A defense-in-depth approach to phishing
Loading...
Authors
Barnes, David S.
Subjects
Advisors
Martell, Craig H.
Rowe, Neil C.
Date of Issue
2006-09
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Phishing is a form of crime in which identity theft is accomplished by use of deceptive electronic mail and a fake site on the World Wide Web. Phishing threatens financial institutions, retail companies, and consumers daily and phishers remain successful by researching anti-phishing countermeasures and adapting their attack methods to the countermeasures, either to exploit them, or completely circumvent them. An effective solution to phishing requires a multi-faceted defense strategy. We propose a model for phishing. We report on a survey we conducted of user detection of phishing. We also report on experiments to assess the success of automated methods for assessing clues to phishing email. We present recommendations for a defense-in-depth strategy to prevent phishing.
Type
Thesis
Description
Series/Report No
Department
Department of Computer Science
Organization
Naval Postgraduate School
Identifiers
NPS Report Number
Sponsors
Funder
Format
xiv, 73 p. : col. ill. ;
Citation
Distribution Statement
Approved for public release; distribution is unlimited.