Jakobsson, Markus / Myers, Steven (eds.) Phishing and Countermeasures Understanding the Increasing Problem of Electronic Identity Theft
1. Edition - January 2007 59.90 Euro 2007. 736 Pages, Hardcover - Practical Approach Book - ISBN-10: 0-471-78245-9 ISBN-13: 978-0-471-78245-2 - John Wiley & Sons
Short description Phishing and Counter-Measures discusses how and why phishing is a threat, and presents effective countermeasures. Educating readers on how phishing attacks have been mounting over the years, how to detect and prevent current as well as future attacks, this text focuses on corporations who supply the resources used by attackers. The authors subsequently deliberate on what action the government can take to respond to this situation and compares adequate versus inadequate countermeasures.
From the contents Preface.
Acknowledgements.
1. Introduction to Phishing.
1.1 What is Phishing?
1.2 A Brief History of Phishing.
1.3 The Costs to Society of Phishing.
1.4 A Typical Phishing Attack.
1.5 Evolution of Phishing.
1.6 Case Study: Phishing on Froogle.
1.7 Protecting Users from Phishing.
References.
2. Phishing Attacks: Information Flow and Chokepoints.
2.1 Types of Phishing Attacks.
2.2 Technology, Chokepoints and Countermeasures.
References.
3. Spoofing and Countermeasures.
3.1 Email Spoofing.
3.2 IP Spoofing.
3.3 Homograph Attacks Using Unicode.
3.4 Simulated Browser Attack.
3.5 Case Study: Warning the User About Active Web Spoofing.
References.
4. Pharming and Client Side Attacks.
4.1 Malware.
4.2 Malware Defense Strategies.
4.3 Pharming.
4.4 Case Study: Pharming with Appliances.
4.5 Case Study: Race-Pharming.
References.
5. Status Quo Security Tools.
5.1 An overview of Anti-Spam Techniques.
5.2 Public Key Cryptography and its Infrastructure.
5.3 SSL Without a PKI.
5.4 Honeypots.
References.
6. Adding Context to Phishing Attacks: Spear Phishing.
6.1 Overview of Context Aware Phishing.
6.2 Modeling Phishing Attacks.
6.3 Case Study: Automated Trawling for Public Private Data.
6.4 Case Study: Using Your Social Network Against You.
6.5 Case Study: Browser Recon Attacks.
6.6 Case Study: Using the Autofill feature in Phishing.
6.7 Case Study: Acoustic Keyboard Emanations.
References.
7. Human-Centered Design Considerations.
7.1 Introduction: The Human Context of Phishing and Online Security.
7.2 Understanding and Designing for Users.
7.3 Mis-Education.
References.
8. Passwords.
8.1 Traditional Passwords.
8.2 Case Study: Phishing in Germany.
8.3 Security Questions as Password Reset Mechanisms.
8.4 One-Time Password Tokens.
References.
9. Mutual Authentication and Trusted Pathways.
9.1 The Need for Reliable Mutual Authentication.
9.2 Password Authenticated Key Exchange.
9.3 Delayed Password Disclosure.
9.4 Trusted Path: How To Find Trust in an Unscrupulous World.
9.5 Dynamic Security Skins.
9.6 Browser Enhancements for Preventing Phishing.
References.
10. Biometrics and Authentication.
10.1 Biometrics.
10.2 Hardware Tokens for Authentication and Authorization.
10.3 Trusted Computing Platforms and Secure Operating Systems.
10.4 Secure Dongles and PDAs.
10.5 Cookies for Authentication.
10.6 Lightweight Email Signatures.
References.
11. Making Takedown Difficult.
11.1 Detection and Takedown.
References.
12. Protecting Browser State.
12.1 Client-Side Protection of Browser State.
12.2 Server-Side Protection of Browser State.
References.
13. Browser Toolbars.
13.1 Browser-Based Anti-Phishing Tools.
13.2 Do Browser Toolbars Actually Prevent Phishing?
References.
14. Social Networks.
14.1 The Role of Trust Online.
14.2 Existing Solutions for Securing Trust Online.
14.3 Case Study: "Net Trust".
14.4 The Risk of Social Networks.
References.
15. Microsoft's Anti-Phishing Technologies and Tactics.
15.1 Cutting The Bait: SmartScreen Detection of Email Spam and Scams.
15.2 Cutting The Hook: Dynamic Protection Within the Web Browser.
15.3 Prescriptive Guidance and Education for Users.
15.4 Ongoing Collaboration, Education and Innovation.
References.
16. Using S/MIME.
16.1 Secure Electronic Mail: A Brief History.
16.2 Amazon.com's Experience with S/MIME.
16.3 Signatures Without Sealing.
16.4 Conclusions and Recommendations.
References.
17. Experimental evaluation of attacks and countermeasures.
17.1 Behavioral Studies.
17.2 Case Study: Attacking eBay Users with Queries.
17.3 Case Study: Signed Applets.
17.4 Case Study: Ethically Studying Man in the Middle.
17.5 Legal Considerations in Phishing Research.
17.6 Case Study: Designing and Conducting Phishing Experiments.
