网络钓鱼的攻击方式与识别技术

钓鱼网站是指攻击者利用各种手段仿冒正规的各类网站,目的是骗取用户的敏感信息,如用户的账号和密码,钓鱼网站已经严重威胁了用户的财产安全。本文通过分析网络钓鱼网站的攻击方式,阐述了网络钓鱼网站的识别方法,即根据钓鱼网站的网页的特征,构建钓鱼网站的特征向量,通过已有的钓鱼网站检测特征对识别钓鱼网站的贡献度,确定各个特征向量的权重,再根据这些特征向量比较检测网页的相似度,从而能够鉴别钓鱼网站。     

网络钓鱼及其防范技术

网络钓鱼(phishing)是一种网络诈骗方式,危害互联网发展和用户利益。详细分析了5种主要的网络钓鱼方式,提出了针对性较强的4种防范措施。     

Spear phishing in a barrel: Insights from a targeted phishing campaign

Executives in many industries have fallen prey to socially engineered attacks known as spear phishing. Using highly targeted emails, social engineers trick victims into performing unintended actions by masquerading as legitimate actors. To shed light on effective spear phishing training, we conducted a multi-round experiment. Our results indicate that training users with individual loss messaging might increase the effectiveness of the training. Additionally, we found potential evidence that organizational training can lead to increased overall spear phishing awareness, even for those not directly trained. Despite these promising results, however, individuals’ susceptibility to highly targeted spear phishing attacks remains troubling for practitioners and researchers.     

基于客户视角的网络银行安全：反钓鱼欺诈

文章主要关注的是对网络银行安全构成重大威胁的钓鱼欺诈：首先对钓鱼欺诈进行了概括性的讨论和分析；由于在此前的诸多研究中，客户的作用与地位往往被忽视，于是文章做了一个旨在了解客户识别及判断钓鱼欺诈能力的调查，以充分说明网络银行安全的两个关键要素是网络银行提供商和网络银行客户；最后，从客户视角出发，提出了一些建议，希望能让在客户层面的网络安全防御能与提供商层面的安全防御一样固若金汤。