TR202008876A1 - CYBER ATTACK DETECTION METHOD - Google Patents
CYBER ATTACK DETECTION METHODInfo
- Publication number
- TR202008876A1 TR202008876A1 TR2020/08876A TR202008876A TR202008876A1 TR 202008876 A1 TR202008876 A1 TR 202008876A1 TR 2020/08876 A TR2020/08876 A TR 2020/08876A TR 202008876 A TR202008876 A TR 202008876A TR 202008876 A1 TR202008876 A1 TR 202008876A1
- Authority
- TR
- Turkey
- Prior art keywords
- attacker
- website
- information
- cyber
- fake
- Prior art date
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 13
- 238000000034 method Methods 0.000 claims abstract description 22
- 230000008569 process Effects 0.000 claims description 3
- 230000009471 action Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000008685 targeting Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Buluş, internet ortamında dolandırıcılık için oluşturulan oltalama internet sitelerini kullanarak, internet sitesi sahibi kurum müşterilerine ait kullanıcı adı, şifre, vb. bilgileri çalan siber saldırganların tespit edilmesini sağlayan bir yöntem ile ilgilidir.Invention, by using phishing websites created for fraud in the internet environment, user name, password, etc. belonging to the customers of the institution that owns the website. It is about a method that enables the detection of cyber attackers who steal information.
Description
TARIFNAME TEKNIK ALAN Bulus, internet ortaminda dolandiricilik için olusturulan oltalama internet sitelerini kullanarak, internet sitesi sahibi kurum müsterilerine ait kullanici adi, sifre, vb. bilgileri çalan siber saldirganlarin tespit edilmesini saglayan bir yöntem ile ilgilidir. DESCRIPTION TECHNICAL FIELD By using phishing websites created for fraud on the internet, Username, password, etc. belonging to the customers of the website owner institution. cyber stealing information It relates to a method that enables attackers to be detected.
Bulus 'Ozellikle finans alaninda faaliyet gösteren siber saldirganlarin bilgilerini önceden isaretlenmis veriler ve taklit internet sitesi ile tespit etmeyi saglayan bir yöntem ile ilgilidir. The invention 'prescribes the information of cyber attackers operating especially in the field of finance. It relates to a method that enables identification with flagged data and a fake website.
Günümüz siber dünyasinda saldirganlar olusturduklari oltalama internet siteleri üzerinden kullanicilarin bilgilerini alip onlari maddi ve manevi zarara ugratmaktadir. Siber saldirganlar müsterilerine hizmet veren kurumlarin internet sitelerini kopyalayip, farkli alan adlarini kullanarak ayni içerik ile yayinlamaktadir. Saldirganlar sadece internet sitesinin kod bölümünde degisiklik yapip kullanici girislerinde girilen bilgilerin hizmet veren kuruma degil kendilerine yönlenmesini saglamaktadir. Böylece hedeflerindeki kurumun kullanicilarini sahte internet sitesine giris yaptirip, giris için kullandiklari kullanici adi sifre kombinasyonlarini çalmayi hedeflemektedir. Siber saldirganlar edindikleri kullanici adi, sifre bilgisiyle gerçek kurum internet sitesine giris yapmakta, kullanici hesabinin içine erismektedir. Eger kurum internet sitesine giriste ikinci bir dogrulama yöntemi varsa saldirgan hizli hareket ederek, sahte internet sitesi üzerinden elde ettigi kullanici bilgisini anlik olarak gerçek kurum internet sitesine girebilmektedir. Böylece kullaniciya kurumdan ikinci dogrulama mesaji iletilmekte ve kullanici bu mesaji sahte internet sitesine girerek sonuç olarak yine saldirgana iletmektedir. In today's cyber world, attackers can use phishing websites they create. It takes the information of users and inflicts material and moral damage on them. cyber attackers Copying the websites of the institutions serving their customers and using different domain names. using the same content. The attackers only use the code of the website. The information entered in the user entries by making changes in the section is not the service provider. helps them orient themselves. Thus, they fake the users of the institution they target. log in to the website and use the username and password combinations they use to log in. aims to steal. Cyber attackers are real with the username, password information they have obtained. logs into the institution's website and accesses the user account. If institution If there is a second verification method when entering the website, the attacker acts quickly, instantaneously transmit the user information obtained through the fake website to the real institution internet site. can access the site. Thus, the second confirmation message from the institution is sent to the user and The user enters this message on the fake website and as a result forwards it to the attacker.
Saldirgan ise edindigi ikinci dogrulama bilgisiyle beraber kullanici hesabinda tam erisime sahip olacaktir. Açiklanan oltalama teknigi ile gerçeklestirilen saldirilar özellikle finans kurumlari tarafindan müsterilere sunulan online bankacilik vb. hizmetleri hedef alarak kullanicilarin banka hesaplarina erismeyi saglamakta ve bu sekilde kullanicilar büyük bir ekonomik zarara ugratilmaktadir. Mevcut teknikte bir internet sitesinin oltalama oldugu tespit edilirse internet sitesinin kapatilmasi için islem yapilmaktadir ancak saldirganin tespiti için kurumlar tarafindan herhangi bir islem yapilamamaktadir. Bu durum saldirganin saldiri yapmaya devam etmesiyle sonuçlanmaktadir. Ayrica, siber saldirganlarin kullanicilara ait maddi varligi çalmak için kullandigi para hesabi numaralari ancak kullanici sikayeti sonucunda ögrenilebilmekte ve bloke edilebilmektedir. Kullanici sikayeti kurum tarafina ulasana kadar ise para hesabi saldirgan tarafindan kullanilabilir durumda olmaktadir. Mevcut teknikte oltalama yolu ile gerçeklestirilen siber saldirilarda saldirgan bilgilerini tespit etmeye yönelik olarak gelistirilmis bir sistem bulunmamaktadir. Dolayisi ile oltalama internet siteleri araciligiyla yasanan maddi kaybin önlenememesi durumunu beraberinde getirmektedir. If the attacker gains full access to the user account, with the second authentication information they have obtained. will have. The attacks carried out with the phishing technique described, especially financial online banking, etc. offered to customers by their institutions. targeting the services It provides access to users' bank accounts and in this way, users have a great economically damaged. It is determined that a website is phishing in the current technique. If it is done, action is taken to close the website, but for the detection of the attacker. No action can be taken by institutions. This is the attacker's attack it continues to do so. In addition, cyber attackers money account numbers used to steal tangible assets only user complaints As a result, it can be learned and blocked. User complaint to the institution until it is reached, the money account is usable by the attacker. Available to detect attacker information in cyber attacks carried out by phishing technique. There is no developed system for it. Therefore, phishing websites It brings with it the situation that the financial loss experienced through it cannot be prevented.
Mevcut teknikte internet üzerinde gerçeklestirilen dolandiriciliklarin tespiti için gelistirilmis sistemler mevcuttur. TR2017/01866 kullanicilara mobil cihaz ortamlarinda e-posta, SMS, anlik mesajlasma uygulamalari gibi kanallardan gelen oltalama mesajlarina karsi, oltalama saldirisi tespiti ve engelleme mekanizmasi saglayan bir sistemden bahsedilmektedir. Sistem saldirgana ait bilgilerin tespit edilmesini saglayan bir çözüm içermemektedir. It has been developed for the detection of frauds carried out on the internet in the current technique. systems are available. TR2017/01866 provides users with e-mail, SMS, Against phishing messages from channels such as instant messaging applications, phishing A system that provides attack detection and prevention mechanism is mentioned. System It does not contain a solution that allows the attacker's information to be detected.
Sonuçta yukarida bahsedilen ve mevcut teknik isiginda çözülemeyen sorunlar ilgili teknik alanda bir yenilik yapmayi zorunlu kilmistir. As a result, the above-mentioned problems that cannot be solved in the light of the current technique are related to the technical made it necessary to make an innovation in the field.
BULUSUN KISA AÇIKLAMASI Mevcut bulus yukarida bahsedilen dezavantajlari ortadan kaldirmak ve ilgili teknik alana yeni avantajlar getirmek üzere siber saldirgan tespit yöntemi ile ilgilidir. BRIEF DESCRIPTION OF THE INVENTION The present invention is intended to eliminate the above mentioned disadvantages and to introduce new technologies into the relevant technical field. It is about the cyber attacker detection method to bring advantages.
Bulusun ana amaci, oltalama yöntemi ile gerçeklestirilen siber saldirilarda saldirgan kimliginin belirlenmesini saglayan bir yöntem gelistirmektir. The main purpose of the invention is to attack the attacker in cyber attacks carried out by phishing method. is to develop a method that enables identification.
Bulusun bir diger amaci, saldirgan bilgilerinin tespit edilmesi sayesinde siber saldiriya maruz kalan kullanicilarin maddi kayiplarinin önlenmesini ve/veya geri kazanilmasini saglayan bir yöntem gelistirmektir. Another object of the invention is to detect cyber attackers by detecting attacker information. a system that ensures the prevention and / or recovery of financial losses of the remaining users. method development.
Bulusun bir diger amaci, siber saldirganlar için caydirici bir yöntem ortaya koymaktir. Another aim of the invention is to provide a deterrent method for cyber attackers.
Bulusun tercih edilen uygulamasinda finans sektöründe faaliyet gösteren ve oltalama amaciyla kullanilan sahte internet sitelerine odaklanilmistir. Saldirganlar tarafindan sahte oltalama internet sitesi vasitasiyla elde edilen bilgiler ile yasal kurumsal finans siteleri üzerinden kullanici hesaplarina erisilmekte ve kullanicinin maddi varligi saldirganlarin hesaplarina aktarilmaktadir. Bulusumuz, saldirganlarin bilgilerinin elde edilmesi ve gerekli mercilere iletilmesi yoluyla daha insanlara güvenli bir internet ortami sunmayi hedeflemektedir. In the preferred embodiment of the invention, those operating in the financial sector and The focus is on fake websites used for the purpose. fake by attackers Information obtained through the phishing website and legitimate corporate finance sites User accounts are accessed via transferred to their accounts. Our invention is to obtain the information of the attackers and to provide a more secure internet environment to people by forwarding it to the authorities aims.
Yukarida bahsedilen ve asagidaki detayli anlatimdan ortaya çikacak tüm amaçlari gerçeklestirmek üzere mevcut bulus, müsterilere hizmet vermek amaci ile kurulmus yasal bir kurumsal internet sitesini dolandiricilik amaciyla taklit eden sahte internet siteleri üzerinden oltalama yöntemi ile gerçeklestirilen siber saldirilarda saldirgan bilgilerinin elde edilmesini saglayan siber saldirgan tespit yöntemidir. Buna göre yöntem; siber saldirgan tarafindan dolandiricilik amaciyla olusturulmus olan sahte internet sitesine isaretlenmis kullanici verileri ile giris yapilmasi, bahsedilen sahte internet sitesine girilen isaretli verilerin siber saldirgan tarafindan dolandiricilik amaciyla alinarak yasal olarak hizmet veren bir kurumsal internet sitesine girilmesi, kurumsal internet sitesine girilen verilerin isaretli veri oldugunun girilen bilgileri analiz eden bir güvenlik duvari birimi tarafindan belirlenmesi ile saldirganin tespit edilmesi, tespit edilen saldirganin güvenlik duvari birimi tarafindan bahsedilen kurumsal internet sitesini taklit ederek saldirgan bilgilerini elde eden taklit internet sitesine yönlendirmesi, taklit internet sitesine giren saldirgan bilgilerinin ve/veya saldirganin taklit internet sitesine girmis oldugu bilgilerin ilgili güvenlik birimlerine iletilmesi Mevcut bulusun yapilanmasi ve ek elemanlarla birlikte avantajlarinin en iyi sekilde anlasilabilmesi için asagida açiklamasi yapilan sekiller ile birlikte degerlendirilmesi gerekir. All the above-mentioned purposes that will emerge from the detailed description below. The present invention is a legal entity established to serve customers. through fake websites that imitate the corporate website for fraudulent purposes Obtaining attacker information in cyber attacks carried out by phishing method. It is a cyber attacker detection method that provides Accordingly, the method; fake internet created by cyber attacker for fraudulent purposes logging into the website with marked user data, by the cyber attacker of the marked data entered into the said fake website. A corporate internet that provides legal services by being taken for fraudulent purposes entering the site, Analyze the entered information that the data entered on the corporate website is marked data. Detection of the attacker by detection by a firewall unit, enterprise mentioned by the detected attacker's firewall unit to the fake website that obtains the attacker information by imitating the website direction, the information of the attacker entering the fake website and/or the fake internet Transmitting the information entered on the website to the relevant security units The embodiment of the present invention and the best use of its advantages with additional elements In order to be understood, it should be evaluated together with the figures explained below.
SEKILLERIN KISA AçiKLAMAsi Sekil 1, bulusumuza konu olan yöntemin uygulandigi örnek bir sistemin görüntüsünü vermektedir. BRIEF DESCRIPTION OF THE FIGURES Figure 1 shows an example of a system where the method of our invention is applied. gives.
REFERANS NUMARALARI Sahte internet sitesi Kurumsal internet sitesi Güvenlik duvari birimi Taklit internet sitesi 8: Saldirgan BU LUSUN DETAYLI AÇIKLAMASI Bu detayli açiklamada, bulus konusu yenilik sadece konunun daha iyi anlasilmasina yönelik hiçbir sinirlayici etki olusturmayacak örneklerle açiklanmaktadir. REFERENCE NUMBERS fake website Corporate website firewall unit Imitation website 8: Offensive DETAILED DESCRIPTION OF THIS ITEM In this detailed description, the innovation that is the subject of the invention is only intended for a better understanding of the subject. It is explained with examples that will not have any limiting effect.
Sekil-1 bulusumuza konu olan yöntemin uygulandigi bir sistemin görüntüsünü vermektedir. Figure-1 gives an image of a system in which the method that is the subject of our invention is applied.
Bulusumuz, müsterilere hizmet vermek amaci ile kurulmus yasal bir kurumsal internet sitesini (2) dolandiricilik amaci ile taklit eden sahte internet siteleri (1) üzerinden oltalama yöntemi ile gerçeklestirilen siber saldirilarda saldirgan (S) bilgilerinin elde edilmesini saglayan siber saldirgan tespit yöntemidir. Bulusumuzun tercih dilen uygulamasinda finans sektöründe faaliyet gösteren sahte internet sitelerine (1) odaklanilmistir. Bulusumuz saldirgan (S) bilgilerinin elde edilmesi için kurumsal internet sitesini (2) taklit eden taklit internet sitesine (4) yönlendirme yöntemini kullanmaktadir. Ilk olarak isaretlenmis bir kullanici adi sifre kombinasyonunun bir güvenlik uzmani (U) tarafindan saldirgan (S) tarafindan olusturulmus olan sahte internet sitesine (1) girilmesiyle süreç aktif hale gelmektedir. Saldirgan (S) isaretli kullanici adi sifre kombinasyonunu oltaya düsen bir kullanici verisi olarak görecek ve kurumsal internet sitesine (2) giris yapacaktir. Kurumsal internet sitesi (2) üzerinde güvenlik kontrolünü gerçeklestiren bir güvenlik duvari birimi (3) giris yapmak isteyen kullanici bilgisinin isaretli oldugunu tespit ederek ve saldirganin (S) oturumunu saldirgan (S) bilgilerinin tespitini saglayan taklit internet sitesine (4) aktaracaktir. Taklit internet sitesi (4) güvenlik uzmanlari (U) tarafindan görünümde kurumsal internet sitesi (2) ile birebir ayni olarak dizayn edilmis ancak içerik, kullanici ve hesap bilgileri bakimindan taklit olan bir ortamdir. Saldirgan (S) taklit internet sitesine (4) girdiginde, çalmis oldugu kullanici hesabina eristigini ve her seyin onun için yolunda oldugunu düsünürken, saldirgan (S) hareketleri güvenlik uzmanlari (U) tarafindan takip edilmektedir. Saldirgan taklit internet sitesine (4) giris yaptigi anda lP adresi, ülke lokasyonu gibi erisim bilgilerini güvenlik uzmanlarina (U) teslim edilmektedir. Yine saldirgan giris yapmis oldugu hesaptan kendi banka hesabina para göndermeye çalistiginda kendi hesap bilgilerini de güvenlik uzmanlarina (U) iletmis olacaktir. Sonuç olarak güvenlik uzmanlari (U) saldirganin (S) hem erisim hem de banka hesabi bilgilerini elde etmis olacaktir. Elde edilen veriler gerekli mercilere taklit internet sitesi (4) üzerinden iletildiginde hem saldirganlarin (S) hesaplari iptal oldugu için isleri zorlasacak hem de saldirganlarin (8) güvenlik güçleri tarafindan yakalanma sürecini kolaylastiracaktir. Our invention is a legal corporate website established to serve customers. (2) by phishing through fake websites (1) that imitate for fraudulent purposes cyber attacks that enable the obtaining of attacker (S) information in cyber attacks. offensive detection method. In the preferred application of our invention, in the financial sector The focus is on fraudulent websites (1). Our invention is offensive (S) to the fake website (4) that imitates the corporate website (2) to obtain the information uses the routing method. A username and password marked first created by the attacker (S) by a security expert (U) of the combination The process becomes active by entering the fake website (1). Intruder marked (S) will see the username-password combination as a hooked user data, and will enter the corporate website (2). Security on the corporate website (2) A firewall unit (3) that performs the control of the user information that wants to log in Detecting the attacker (S) information by detecting that it is checked and logging the attacker (S) session It will transfer it to the imitative website (4) that provides it. Imitation website (4) security experts (U) designed exactly the same as the corporate website (2) in appearance. however, it is an imitation environment in terms of content, user and account information. Offensive (S) when he accesses the fake website (4), he says that he has accessed the user account he stole and that everything offensive (S) moves security experts (U) while he thinks it's alright for him is followed by. lP address as soon as the attacker logs into the impersonation website (4), Access information such as country location is delivered to security experts (U). Again when the attacker tries to send money from the logged in account to their bank account will have forwarded its own account information to the security experts (U). As a result, security experts (U) obtained both access and bank account information of the attacker (S) will be. When the data obtained is transmitted to the necessary authorities via the fake website (4) Since the accounts of the attackers (S) are canceled, things will be difficult and the attackers (8) It will facilitate the process of being caught by the security forces.
Claims (1)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TR2020/08876A TR202008876A1 (en) | 2020-06-09 | 2020-06-09 | CYBER ATTACK DETECTION METHOD |
PCT/TR2021/050373 WO2021251926A1 (en) | 2020-06-09 | 2021-04-22 | Cyber attacker detection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TR2020/08876A TR202008876A1 (en) | 2020-06-09 | 2020-06-09 | CYBER ATTACK DETECTION METHOD |
Publications (1)
Publication Number | Publication Date |
---|---|
TR202008876A1 true TR202008876A1 (en) | 2021-12-21 |
Family
ID=78846330
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TR2020/08876A TR202008876A1 (en) | 2020-06-09 | 2020-06-09 | CYBER ATTACK DETECTION METHOD |
Country Status (2)
Country | Link |
---|---|
TR (1) | TR202008876A1 (en) |
WO (1) | WO2021251926A1 (en) |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060161989A1 (en) * | 2004-12-13 | 2006-07-20 | Eran Reshef | System and method for deterring rogue users from attacking protected legitimate users |
TWI459232B (en) * | 2011-12-02 | 2014-11-01 | Inst Information Industry | Phishing site processing method, system and computer readable storage medium storing the method |
KR101462311B1 (en) * | 2012-05-18 | 2014-11-14 | (주)이스트소프트 | Method for preventing malicious code |
US10511628B1 (en) * | 2019-03-07 | 2019-12-17 | Lookout, Inc. | Detecting realtime phishing from a phished client or at a security server |
-
2020
- 2020-06-09 TR TR2020/08876A patent/TR202008876A1/en unknown
-
2021
- 2021-04-22 WO PCT/TR2021/050373 patent/WO2021251926A1/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
WO2021251926A1 (en) | 2021-12-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Jakobsson et al. | Phishing and countermeasures: understanding the increasing problem of electronic identity theft | |
AU2002340207B2 (en) | Verification of a person identifier received online | |
Banu et al. | A comprehensive study of phishing attacks | |
AU2002340207A1 (en) | Verification of a person identifier received online | |
WO2008146292A2 (en) | System and method for security of sensitive information through a network connection | |
Sengupta et al. | e-Commerce security—A life cycle approach | |
Stewart | CompTIA Security+ Review Guide: Exam SY0-601 | |
Sonowal et al. | Introduction to phishing | |
TR202008876A1 (en) | CYBER ATTACK DETECTION METHOD | |
Morris | The future of netcrime now: Part 1–threats and challenges | |
Andersson et al. | Report from the IAB workshop on Unwanted Traffic March 9-10, 2006 | |
Ajish et al. | Secure mobile internet banking system using QR code and biometric authentication | |
Hegt | Analysis of current and future phishing attacks on internet banking services | |
Schneider et al. | Secure brokered delegation through delegaTEE | |
Sonowal et al. | Types of Phishing | |
Reuvid | The Secure Online Business Handbook: A Practical Guide to Risk Management and Business Continuity | |
Nemane et al. | An Anti-Phishing Strategy Based on Visual Cryptography | |
Mihai | Overview on phishing attacks | |
Ceesay | Mitigating phishing attacks: a detection, response and evaluation framework | |
Müller | Authentication and Transaction Security in E-business | |
Al-Fairuz | An investigation into the usability and acceptability of multi-channel authentication to online banking users in Oman | |
Kolchyn | Information and communication system for Online banking | |
Sreeram et al. | Quantify and alleviate OAuth approach token system exploiting by conspiracy lattice | |
Oberoi et al. | An Anti-Phishing Application for the End User | |
Bergman | E-fraud E-fraud, state of the art and counter measures |