Abstract
Phishing attacks are one of the most crucial modern security threats in the current World Wide Web. An adversary may clone a legitimate Web site and lure a user to submit her credentials to the malicious construct. The adversary may then use the stolen credentials to the authentic site. In this paper we present a novel idea to fight phishing using Past Activity Tests (PACTs). In a nutshell, PACTs take advantage of the fact that the user has accessed at least once her account in the past, contrary to the phisher who accesses the user’s account for the first time. Thus, a user can answer a question relative to her past activity, but the attacker can not.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
APWG. Anti-phishing working group. http://www.antiphishing.org
PHP. Hypertext preprocessor. http://www.php.net
PostgreSQL. The world’s most advanced open source database. http://www.postgresql.org
Yahoo people search. http://people.yahoo.com
Google. Search engine. http://www.google.com
Hotmail. Free e-mail service with security by Microsoft. http://www.hotmail.com
Gmail. A new kind of webmail. http://mail.google.com
Flickr. Photo sharing service. http://www.flickr.com
Gnutella. http://www.gnutella.com
B. Ross, C. Jackson, N. Miyake, D. Boneh, J. C. Mitchell (2005). Stronger Password Authentication Using Browser Extensions. In SSYM’05: Proceedings of the 14th Conference on USENIX Security Symposium, pp. 2–2, Berkeley, CA, USA. Usenix Association
R. Dhamija and J. D. Tygar (2005). The Battle Against Phishing: Dynamic Security Skins. In SOUPS ‘05: Proceedings of the 2005 Symposium on Usable Privacy and Security, pp. 77–88, New York, USA, 2005. ACM Press
E. Kirda and C. Kruegel (2005). Protecting Users Against Phishing Attacks with AntiPhish. In COMPSAC ‘05: Proceedings of the 29th Annual International Computer Software and Applications Conference (COMPSAC’05) Vol. 1, pp. 517–524, Washington, DC, USA. IEEE Computer Society.
L. Wenyin, G. Huang, L. Xiaoyue, Z. Min and X. Deng (2005). Detection of Phishing Webpages Based on Visual Similarity. In WWW ‘05: Special Interest Tracks and Posters of the 14th International Conference on World Wide Web, pp. 1060–1061, New York, USA. ACM Press
Passfaces. Patented graphical passwords for enterprise. http://www.passfaces.com
A.Y. Fu (2006). Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover’s Distance (EMD). IEEE Trans. Dependable Secur. Comput., 3(4):301–311. Senior Member-Liu Wenyin and Senior Member-Xiaotie Deng.
W. Liu, X. Deng, G. Huang and A.Y. Fu (2006). An Antiphishing Strategy Based on Visual Similarity Assessment. IEEE Educational Activities Department, 10(2):58–65
Y. Zhang, J. Hong and L. Cranor (2007). CANTINA: A Content-Based Approach to Detecting Phishing Web Sites. In Proceedings of the 16th International World Wide Web Conference (WWW2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer Science+Business Media, LLC
About this paper
Cite this paper
Nikiforakis, N., Makridakis, A., Athanasopoulos, E., Markatos, E.P. (2009). Alice, What Did You Do Last Time? Fighting Phishing Using Past Activity Tests. In: Siris, V., Anagnostakis, K., Ioannidis, S., Trimintzios, P. (eds) Proceedings of the 3rd European Conference on Computer Network Defense. Lecture Notes in Electrical Engineering, vol 30. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-85555-4_7
Download citation
DOI: https://doi.org/10.1007/978-0-387-85555-4_7
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-85554-7
Online ISBN: 978-0-387-85555-4
eBook Packages: EngineeringEngineering (R0)