Author:
Hicham Tout
Affiliation:
Nova Southeastern University, United States
Keyword(s):
Phishing, Spam, Information security, Identity theft, Social engineering, Encryption, Hash algorithms, One time password, Digital certificates, Online scams, Web, Pharming.
Related
Ontology
Subjects/Areas/Topics:
Identification, Authentication and Non-Repudiation
;
Information and Systems Security
;
Phishing, Adfraud, Malware, and Countermeasures
;
Security in Information Systems
;
Security Information Systems Architecture and Design and Security Patterns
Abstract:
Phishing is a social engineering technique used to fraudulently acquire sensitive information from users by masquerading as a legitimate entity. One of the primary goals of phishing is to illegally carry fraudulent financial transactions on behalf of users. The two primary vulnerabilities exploited by phishers are: Inability of non-technical/unsophisticated users to always identify spoofed emails or Web sites; and the relative ease with which phishers masquerade as legitimate Web sites. This paper presents Phishpin, an approach that leverages the concepts of mutual authentication to require online entities to prove their identities. To this end, Phishpin builds on One-Time-Password, DNS, partial credentials sharing, & client filtering to prevent phishers from masquerading as legitimate online entities.