Preface. Acknowledgements. 1. Introduction to Phishing. 1.1 What is
Phishing? 1.2 A Brief History of Phishing. 1.3 The Costs to Society of
Phishing. 1.4 A Typical Phishing Attack. 1.5 Evolution of Phishing. 1.6
Case Study: Phishing on Froogle. 1.7 Protecting Users from Phishing.
References. 2. Phishing Attacks: Information Flow and Chokepoints. 2.1
Types of Phishing Attacks. 2.2 Technology, Chokepoints and Countermeasures.
References. 3. Spoofing and Countermeasures. 3.1 Email Spoofing. 3.2 IP
Spoofing. 3.3 Homograph Attacks Using Unicode. 3.4 Simulated Browser
Attack. 3.5 Case Study: Warning the User About Active Web Spoofing.
References. 4. Pharming and Client Side Attacks. 4.1 Malware. 4.2 Malware
Defense Strategies. 4.3 Pharming. 4.4 Case Study: Pharming with Appliances.
4.5 Case Study: Race-Pharming. References. 5. Status Quo Security Tools.
5.1 An overview of Anti-Spam Techniques. 5.2 Public Key Cryptography and
its Infrastructure. 5.3 SSL Without a PKI. 5.4 Honeypots. References. 6.
Adding Context to Phishing Attacks: Spear Phishing. 6.1 Overview of Context
Aware Phishing. 6.2 Modeling Phishing Attacks. 6.3 Case Study: Automated
Trawling for Public Private Data. 6.4 Case Study: Using Your Social Network
Against You. 6.5 Case Study: Browser Recon Attacks. 6.6 Case Study: Using
the Autofill feature in Phishing. 6.7 Case Study: Acoustic Keyboard
Emanations. References. 7. Human-Centered Design Considerations. 7.1
Introduction: The Human Context of Phishing and Online Security. 7.2
Understanding and Designing for Users. 7.3 Mis-Education. References. 8.
Passwords. 8.1 Traditional Passwords. 8.2 Case Study: Phishing in Germany.
8.3 Security Questions as Password Reset Mechanisms. 8.4 One-Time Password
Tokens. References. 9. Mutual Authentication and Trusted Pathways. 9.1 The
Need for Reliable Mutual Authentication. 9.2 Password Authenticated Key
Exchange. 9.3 Delayed Password Disclosure. 9.4 Trusted Path: How To Find
Trust in an Unscrupulous World. 9.5 Dynamic Security Skins. 9.6 Browser
Enhancements for Preventing Phishing. References. 10. Biometrics and
Authentication. 10.1 Biometrics. 10.2 Hardware Tokens for Authentication
and Authorization. 10.3 Trusted Computing Platforms and Secure Operating
Systems. 10.4 Secure Dongles and PDAs. 10.5 Cookies for Authentication.
10.6 Lightweight Email Signatures. References. 11. Making Takedown
Difficult. 11.1 Detection and Takedown. References. 12. Protecting Browser
State. 12.1 Client-Side Protection of Browser State. 12.2 Server-Side
Protection of Browser State. References. 13. Browser Toolbars. 13.1
Browser-Based Anti-Phishing Tools. 13.2 Do Browser Toolbars Actually
Prevent Phishing? References. 14. Social Networks. 14.1 The Role of Trust
Online. 14.2 Existing Solutions for Securing Trust Online. 14.3 Case Study:
"Net Trust". 14.4 The Risk of Social Networks. References. 15. Microsoft's
Anti-Phishing Technologies and Tactics. 15.1 Cutting The Bait: SmartScreen
Detection of Email Spam and Scams. 15.2 Cutting The Hook: Dynamic
Protection Within the Web Browser. 15.3 Prescriptive Guidance and Education
for Users. 15.4 Ongoing Collaboration, Education and Innovation.
References. 16. Using S/MIME. 16.1 Secure Electronic Mail: A Brief History.
16.2 Amazon.com's Experience with S/MIME. 16.3 Signatures Without Sealing.
16.4 Conclusions and Recommendations. References. 17. Experimental
evaluation of attacks and countermeasures. 17.1 Behavioral Studies. 17.2
Case Study: Attacking eBay Users with Queries. 17.3 Case Study: Signed
Applets. 17.4 Case Study: Ethically Studying Man in the Middle. 17.5 Legal
Considerations in Phishing Research. 17.6 Case Study: Designing and
Conducting Phishing Experiments. References. 18. Liability for Phishing.
18.1 Impersonation. 18.2 Obtaining Personal Information. 18.3 Exploiting
Personal Information. References. 19. The Future. Index. About the Editors.