Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies

Maher Aburrous, Alamgir Hossain, Keshav Dahal, Fadi Thabtah

    Research output: Contribution to journalArticlepeer-review

    44 Citations (Scopus)


    Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing website attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing website attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed.
    Original languageEnglish
    Pages (from-to)242-253
    JournalJournal of Cognitive Computation
    Issue number3
    Publication statusPublished - 2010


    Dive into the research topics of 'Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies'. Together they form a unique fingerprint.

    Cite this