sharp s (Eszett)

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Mar 10 04:12:04 CET 2008


On Mon, Mar 10, 2008 at 10:10:01AM +0900,
 Martin Duerst <duerst at it.aoyama.ac.jp> wrote 
 a message of 56 lines which said:

> >All the studies on phishing have shown that almost no user takes into
> >account the domain name in its credibility assessment algorithm,
> >relying instead on the look of the page. So, trying to address the
> >phishing problem through homographs is a bad start.
> 
> Very interesting. Can you provide some pointers?

A good bibliography (thanks to Mike Beltzner @ Mozilla) is:

"Decision Strategies and Susceptibility to Phishing", Downs, Holbrook & Cranor
   http://cups.cs.cmu.edu/soups/2006/proceedings/p79_downs.pdf

"Why Phishing Works", Dhamija, Tygar & Hearst
   http://people.deas.harvard.edu/~rachna/papers/why_phishing_works.pdf

"Do Security Toolbars Actually Prevent Phishing Attacks", Wu, Miller & Garfinkel
   http://www.simson.net/ref/2006/CHI-security-toolbar-final.pdf

"Phishing Tips and Techniques", Gutmann
   http://www.cs.auckland.ac.nz/~pgut001/pubs/phishing.pdf



More information about the Idna-update mailing list