sharp s (Eszett)

Stephane Bortzmeyer bortzmeyer at
Mon Mar 10 04:12:04 CET 2008

On Mon, Mar 10, 2008 at 10:10:01AM +0900,
 Martin Duerst <duerst at> wrote 
 a message of 56 lines which said:

> >All the studies on phishing have shown that almost no user takes into
> >account the domain name in its credibility assessment algorithm,
> >relying instead on the look of the page. So, trying to address the
> >phishing problem through homographs is a bad start.
> Very interesting. Can you provide some pointers?

A good bibliography (thanks to Mike Beltzner @ Mozilla) is:

"Decision Strategies and Susceptibility to Phishing", Downs, Holbrook & Cranor

"Why Phishing Works", Dhamija, Tygar & Hearst

"Do Security Toolbars Actually Prevent Phishing Attacks", Wu, Miller & Garfinkel

"Phishing Tips and Techniques", Gutmann

More information about the Idna-update mailing list