Research Article
Phishing Attacks and Solutions
@INPROCEEDINGS{10.4108/ICST.MOBIMEDIA2007.1899, author={Mohamad Badra and Samer El-Sawda and Ibrahim Hajjeh}, title={Phishing Attacks and Solutions}, proceedings={3rd International ICST Conference on Mobile Multimedia Communications}, proceedings_a={MOBIMEDIA}, year={2010}, month={5}, keywords={TLS Public Key Infrastructures Phishing SRP RSA Diffie-Hellman.}, doi={10.4108/ICST.MOBIMEDIA2007.1899} }- Mohamad Badra
Samer El-Sawda
Ibrahim Hajjeh
Year: 2010
Phishing Attacks and Solutions
MOBIMEDIA
ICST
DOI: 10.4108/ICST.MOBIMEDIA2007.1899
Abstract
Phishing is a form of online identity theft employing both social engineering and technical subterfuge to steal user credentials such as usernames and passwords. Targeted data sources include especially Web pages, email spam, domain names. Mounting a phishing attacks may take several ways but the popular one takes the form of a phishing message arrives in the user mailbox pretending to be from a bank, directing the user to a web page and asking him to enter his credentials, but the web page is not one actually associated with the bank. In this paper, we focus on the Web site phishing, in which available solutions are based either on providing early warning of suspicious activity and rapid response or on the use of TLS (Transport Layer Security). We present the TLS-SRP (Secure Remote Password) and TLS-PSK (Pre Shared Key) protocols and we demonstrate how these two solutions can be useful to reduce the Web site phishing threats.