Académique Documents
Professionnel Documents
Culture Documents
1. Introduction
There seems to be little question that several sweeping changes in the overall state of I.T. practices couple with equally broad changes in the habits of criminal world are making significant, hardhitting attacks easier and more lucrative for their perpetrators (Richardson, 2013). Any use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy.(Miriam-Webster). Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government. Computer crime is the biggest and broadly criminal acts have been committed using a computer of a user and also the principle tool. Even you talk about computer crimes they are usually mention or referring to the fact that computer either been the medium, object, subject or the instrument of a crime. While the changes in technology prior to computers did provide individuals with opportunities to commit new crimes or made it easier to commit traditional crimes, the threats posed to society by the use of technology remained acceptable and could generally be managed by local or state law enforcement. For the further distinction, we can made crime purely incidentally that is the one role of a computer. These include such as a traditional crimes like fraud, piracy, forgery, extortion, theft and pornogr aphy. Moreover, the worldwide reach of the Internet allows a cybercriminal to cause harm to thousands, if not millions, of victims that may not even be located in the same geographic area. However, with the proliferation of the personal computer and the worldwide interconnection of such computers through the Internet, modern computer crime presents risks to society and unique challenges to the law enforcement than in the past.
Fundamentals of Research
PUPQC 1
Fundamentals of Research
PUPQC 2
Fundamentals of Research
PUPQC 3
Phishing and Identity Thief are the most growing crimes around the world. Which cyber criminals usurping the identity of their victim whether for the purpose of theft, fraud or other malicious activities.
1. What is phishing? 2. What are the categories uses by phishers? 3. What are the methods used by phisher to know their victims? 4. How phishers attack their victims?
Fundamentals of Research
PUPQC 4
Fundamentals of Research
PUPQC 5
1.4. Methods The researcher will prefer to use the Descriptive method. A research method which gathering or collects data to interpret the point of view of some objectives and other details about the study. In these method it focuses on details which are significant on what is described. In this method of collecting data in this research it remains simple. It is because it focuses on analyzing details to described .
Fundamentals of Research
PUPQC 6
Fundamentals of Research
PUPQC 7
CHAPTER II
This chapter provides an introduction to phishing attack techniques, and reviews related human factors studies and techniques to counter phishing attacks. In this chapter also presents the various related literatures reviewed by the researcher. The following related literatures that researcher used in acquiring facts came from internet such articles; electronic books; news articles; and other electronic articles. Those articles and E-books helped the researcher to develop a deep insight about the study.
Overview The research literature reviewed in this chapter can be classified into following categories: a. Understanding of attacks in general and particular of phishing. b. Investigation of human factors in security; and c. Techniques to prevent and detect phishing attacks.
Fundamentals of Research
PUPQC 8
Phishing Attacks Phishing is a special type of social engineering attack. According to (Ollmann, 2005) he described the anatomy of phishing attacks and surveyed phishing attack prevention techniques. He described phishing attack threats from the following three aspects:
a. Social engineering factors; b. How phishing messages are delivered to victims via email, web, IRC, instant messenger, and Trojan horses; c. Techniques used in phishing attacks such as man-in-the-middle attacks, URL Obfuscation, cross site scripting, preset session attacks, etc.
In his report he also provides detailed advice on how to use existing technologies to counter phishing threats from both client and server sides as well as on what organizations can do to prevent them. He identifies the following countermeasures that can be applied on the client side:
a. Desktop protection technologies; b. Utilization of appropriate, less sophisticated communication settings; c. User application-level monitoring solutions; d. Locking-down browser capabilities; e. Digital signing and validation of email; and f. Keeping naming systems simple and understandable.
Fundamentals of Research
PUPQC 9
a. automatic validation of sending email server addresses; b. digital signing of email services; c. monitoring of corporate domains and notification of similar registrations; d. perimeter or gateway protection agents; and e. third-party managed services
Together with the counter-measure mechanisms on both, client and server sides, phishing attacks can be defended effectively at multiple levels, giving better protection to users.
According to (D. Watson, 2005) have carried out a study to observe real phishing attacks in the wild by using Honeynet. This study focuses on how attackers build, use and maintain their infrastructure on hacked systems. The report is based on data collected by the German Honeynet Project and the UK Honeynet Project. They do not cover all possible phishing methods or techniques, focusing instead on describing the follow three techniques observed:
a. phishing through compromised web servers; b. phishing through port redirection; and c. phishing using botnets.
They also briefly describe how the observed attacks transfer money they have stolen from victims bank accounts. Their work provides some insights onto how phishing attacks are implemented in reality.
Fundamentals of Research
PUPQC 10
Identifying websites which to which a user is currently logged onto can be more difficult to achieve. According to (Grossman & al, 2006) have described a method to detect the stage of authentication by loading images that are only accessible to logged-in users. There are other methods that can achieve this by exploiting vulnerabilities within web browsers. However, those methods are not general.
Phishing attacks achieve their goals when users have been deceived to carry out certain actions. It is certainly against users interests to satisfy attackers goals. However, they still decide to do so. If human behavior can be understood as a purposeful attempt to achieve wellbeing, then why would phishing attack victims make such decisions?
Bounded rationality is the decision making theory proposed by (Simon, 2006). Simon suggested that decision-makers arrive at their decisions by rationally applying the information and resources that are easily available to them, with the consequence that satisfactory rather than optimal decisions result.
Fundamentals of Research
PUPQC 11
According to (Dhamija, Fischer, Ozment, & Schechter, 2007) evaluated website authentication measures that are designed to protect users from phishing attacks [77]. 67 bank customers were asked to conduct common online banking tasks. Each time they logged in, they were presented with increasingly alarming clues that their connection was insecure. First, HTTPS indicators were removed; second, the participants site-authentication image (the customer-selected image that many websites now expect their users to verify before entering their passwords) were removed; finally, the banks password-entry page was replaced with a warning page. After each clue, researchers then checked whether participants entered their passwords or withheld them. The researchers also investigated how a studys design affects participant behavior: they asked some participants to play specially created user roles and others to use their own accounts and passwords. Their major findings are:
a. users will enter their passwords even when HTTPS indicator are absent; b. users will enter their passwords even if site authentication images are absent; c. site-authentication images may cause users to disregard other important security indicators; and d. role-playing participants behaved significantly less securely than those using their own passwords.
Fundamentals of Research
PUPQC 12
a. Interrupting the primary task: phishing indicators need to be designed to interrupt the users task; b. Providing clear choices: phishing indicators need to provide the user with clear options on how to proceed, rather than simply displaying a block of text; c. Failing safely: phishing indicators must be designed such that one can only proceed to the phishing website after reading the warning message; d. Preventing habituation: phishing indicators need to be distinguishable from less serious warnings and used only when there is a clear danger; and e. Altering the phishing website: phishing indicators need to distort the look and feel of the website such that the user does not place trust in it.
The suggestions made by (F.Cranor, S.Egelman, & J.Hong, 2008) are very useful indeed, however, their claim on spear phishing could be made more convincing if their study included an extended range of speared phishing attacks. Otherwise, one could also argue that the results exhibit biases due to the small number of attack incidents used or the sophistication of the attacks used in the study.
Fundamentals of Research
PUPQC 13
According to (Johnston, 2011) have studied what makes phishing emails and web pages appear authentic. Elsewhere Jakobsson summarized comprehensively what typical computer users are able to detect when they are carefully watching for signs of phishing. The findings are are: a. spelling and design matter; b. third party endorsements depend on brand recognition;
c. too much emphasis on security can backfire; d. people look at URLs; e. people judge relevance before authenticity; f. emails are very phishy, web pages are a bit phishy, and phone calls are not; g. padlock icons have limited direct effects; and
These outcomes provide some comfort and yet are a source of considerable worry, highlighting various opportunities and means of attack. That people look at URLs is a good thing. However, the reason why users look at URLs is not stated, and the degree of attention they pay to them is unclear. The padlock would generally be viewed by many as a significant security mechanism. Not by users, it would appear. The outcome related to media/channel highlights the fact that phishers make highly effective channel choices.
Fundamentals of Research
PUPQC 14
According to (T.Jagatic, M.Jakobsson, N.Johnson, & F.Menczer, 2007) have shown how publicly available personal information from social networks (such as Friendster, Myspace, Facebook, Orkut, and Linkedin) can be used to launch effective context aware phishing attacks. In their studies they first determine a victims social networks and then masquerade as one of their social contacts to create an email to the victim (using email header spoofing techniques). Their study has shown that not only is it very easy to exploit the social network data available on the Internet, but it also increases the effectiveness of the attack significantly. In their experiment, the attacks that took advantage of social networks were four times as likely to succeed.
According to (Garfinkel, Miller, & Wu, 2006)who have discovered by conducting two user studies that the security tools such as security toolbars are not effective enough to protect people from falling victim to phishing attacks. Features of five toolbars are grouped into three simulated toolbars. The three simulated toolbars are: the Neutral Information toolbar, the SSLVerification toolbar, and the System-Decision toolbar.
In the user study researchers set up dummy accounts in the name of "John Smith" at various legitimate e-commerce websites and then asked the participants to protect those passwords. The participants played the role of John Smiths personal assistant and were given a printout of Johns profile, including his fictitious personal and financial information and a list of his user names and passwords. The task was to process 20 email messages, most of which were requests by John to handle a forwarded message from an e-commerce site. Each message contained a link for the user to click. Some messages are carefully prepared phishing attacks. The researchers then study the participants response when using various toolbars.
Fundamentals of Research
PUPQC 15
a. the alert should always appear at the right time with the right warning message; b. user intentions should be respected, and if users must make security critical decisions they should be made consciously; and c. and it is best to integrate security concerns into the critical path of their tasks so that users must address them.
The user study set up by (Garfinkel, Miller, & Wu, 2006) may lead the users to behave less securely, because the account used is artificial and there are no negative consequences for the participants. Under those conditions users may behave differently than they normally do with their own accounts.
Fundamentals of Research
PUPQC 16
CHAPTER III
Analysis and Findings I.
One of the primary threats from phishing of is identity theft. Consumers go to great lengths to protect their personal information, but a single breach security can expose a person to a multitude of threats, including credit card fraud, damaged credit, having an identity used for criminal activity, stolen bank information, unauthorized use of accounts (online and otherwise), or stolen money. There are also intangible threats, such as damage to credibility, loss of trust, or embarrassment; having personal information stolen can cost a great deal more than lost cash. According to The Identity Theft Resource Center, the average time spent repairing the damage caused by a stolen identity is approximately 600 hours and it can take years to completely recover. For consumers, this can equal lost salary, lost time, frustration, stress, and embarrassment, not to mention a sense of being violated. Phishing is not just a small-time operation. Phishing is a business, and billions of dollars are being made by criminals while consumers and businesses are left to suffer the consequences. There are gangs of phishers organized all over the world, but primarily in Eastern Europe, Asia, Africa, and the Middle East, using sophisticated and elaborate schemes to steal personal information. Phishing is also used extensively by organized crime groups. There is a great deal of money at stake, and if a gang can steal bank account information from only a small percentage of those who get duped, thousands, or possibly millions, of dollars can be stolen. A recent article in Consumer Reports, based on their State of the Net survey, stated, Online consumers who fell prey to phishing schemes experienced a five-fold increase in financial losses since 2005 . Recently, a major Swedish bank had losses over $1 million from a phishing attack that targeted the banks customers. Another attack, on E-Trade, used stolen identities, acquired from a hacked computer, to carry out a pump-and-dump scheme, in which the criminals drove up the prices of low-priced stocks
Fundamentals of Research PUPQC 17
Communication channels such as e-mail, web-pages, IRC and instant messaging services are popular. In all cases, the phisher must impersonate a trusted source (such as the helpdesk of their bank, automated support response from their favorite online retailer, etc.) for the victim to believe. In 2007, the most successful phishing attacks continue to be initiated via e-mail with the phisher impersonating the sending authority (such as spoofing the source email address and embedding appropriate corporate logos within the e-mail). For example, the
Fundamentals of Research PUPQC 18
Fundamentals of Research
PUPQC 19
II.
Internet usage is growing dramatically, but the vast majority of internet users dont have any security backgrounds. Neither do a large majority of companies care about information security and the severity of any attack that could harm the valuable assets of these companies. They dont give their employees security awareness sessions, either. For these reasons humans, are the weakest link in the information security chain. On the other hand, most information security pen-testers focus only on the client and server exploits (how to gain shell in a server by interacting with the server directly). They dont focus how to exploit the weakest link in the information security chain the humans (who you could own the shell by luring the victim to run the shell for you on his own machine by using any of social engineering techniques). Clone phishing is a type of phishing attack where a hacker tries to clone a website that his victim usually visits. The cloned website usually asks for login credentials, mimicking the real website. This will allow the attacker to save these credentials in a text file or database record on his own server. Then the attacker redirects his victim to the real website as authenticated user. An attacker will also clone email content which will then forward a legitimate and previously-delivered email which contains an attachment or link that has had its content and recipient addresses taken. It will be used to create an almost identical or cloned email. Instead of sending the attachment or link within the email, the attacker will replace them with a malicious version and then send from an email address spoofed to appear to come from the original sender. Phishing has spread beyond email to include VOIP, SMS, instant messaging, social networking sites, and even multiplayer games. In this type phisher creates alone email. Phisher do this by getting such as content and recipient addresses from legitimate email which was delivered previously, and then the phisher sends the same email appears to be from the original sender. The email can claim to be are-send of the original or an updated version as a trapping strategy.
Fundamentals of Research
PUPQC 20
Fundamentals of Research
PUPQC 22
Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords). Email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this. Email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information. It is one that claims to be originating from one source when it was actually sent from another. Email spoofing is a common phishing technique in which a phisher sends spoofed emails, with the sender address and other parts of the email header altered, in order to deceive recipients. Spoofed emails usually appear to be from a website or financial institution that the recipient may have business with, so that an unsuspecting recipient would probably take actions as instructed by the email contents, such as; reply the email with their credit card number; click on the link labelled as \view my statement", and enter the password when the (forged) website prompts for it; and open an attached PDF form, and enter confidential information into the form.
Web Spoofing is a security attack that allows an adversary to observe and modify all web pages sent to the victim's machine, and observe all information entered into forms by the victim. Web Spoofing works on both of the major browsers and is not prevented by "secure" connections. The attacker can observe and modify all web pages and form submissions, even when the browser's "secure connection" indicator is lit. The user sees no indication that anything is wrong. The attack is implemented using JavaScript and Web server plug-ins, and works in two parts. First, the attacker causes a browser window to be created on the victim's machine, with some of the normal status and menu information replaced by identical-looking components supplied by the attacker. Then, the attacker causes all Web pages destined for the victim's machine to be routed through the attacker's server. On the attacker's server, the pages
Fundamentals of Research PUPQC 23
Fundamentals of Research
PUPQC 24
Fundamentals of Research
PUPQC 25
IV.
A typical phishing attack is launched using spam e-mail messages, usually sent to thousands or even millions of e-mail addresses. The e-mails are forged with a From or Reply to address that makes them appear to be from a reputable or trusted source, such as a bank or credit card company. The messages are often sent in Hyper-Text Markup Language (HTML) format (as opposed to text-only) and may use logos, URLs, legal disclaimers, etc., taken from the spoofed companys website. This makes the attack all the more insidious since the average user may not question an e-mail if it appears to be from his or her bank and has that banks logo on it. Phishers play the odds when sending their mass-mailings. Of the thousands of messages sent, only a small percentage of the recipients may actually be a customer of the spoofed company. For instance, if the phisher has spoofed PayPal , an online payment company, the number of e-mails sent to actual PayPal customers who then fall for the scheme might be relatively small; however, it is estimated that around five percent of the phishing e-mails sent actually are successful. This can result in quite hefty profits for the scammers. There have been many different variations of phishing scams, but the e-mail messages are usually structured to prey, ironically, on the computer users fear of being a victim of fraud or hacking, or may be a message stating that the company needs to update their records If the victim follows the link, their browser is directed to an address that might look very similar to the one they would expect. This is another ploy used by phishers: registering domain names with similar looking addresses or using character replacement (using the number 1 for the lowercase letter L for example) to disguise the fake address. Many people can be fooled since they may not notice the difference. The URL can also be displayed within the e-mail as the actual legitimate address (e.g., www.aol.com), but another web addressthe phony phisher addresshas been embedded using deceptive techniques (explained earlier). The victim may be taken to a web site that looks identical to their banks, or eBay , or AOL , with the same icons, graphics, and text. The fraudulent site is set up to display an interface for the user to enter his or her information, thinking they are entering it at the companys web site. Some of the more well-known and publicized phishing scams involve
Fundamentals of Research PUPQC 26
Fundamentals of Research
PUPQC 27
Phishing scams can pose a significant threat to consumers and the companies they deal with. The number of online has increased significantly, and the techniques the criminals employ have become and more sophisticated. These and other online cons show little sign of slowing. On the contrary, scams are on the rise, and companies and individuals need to be aware of the consequences. There is no magic bullet or pixie dust that can make these threats go away. No single technology can keep fraudsters at bay and keep our personal information completely safe. There are ways to make the crimes more difficult to accomplish, but well-crafted phishing attack has a significant chance of being successful. There will have to be more done to stop the spread of these attacks and make them unprofitable and less appealing for would-be phishers. More research and development of anti-fraud technologies, more education of computer users, and aggressive prosecutions of the criminals who commit these crimes will go a long way to curb the threat, but these alone will most likely have little impact in the number of schemes. Consumers need to become more educated concerning online threats and vulnerabilities. Companies need to make sure that online fraud and scams are reported and that their customers are kept apprised of scams that may affect them. The security community needs to work to find new ways to make e-mail and online commerce as bullet-proof as it can possibly be. This is a monumental task, but there are a great number of extremely talented people with many brilliant ideas out there. If something is not done, the way we do business online will change, and almost certainly not for the better. For most purposes, an online consumer is only a number transacting over the Internet. The Internet consumer should actively protect the confidentiality of his or her online identity in order to prevent identity theft. Online consumers need to learn how to prevent and cope with fraudulent Internet activity aimed at extracting personal details for the financial benefit of phishers. A consumer should be able to recognize the signs of a possible phishing attack and know how to react to a phishing e-mail message that he or she receives. By considering the various aspects covered, and by applying the precautionary measures suggested in this article, the Internet consumer
Fundamentals of Research PUPQC 28
Fundamentals of Research
PUPQC 29
CHAPTER V
Phishing started off being part of popular hacking culture. Now, as more organizations provide greater online access for their customers, professional criminals are successfully using phishing techniques to steal personal finances and conduct identity theft at a global level. By understanding the tools and technologies phishers have in their arsenal, businesses and their customers can take a proactive stance in defending against future attacks. Organizations have within their grasp numerous techniques and processes that may be used to protect the trust and integrity of their customers personal data. The points raised within this paper, and the solutions proposed, represent key steps in securing online services from fraudulent phishing attacks and also go a long way in protecting against many other popular hacking or criminal attack vectors. By applying a multi-tiered approach to their security model (client-side, serverside and enterprise), organizations can easily manage their protection technologies against todays and tomorrows threats without relying upon proposed improvements in communication security that are unlikely to be adopted globally for many years to come. It is worth noting that phishers are getting smarter. Following trends in other online crimes, it is inevitable that future generations of phishing attacks will incorporate greater elements of context to become more effective and thus more dangerous for society. For instance, suppose a phisher were able to induce an interruption of service to a frequently used resource, e.g., to cause a victims password to be locked by generating excessive authentication failures. The phisher could then notify the victim of a security threat. Such a message may be welcome or expected by the victim, who would then be easily induced into disclosing personal information. Phishing has become such a prevalent problem due to its huge profit margins, and researcher believes that here to stay. In the absence of a single silver bullet to address the problem, phishers will increasingly rely on context to keep their yield from being lowered by
Fundamentals of Research PUPQC 30
Fundamentals of Research
PUPQC 31
Given the risk of phishing, what are the ways in which individuals and organizations can protect themselves? Though hard to implement but training the end-user is perhaps the best protection mechanism. Sensing the gravity of issue, more non-profit organizations and groups are joining hands to combat phishing scams. Legislation particularly needs attention in this matter to define phishing explicitly and elucidate phishing specific penalties.
Phishing exploits human vulnerabilities such that technical solutions can only block some of the phishing web sites. It doesn't matter how many firewalls, encryption software, certificates, or two factor authentication mechanisms an organization has if the person behind the keyboard falls for a phishing attack. A study on effectiveness of several anti-phishing educational materials suggests that educational materials reduced users' tendency to enter information into phishing webpages by 40%; however, some of the educational materials also slightly decreased participants' tendency to click on legitimate links. This leads to the belief that it is of paramount importance to find a new and efficient way of educating a large proportion of the population. The challenge lies in getting the user's attention to these security tips and advises. There are few questions that arise: Should we implement all these protection mechanisms which complicate the user interface? Should we provide better user experience at the cost of reduced security or improve security at the cost of user inconvenience? Several recent surveys indicate that lack of security is leading to loss of customer confidence in Internet commerce. That means users want appropriate security controls in place even if it means carrying a password token or getting their passwords on SMS. Today phishing is recognized by users as a real and potentially damaging threat. If appropriate anti-phishing controls are not put in place, chances are high that customers might switch to a more secure party to do business. Education is a vital component of the phishing battle as well as other online scams.
Fundamentals of Research
PUPQC 32
Computer users should make an effort to keep abreast of computer security issues in the news, and use common sense when giving information anywhere: online or otherwise. If an email (or phone solicitor or web site, etc., etc.) asks for personal information, that should be an immediate red flag that something may not be legitimate and needs to be confirmed. Legitimate companies will generally not solicit personal information via e-mail. If personal information is requested via a web site, the user should make certain he or she is connected to the proper site and that the communications are encrypted.
Unfortunately, phishing usually involves social engineering tricks, and, thus, even the best defenses that a company might have in place to combat outside threats are sometimes useless against these types of attacks. Although education is likely the best defense against phishing scams, there are technologies that make phishing harder to accomplish. When implemented with a defense-in-depth approach, software and hardware can be installed to slow the phishers down.
Fundamentals of Research
PUPQC 33
Two-factor Authentication - One of the more promising technologies to thwart phishing schemes involves two-factor authentication. This method uses a layered approach to validate a users credentials by using two separate methods to verify a user. A two-factor authentication technique currently being offered uses one-time passwords that expire after a single use. These passwords are generated using a shared electronic key between the user and a bank. A login is authenticated by not only the users credentials (username/one-time password), but also the key that generates the password. If a password does happen to get stolen, it will not matter since it expires after a single use.
Firewalls - There are e-mail firewall products that implement rules to block spam and phishing scams at the perimeter. These products offer heuristic rules that are updated as new phishing schemes are found. They not only block the spam, they verify the IP numbers and web addresses of the e-mail source and compare them to known phishing sites. For larger organizations, this can be an effective defense against spam and phishing. Anti-virus Technology -Though phishing scams are usually not considered a viral problem, if a user is infected with a worm that, in turn, installs a Trojan horse that can capture personal data, then anti-virus technologies are effective. Security best-practices direct that all users should implement an anti-virus product regardless of whether they are concerned about phishing or online fraud.
Security begins with establishing trust between a user and a web site. Digital certificates are a way to establish this trust in the form of an encrypted digital key system. A public and private key structure is established whereby a company has a private key, obtained from a Certificate Authority (CA), and a user who wishes to make. Though phishing scams are usually not considered a viral problem, if a user is infected with a worm that, in turn, installs a Trojan horse that can capture personal data, then anti-virus
Fundamentals of Research
PUPQC 34
Browser Enhancements - Recent versions of Microsoft Internet Explorer, Mozilla Firefox, Netscape, and Opera offer new security features aimed at controlling phishing attacks and other online fraud. Using databases of known phishing sites, the browsers can look up a site and let the user know of the danger. These features are certainly a step in the right direction, thought they are not 100% accurate. Microsoft and the Mozilla Foundation have been at odds as to how accurate each of their respective anti-phishing technologies is. If history is any indication, the phishers will most certainly try and find ways to defeat the browsers. Time will be the judge as to how effective these new browser technologies are.
These are details that researcher can provide for the recommendation of the research.
Fundamentals of Research
PUPQC 35
BIBLIOGRAPHY
Fundamentals of Research
PUPQC 36
D. Watson, T. H. (2005). Know Your Enemy: Phishing. The Honeynet Project & Research Alliance. Dhamija, Fischer, Ozment, & Schechter. (2007). The emperor's new secirity indicators: An evaluation of website authenticationn and the effect of role playing on usability studies. F.Cranor, S.Egelman, & J.Hong. (2008). You've been warned: An Empirical Study of the effectiveness of web browser phishing warnings. Garfinkel, S., Miller, R., & Wu, M. (2006). Do security toolbars prevent phishing attacks? 601-610. Grossman, J., & al, e. (2006, June). Dark Reading. Retrieved August 20, 2013, from Social Engineering, the usb way: http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=2088036 34 Johnston, P. (2011, March). Paj's Home: Cryptography. Retrieved from http://pajhome.org.uk/crypt/index.html Ollmann, G. (2005). The Phishing Guide. Technical Report. Simon, H. A. (2006). w3. Retrieved August 20, 2013, from Web Security Context Working Group Charter: www.w3.org/2005/Security/wsc-charter T.Jagatic, M.Jakobsson, N.Johnson, & F.Menczer. (2007, October). Social Phishing.
Fundamentals of Research
PUPQC 37
CURRICULUM VITAE
Fundamentals of Research
PUPQC 38
Edmar G. Celeste
L6 B2 Samsung St. Doa Nicasia Subd. Brgy. Commonwealth, Quezon City
09128005654
celeste_edmar@yahoo.com / edmarck16@gmail.com
Personal Background
Gender: Male Civil Status: Single Birthday: June 16, 1995 Citizenship: Filipino Religion : Roman Catholic
Educational Background
Tertiary Education:
Polytechnic University of the Philippines Quezon City Campus Bachelor of Science in Information Technology 2011 Present North Fairview High School North Fairview Subdivision,North Fairview Q.C 2007 -2011 Fairview Elementary School Fairlane St. Fairview Q.C 2001-2007
Secondary Education:
Elementary Education:
Fundamentals of Research
PUPQC 39