Accession Number:

ADA456923

Title:

A Defense-in-Depth Approach to Phishing

Descriptive Note:

Master's master

Corporate Author:

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Personal Author(s):

Report Date:

2006-09-01

Pagination or Media Count:

89.0

Abstract:

Phishing is a form of crime in which identity theft is accomplished by use of deceptive electronic mail and a fake site on the World Wide Web. Phishing threatens financial institutions, retail companies, and consumers daily and phishers remain successful by researching anti-phishing countermeasures and adapting their attack methods to the countermeasures, either to exploit them, or completely circumvent them. An effective solution to phishing requires a multi-faceted defense strategy. We propose a model for phishing. We report on a survey we conducted of user detection of phishing. We also report on experiments to assess the success of automated methods for assessing clues to phishing email. We present recommendations for a defense-in-depth strategy to prevent phishing.

Subject Categories:

  • Computer Programming and Software
  • Defense Systems
  • Countermeasures

Distribution Statement:

APPROVED FOR PUBLIC RELEASE