Journal of Students' Research in Technology & Management

Phishing is one of the most common attacks used to extract sensitive information for malicious use. It is one of the easiest ways to extract confidential data on a large-scale. A fraudulent website/e-mail which looks very similar to the original is setup to trap the victim to give away confidential information. A large population of internet users still lacks knowledge to avoid phishing. When the phishing attacks are complimented with social engineering skills, the success rate is increased. Along with the progress of technology, phishing techniques have evolved encroaching upon newer communication mediums like voice and text messages giving rise to newer specialized forms of Phishing called - Vishing and SMSishing. In this paper, we also cover how to avoid being a victim of these attacks. One of the best promising methods to avoid Phishing is Zero Knowledge Authentication -ZeKo which immunes the user from phishing attacks.

Phishing, Vishing, SMSishing, Social Engineering, ZeKo.

Paul Knickerbocker, Combating Phishing through Zero-Knowledge Authentication, Department of Computer and Information Science and the Graduate School of the University of Oregon

A Karakasiliotis, Assessing end-user awareness of social engineering and phishing, 7th Australian Information Warfare and Security Conference.

Aaron Dolan, Social Engineering, SANS Institute InfoSec Reading Room.

John Aycock, A Design for an anti-spear-phishing system, Virus Bulletin Conference 2007.

Rachna Dhamija, JD Tygar and Marti Hearst, Why Phishing Works, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems.