sharp s (Eszett)
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon Mar 10 04:12:04 CET 2008
On Mon, Mar 10, 2008 at 10:10:01AM +0900,
Martin Duerst <duerst at it.aoyama.ac.jp> wrote
a message of 56 lines which said:
> >All the studies on phishing have shown that almost no user takes into
> >account the domain name in its credibility assessment algorithm,
> >relying instead on the look of the page. So, trying to address the
> >phishing problem through homographs is a bad start.
>
> Very interesting. Can you provide some pointers?
A good bibliography (thanks to Mike Beltzner @ Mozilla) is:
"Decision Strategies and Susceptibility to Phishing", Downs, Holbrook & Cranor
http://cups.cs.cmu.edu/soups/2006/proceedings/p79_downs.pdf
"Why Phishing Works", Dhamija, Tygar & Hearst
http://people.deas.harvard.edu/~rachna/papers/why_phishing_works.pdf
"Do Security Toolbars Actually Prevent Phishing Attacks", Wu, Miller & Garfinkel
http://www.simson.net/ref/2006/CHI-security-toolbar-final.pdf
"Phishing Tips and Techniques", Gutmann
http://www.cs.auckland.ac.nz/~pgut001/pubs/phishing.pdf
More information about the Idna-update
mailing list