Google Scholar 

  14. S. Schechter, R. Dhamija, A. Ozment, I. Fischer: The emperor’s new security indicators: an evaluation of website authentication and the effect of role playing on usability studies, IEEE Symposium on Security and Privacy (2007)

    Google Scholar 

  15. A. Sotirov, M. Stevens, J. Appelbaum, A. Lenstra, D. Molnar, D.A. Osvik, B. de Weger: MD5 considered harmful today: creating a rogue CA certificate, available at http://www.win.tue.nl/hashclash/rogue-ca/

  16. L. James: Phishing Exposed (Syngress, Rockland 2005)

    Google Scholar 

  17. M. Jakobsson, S. Myers (Eds.): Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft (Wiley, Hoboken 2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Symantec, 20330 Stevens Creek Blvd., 95014, Cupertino, CA, USA

    Zulfikar Ramzan

Authors
  1. Zulfikar Ramzan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Technical University of Crete, 73132, Chania, Crete, Greece

    Peter Stavroulakis

  2. Dept. Computer Science, San Jose State University, One Washington Square, 95192, San Jose, CA, USA

    Mark Stamp

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Ramzan, Z. (2010). Phishing Attacks and Countermeasures. In: Stavroulakis, P., Stamp, M. (eds) Handbook of Information and Communication Security. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04117-4_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04117-4_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04116-7

  • Online ISBN: 978-3-642-04117-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation