References
[1]. Afroz, S., & Greenstadt, R. (2011). Phishzoo: Detecting
phishing websites by looking at them. In Semantic
Computing (ICSC), 2011 Fifth IEEE International
Conference on (pp. 368-375). IEEE.
[2]. Agari dmarc adoption report Open Season for
Phishers. Retrieved from https://www.agari.com/wpcontent/
uploads/2017/08/Agari_DMARC_Adoption_Rep
ort_PR1.pdf
[3]. Aggarwal, A., Rajadesingan, A., & Kumaraguru, P.
(2012). PhishAri: Automatic realtime phishing detection
on twitter. In eCrime Researchers Summit (eCrime), 2012
(pp. 1-12). IEEE.
[4]. Almomani, A., Gupta, B. B., Atawneh, S., Meulenberg,
A., & Almomani, E. (2013). A survey of phishing email
filtering techniques. IEEE Communications Surveys &
Tutorials, 15(4), 2070-2090.
[5]. Alnajim, A., & Munro, M. (2009). An anti-phishing
approach that uses training intervention for phishing websites detection. In Information Technology: New
Generations, 2009. ITNG'09. Sixth International
Conference on (pp. 405-410). IEEE.
[6]. Ardi, C., & Heidemann, J. (2016). Auntietuna:
Personalized content-based phishing detection. In NDSS
Usable Security Workshop (USEC).
[7]. Bergholz, A., De Beer, J., Glahn, S., Moens, M. F., Paaß,
G., & Strobel, S. (2010). New filtering approaches for
phishing email. Journal of Computer Security, 18(1), 7-35.
[8]. Steve. (2014). DKIM replay attacks Word to the Wise
[Blog Post]. Retrieved from https://wordtothewise.com/
2014/05/dkim-replay-attacks/
[9]. Bravo-Lillo, C., Komanduri, S., Cranor, L. F., Reeder, R.
W., Sleeper, M., Downs, J., & Schechter, S. (2013). Your
attention please: designing security-decision UIs to make
genuine risks harder to ignore. In Proceedings of the Ninth
Symposium on Usable Privacy and Security (p. 6). ACM.
[10]. Canfield, C. I., Fischhoff, B., & Davis, A. (2016).
Quantifying phishing susceptibility for detection and
behavior decisions. Human Factors, 58(8), 1158-1172.
[11]. Cao, Y., Han, W., & Le, Y. (2008). Anti-phishing based
on automated individual white-list. In Proceedings of the
th 4 ACM Workshop on Digital Identity Management (pp.
51-60). ACM.
[12]. Caputo, D. D., Pfleeger, S. L., Freeman, J. D., &
Johnson, M. E. (2014). Going spear phishing: Exploring
embedded training and awareness. IEEE Security &
Privacy, 12(1), 28-38.
[13]. Cardinal , D. (2012). Diving into DMARC: Can it really
end spam, or at least phishing? ExtremeTech. Retrieved
from https://www.extremetech.com/or-at-least-phishing
[14]. Chen, K. T., Chen, J. Y., Huang, C. R., & Chen, C. S.
(2009). Fighting phishing with discriminative keypoint
features. IEEE Internet Computing, 13(3), 56-63.
[15]. Chen, T. C., Dick, S., & Miller, J. (2010). Detecting
visually similar web pages: Application to phishing
detection. ACM Transactions on Internet Technology
(TOIT), 10(2), 5:1–5:38.
[16]. Chou, N., Ledesma, R., Teraguchi, Y., & Mitchell, J.
C. (2004). ClientSide Defense Against Web-Based Identity Theft (pp. 1-15). In NDSS.
[17]. Cimpanu, C. (2016). Toy Maker Mattel Loses $3M in
BEC Scam, Then Fights for it and Gets It Back. Retrieved
from https://news.softpedia.com/news/toy-makermattel-
loses-3m-in-bec-scam-then-fights-for-it-andgets-
it-back-502401.shtml
[18]. Cobb, M . (2011). The fight against phishing: Utilizing
SPF and DKIM authentication technology. Retrieved from
http://searchsecurity.techtarget.com/answer/The-fightagainst-
phishing-Utilizing-SPF-and-DKIM-authenticationtechnology
[19]. Comparison of DNS blacklists. (2017). In Wikipedia.
Retrieved from https://en.wikipedia.org/w/index.php?
title=Comparison_of_DNS_blacklists&oldid=79565
9445
[20]. Conway, D., Taib, R., Harris, M., Yu, K., Berkovsky, S.,
& Chen, F. (2017). A qualitative investigation of bank
employee experiences of information security and
phishing. In Thirteenth Symposium on Usable Privacy and
Security (SOUPS 2017) (pp. 115-129). USENIX Association.
[21]. Crowe, J. (2016). Phishing by the Numbers: Must-
Know Phishing Statistics 2016 [Blog Post]. Retrieved from
https://blog.barkly.com/phishing-statistics-2016
[22]. Cui, Q., Jourdan, G.V., Bochmann, G. V., Couturier,
R., & Onut, I.V. (2017). Tracking phishing attacks over time.
th In Proceedings of the 26 International Conference on
World Wide Web WWW '17 (pp. 667-676). Republic and
Canton of Geneva, Switzerland: International World Wide
Web Conferences Steering Committee.
[23]. Denning, T., Lerner, A., Shostack, A., & Kohno, T.
(2013). Control-Alt Hack: The design and evaluation of a
card game for computer security awareness and
education. In Proceedings of the 2013 ACM SIGSAC
Conference on Computer & Communications Security
CCS '13 (pp. 915– 928). New York, NY, USA: ACM.
[24]. Dewan, P., & Kumaraguru, P. (2015). Detecting
Malicious Content on Facebook. arXiv preprint
arXiv:1501.00802.
[25]. Dewan, P., & Kumaraguru, P. (2017). Facebook
Inspector (FbI): Towards automatic real-time detection of
malicious content on Facebook. Social Network Analysis and Mining, 7(1), 15.
[26]. Dewan, P., Bagroy, S., & Kumaraguru, P. (2016).
Hiding in plain sight: Characterizing and detecting
malicious Facebook pages. In 2016 IEEE/ACM
International Conference on Advances in Social
Networks Analysis and Mining (ASONAM), 193-196.
[27]. Dewan, P., Kashyap,A.,& Kumaraguru, P. (2014).
Analyzing social and stylometric features to identify spear
phishing emails. In 2014 APWG Symposium on Electronic
Crime Research (eCrime) (pp. 1-13).
[28]. DNSBL. (2017). In Wikipedia. Retrieved from
https://en.wikipedia.org/w/index.php?title=DNSBL&
oldid=800548089
[29]. Duman, S., Kalkan-Cakmakci, K., Egele, M.,
Robertson, W., & Kirda, E. (2016). Email Profiler:
Spearphishing filtering with header and stylometric
features of emails. In Computer Software and
th Applications Conference (COMPSAC), 2016 IEEE 40
Annual (Vol. 1, pp. 408-416). IEEE.
[30]. Durumeric, Z., Adrian, D., Mirian, A., Kasten, J.,
Bursztein, E., Lidzborski, N., & Halderman, J. A. (2015).
Neither snow nor rain nor MITM...: An empirical analysis of
email delivery security. In Proceedings of the 2015
Internet Measurement Conference (pp. 27-39). ACM.
[31]. Egelman, S., Cranor, L. F., & Hong, J. (2008). You've
been warned: An empirical study of the effectiveness of
web browser phishing warnings. In Proceedings of the
SIGCHI Conference on Human Factors in Computing
Systems (pp. 1065-1074). ACM.
[32]. Email Security or Anti-Phishing PhyllisTM | Wombat
Security. (2017). Retrieved from https://www.wombat
security.com/training-modules/email-security-or-antiphishing-
phyllis
[33]. Equifax or Equiphish? — Krebs on Security. (2017).
Retrieved from https://krebsonsecurity.com/2017/09/
equifax-or-equiphish/
[34]. Felt, A. P., Reeder, R. W., Ainslie, A., Harris, H., Walker,
M., Thompson, C.,... & Consolvo, S. (2016). Rethinking
Connection Security Indicators. In SOUPS (pp. 1-14).
[35]. Ferguson, A. J. (2005). Fostering E-Mail Security Awareness: The West Point Carronade. EDUCASE
Quarterly, 1. Retrieved March 22, 2006 from
http://www.educause.edu/ ir/library/pdf/eqm0517.pdf
[36]. Fette, I., Sadeh, N., & Tomasic, A. (2007). Learning to
th detect phishing emails. In Proceedings of the 16
International Conference on World Wide Web (pp. 649-
656). ACM.
[37]. Fox-Brewster, T. (2016). Who's Better at Phishing
Twitter, Me Or Artificial Intelligence? Retrieved from
h t t p s : / / w w w. f o r b e s. c o m / s i t e s / t h o m a s b r e w s t e r /
2016/07/25/artificial-intelligence-phishing- twitter-bots
[38]. Gaffney, G. (2011). The Myth of the stupid user.
Information & Design. Retrieved from http://infodesign.
com.au/usabilityresources/articles/themythofthestu
piduser/
[39]. Garera, S., Provos, N., Chew, M., & Rubin, A. D.
(2007). A framework for detection and measurement of
phishing attacks. In Proceedings of the 2007 ACM
workshop on Recurring malcode (pp. 1-8). ACM.
[40]. Google Chrome Privacy Whitepaper. (2017).
Retrieved from https://www.google.co.in/chrome/
browser/privacy/whitepaper.html
[41]. Google Safe Browsing. (2017). In Wikipedia.
Retrieved from https://en.wikipedia.org/wiki/Google_
Safe_Browsing
[42]. Gorling, S. (2006). The Myth of User Education. In
th Proceedings of the 16 Virus Bulletin International
Conference.
[43]. Hara, M., Yamada, A., & Miyake, Y. (2009). Visual
similarity-based phishing detection without victim site
information. In Computational Intelligence in Cyber
Security, 2009. CICS'09. IEEE Symposium on (pp. 30-36).
IEEE.
[44]. He, M., Horng, S. J., Fan, P., Khan, M. K., Run, R. S., Lai,
J. L., ...& Sutanto, A. (2011). An efficient phishing
webpage detector. Expert Systems with Applications,
38(10), 12018-12027.
[45]. Herley, C. (2009). So long, and no thanks for the
externalities: the rational rejection of security advice by
users. In Proceedings of the 2009 Workshop on New security paradigms workshop (pp. 133-144). ACM.
[46]. Ho, G., Sharma, A., Javed, M., Paxson, V., & Wagner,
D. (2017). Detecting Credential Spearphishing in
th Enterprise Settings. In 26 Security Symposium (pp. 469-
485). USENIX Association.
[47]. Hong, J. (2012). The state of phishing attacks.
Communications of the ACM, 55(1), 74-81.
[48]. Internet Crime Complaint Center (IC3) (2016).
Business E-mail Compromise: The 3.1 Billion Dollar Scam.
Retrieved from https://www.ic3.gov/media/2016/
160614.aspx
[49]. Jackson, C., Simon, D. R., Tan, D. S., & Barth, A.
(2007). An evaluation of extended validation and picturein-
picture phishing attacks. In International Conference
on Financial Cryptography and Data Security (pp. 281-
293). Springer, Berlin, Heidelberg.
[50]. Jagatic, T. N., Johnson, N. A., Jakobsson, M., &
Menczer, F. (2007). Social phishing. Communications of
the ACM, 50(10), 94-100.
[51]. Jain, A. K., & Gupta, B. B. (2017). Phishing detection:
Analysis of visual similarity based approaches. Security
and Communication Networks, 2017.
[52]. Kennedy, M. (2017). After Massive Data Breach,
Equifax Directed Customers to Fake Site. Retrieved from
h t t p : / / w w w. n p r. o r g / s e c t i o n s / t h e t w o -w a y / 2 0 1 7 /
09/21/552681357/after-massive-data-breach-equifaxdirected-
customers-to-fake-site
[53]. Khonji, M., Iraqi, Y., & Jones, A. (2011). Mitigation of
spear phishing attacks: A content-based authorship
identification framework. In Internet Technology and
Secured Transactions (ICITST), 2011 International
Conference on (pp. 416-421). IEEE.
[54]. Khonji, M., Iraqi, Y., & Jones, A. (2013). Phishing
detection: A literature survey. IEEE Communications
Surveys & Tutorials, 15(4), 2091-2121.
[55]. Kumaraguru, P. (2009). Phishguru: A system for
educating users about semantic attacks. Carnegie
Mellon University.
[56]. Kumaraguru, P., Cranshaw, J., Acquisti, A., Cranor,
L., Hong, J., Blair, M. A., & Pham, T. (2009). School of phish: A real-world evaluation of anti-phishing training. In
th Proceedings of the 5 Symposium on Usable Privacy and
Security (p. 3). ACM.
[57]. Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L. F.,
Hong, J., & Nunge, E. (2007). Protecting people from
phishing: The design and evaluation of an embedded
training email system. In Proceedings of the SIGCHI
Conference on Human Factors in Computing Systems
(pp. 905-914). ACM.
[58]. Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L. F.,
& Hong, J. (2010). Teaching Johnny not to fall for phish.
ACM Transactions on Internet Technology (TOIT), 10(2), 7.
[59]. Lastdrager, E., Gallardo, I. C., Hartel, P., & Junger, M.
(2017). How Effective is Anti-Phishing Training for Children?
In Symposium on Usable Privacy and Security (SOUPS).
[60]. Lin, E., Greenberg, S., Trotter, E., Ma, D., & Aycock, J.
(2011). Does domain highlighting help people identify
phishing sites? In Proceedings of the SIGCHI Conference
on Human Factors in Computing Systems (pp. 2075-
2084). ACM.
[61]. Ludl, C., McAllister, S., Kirda, E., & Kruegel, C. (2007).
On the effectiveness of techniques to detect phishing
sites. In International Conference on Detection of
Intrusions and Malware, and Vulnerability Assessment (pp.
20-39). Springer, Berlin, Heidelberg.
[62]. Ma, J., Saul, L. K., Savage, S., & Voelker, G. M. (2009).
Beyond blacklists: learning to detect malicious web sites
th from suspicious URLs. In Proceedings of the 15 ACM
SIGKDD International Conference on Knowledge
Discovery and Data Mining (pp. 1245-1254). ACM.
[63]. Muncaster, P. (2017). Social Media Phishing Attacks
Soar 500%. Retrieved from https://www.infosecuritymagazine.
com/news/social-media-phishing-attackssoar/
[64]. New York State Office of Cyber Security & Critical
Infrastructure Coordination. Gone Phishing. A Briefing on
the Anti-Phishing Exercise Initiative for New York State
Government. Aggregate Exercise Results for public
release.
[65]. Nicholson, J., Coventry, L., & Briggs, P. (2017). Can
we fight social engineering attacks by social means? Assessing social salience as a means to improve phish
detection. In Thirteenth Symposium on Usable Privacy and
Security (SOUPS 2017) (pp. 285-298). USENIX Association.
[66]. Oliveira, D., Rocha, H., Yang, H., Ellis, D.,
Dommaraju, S., Muradoglu, M., ... & Ebner, N. (2017).
Dissecting spear phishing emails for older vs young adults:
On the interplay of weapons of influence and life domains
in predicting susceptibility to phishing. In Proceedings of
the 2017 CHI Conference on Human Factors in
Computing Systems (pp. 6412-6424). ACM.
[67]. Phishing Activity Trends Report. Retrieved from
http://docs.apwg.org/reports/apwg_trends_report_q4_2
016.pdf
[68]. Phishing Scamsat All-TimeHigh, Employee Training
NotKeeping Pace | Wombat Security. (2017). Retrieved
from https://www.wombatsecurity.com/about/news/
phishing-scams-all-time-high-employee-training-notkeeping-
pace
[69]. Phishing threatens today’s economy. (2017). In NY
Times. Retrieved from https://cdn2.hubspot.net/hub/
372792/file-1519503800-pdf/ Phishing Threatens Todays
Economy NY Times FINAL.pdf
[70]. PhishTank > Frequently Asked Questions (FAQ).
(2017). Retrieved from http://www.phishtank.com/faq.
php#howisphishtankdiffer
[71]. PhishTank> Friends of PhishTank. (2017). Retrieved
from https://www.phishtank.com/friends.php
[72]. Postmaster Tools – Google. (2017). Retrieved from
https://gmail.com/ postmaster/
[73]. Prakash, P., Kumar, M., Kompella, R. R., & Gupta, M.
(2010). Phishnet: Predictive blacklisting to detect phishing
attacks. In INFOCOM, 2010 Proceedings IEEE (pp. 1-5).
IEEE.
[74]. Ramesh, G., Krishnamurthi, I., & Kumar, K. S. S.
(2014). An efficacious method for detecting phishing
webpages through target domain identification. Decision
Support Systems, 61, 12-22.
[75]. Robertson, A. (2017). Google Docs users hit with
sophisticated phishing attack. Retrieved from
https://www.theverge.com/2017/5/3/15534768/googledocs-phishing-attack-share-this-document-with-youspam
[76]. Rosiello, A. P., Kirda, E., & Ferrandi, F. (2007). A layoutsimilarity-
based approach for detecting phishing pages.
In Security and Privacy in Communications Networks and
the Workshops, 2007. SecureComm 2007. Third
International Conference on (pp. 454-463). IEEE.
[77]. Sachs, D. (2013). How to Take Down a Phishing Site: 5
Crucial Steps. Retrieved from http://info.brand
protect.com/blog/blog/bid/88212/how-to- take-down-aphishing-
site-5-crucial-steps
[78]. Schechter, S. E., Dhamija, R., Ozment, A., & Fischer, I.
(2007). The emperor's new security indicators. In Security
and Privacy, 2007. SP'07. IEEE Symposium on (pp. 51-65).
IEEE.
[79]. Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L. F.,
& Downs, J. (2010). Who falls for phish?: A demographic
analysis of phishing susceptibility and effectiveness of
interventions. In Proceedings of the SIGCHI Conference
on Human Factors in Computing Systems (pp. 373-382).
ACM.
[80]. Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A.,
Cranor, L. F., Hong, J., & Nunge, E. (2007). Anti-phishing
phil: The design and evaluation of a game that teaches
rd people not to fall for phish. In Proceedings of the 3
Symposium on Usable Privacy and Security (pp. 88-99).
ACM.
[81]. Sheng, S., Wardman, B., Warner, G., Cranor, L. F.,
Hong, J., & Zhang, C. (2009). An empirical analysis of
phishing blacklists. In CEAS 2009 - Sixth Conference on
Email and Anti-Spam.
[82]. Social engineering (security) page Version ID:
800193757. (2017). In Wikipedia. Retrieved from
https://en.wikipedia. org/wiki/Webserver_directory_index
[83]. Stringhini, G., & Thonnard, O. (2015). That ain't you:
Blocking spearphishing through behavioral modelling. In
International Conference on Detection of Intrusions and
Malware, and Vulnerability Assessment (pp. 78-97).
Springer, Cham.
[84]. The Spamhaus Project Frequently Asked Questions
(FAQ). (2017). Retrieved from https://www.spamhaus.org/ faq/section/Spamhaus20DBL#371
[85]. Thunderbird's Scam Detection | Thunderbird Help
(2017). Retrieved from https://support.mozilla.org/en-
US/kb/thunderbirds-scam-detection#wthunderbirdsautomatic-
scam-filtering
[86]. Toolan, F., & Carthy, J. (2009). Phishing detection
using classifier ensembles. In eCrime Researchers
Summit, 2009. eCRIME'09 (pp. 1-9). IEEE.
[87]. Vaas, L. (2016). How hackers broke into John
Podesta, DNC Gmail accounts – Naked Security.
Retrieved from https://nakedsecurity.sophos.com/
2016/10/25/how-hackers-broke-into-john-podesta-dncgmail-
accounts/
[88]. Vishwanath, A. (2014). Habitual Facebook use and
its impact on getting deceived on social media. Journal
of Computer-Mediated Communication, 20(1), 83-98.
[89]. Wang, J., Li, Y., & Rao, H. R. (2016). Overconfidence
in phishing email detection. Journal of the Association for
Information Systems, 17(11), 759-783.
[90]. Weinberg, N. (2013). How to blunt spear phishing
attacks?. Retrieved from https://www.networkworld.com/
article/2164139/network-security/how-to-blunt-spearphishing-
attacks.html
[91]. Welcome to APWG & CMU's Phishing Education
Landing Page (2017). Retrieved from http://phishphisheducation.
apwg.org/r/en/index.htm
[92]. Wen, Z. A., Li, Y., Wade, R., Huang, J., & Wang, A.
(2017). What.Hack: Learn Phishing Email Defence the Fun
Way. In Proceedings of the 2017 CHI Conference
Extended Abstracts on Human Factors in Computing
Systems (pp. 234-237). ACM.
[93]. Wenyin, L., Liu, G., Qiu, B., & Quan, X. (2012).
Antiphishing through phishing target discovery. IEEE
Internet Computing, 16(2), 52-61.
[94]. Whittaker, C., Ryner, B., & Nazif, M. (2010). Largescale
automatic classification of phishing pages. In NDSS
(Vol. 10, p. 2010).
[95]. Wu, M., Miller, R. C., & Garfinkel, S. L. (2006). Do
security toolbars actually prevent phishing attacks?, In
Proceedings of the SIGCHI Conference on Human
Factors in Computing Systems (pp. 601-610). ACM.
[96]. Zhang, H., Liu, G., Chow, T. W., & Liu, W. (2011).
Textual and visual content-based anti-phishing: A
Bayesian approach. IEEE Transactions on Neural
Networks, 22(10), 1532-1546.
[97]. Zhang, Y., Hong, J. I., & Cranor, L. F. (2007). Cantina:
a content-based approach to detecting phishing web
th sites. In Proceedings of the 16 International Conference
on World Wide Web (pp. 639-648). ACM.
