TY - GEN
T1 - PHONEY
T2 - WoWMoM 2006: 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks
AU - Chandrasekaran, Madhusudhanan
AU - Chinchani, Ramkumar
AU - Upadhyaya, Shambhu
PY - 2006
Y1 - 2006
N2 - Phishing scams pose a serious threat to end-users and commercial institutions alike. Email continues to be the favorite vehicle to perpetrate such scams mainly due to its widespread use combined with the ability to easily spoof them. Several approaches, both generic and specialized, have been proposed to address this problem. However, phishing techniques, growing in ingenuity as well as sophistication, render these solutions weak. In this paper we propose a novel approach to detect phishing attacks using fake responses which mimic real users, essentially, reversing the role of the victim and the adversary. Our prototype implementation called PHONEY, sits between a user's mail transfer agent (MTA) and mail user agent (MUA) and processes each arriving email for phishing attacks. Using live email data collected over a period of eight months we demonstrate data that our approach is able to detect a wider range of phishing attacks than existing schemes. Also, the performance analysis study shows that the implementation overhead introduced by our tool is very negligible.
AB - Phishing scams pose a serious threat to end-users and commercial institutions alike. Email continues to be the favorite vehicle to perpetrate such scams mainly due to its widespread use combined with the ability to easily spoof them. Several approaches, both generic and specialized, have been proposed to address this problem. However, phishing techniques, growing in ingenuity as well as sophistication, render these solutions weak. In this paper we propose a novel approach to detect phishing attacks using fake responses which mimic real users, essentially, reversing the role of the victim and the adversary. Our prototype implementation called PHONEY, sits between a user's mail transfer agent (MTA) and mail user agent (MUA) and processes each arriving email for phishing attacks. Using live email data collected over a period of eight months we demonstrate data that our approach is able to detect a wider range of phishing attacks than existing schemes. Also, the performance analysis study shows that the implementation overhead introduced by our tool is very negligible.
UR - https://www.scopus.com/pages/publications/33845926633
U2 - 10.1109/WOWMOM.2006.87
DO - 10.1109/WOWMOM.2006.87
M3 - Conference contribution
AN - SCOPUS:33845926633
SN - 0769525938
SN - 9780769525938
T3 - Proceedings - WoWMoM 2006: 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks
SP - 668
EP - 672
BT - Proceedings - WoWMoM 2006
Y2 - 26 June 2006 through 29 June 2006
ER -