{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T02:37:37Z","timestamp":1761964657194,"version":"3.41.2"},"reference-count":38,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2015,7,13]],"date-time":"2015-07-13T00:00:00Z","timestamp":1436745600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,7,13]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>\u2013 This paper aims to report on research that tests the effectiveness of anti-phishing tools in detecting phishing attacks by conducting some real-time experiments using freshly hosted phishing sites. Almost all modern-day Web browsers and antivirus programs provide security indicators to mitigate the widespread problem of phishing on the Internet.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>\u2013 The current work examines and evaluates the effectiveness of five popular Web browsers, two third-party phishing toolbar add-ons and seven popular antivirus programs in terms of their capability to detect locally hosted spoofed websites. The same tools have also been tested against fresh phishing sites hosted on Internet.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>\u2013 The experiments yielded alarming results. Although the success rate against live phishing sites was encouraging, only 3 of the 14 tools tested could successfully detect a single spoofed website hosted locally.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>\u2013 This work proposes the inclusion of domain name system server authentication and verification of name servers for a visiting website for all future anti-phishing toolbars. It also proposes that a Web browser should maintain a white list of websites that engage in online monetary transactions so that when a user requires to access any of these, the default protocol should always be HTTPS (Hypertext Transfer Protocol Secure), without which a Web browser should prevent the page from loading.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-02-2013-0009","type":"journal-article","created":{"date-parts":[[2015,6,10]],"date-time":"2015-06-10T13:45:13Z","timestamp":1433943913000},"page":"333-346","source":"Crossref","is-referenced-by-count":18,"title":["Examining the effectiveness of phishing filters against DNS based phishing attacks"],"prefix":"10.1108","volume":"23","author":[{"given":"Swapan","family":"Purkait","sequence":"first","affiliation":[]}],"member":"140","reference":[{"key":"key2020122223223541300_b1","doi-asserted-by":"crossref","unstructured":"Abu-Nimeh, S. (2008), \u201cBypassing security toolbars and phishing filters via DNS poisoning\u201d, IEEE GLOBECOM 2008: Proceeding of the Global Telecommunications Conference, New Orleans, LO, pp. 1-6.","DOI":"10.1109\/GLOCOM.2008.ECP.386"},{"key":"key2020122223223541300_b2","doi-asserted-by":"crossref","unstructured":"Anderson, K.B. , Durbin, E. and Salinger, M.A. (2008), \u201cIdentity theft\u201d, Journal of Economic Perspectives , Vol. 22 No. 2, pp. 171-192.","DOI":"10.1257\/jep.22.2.171"},{"key":"key2020122223223541300_b3","unstructured":"APWG (2014), \u201cPhishing activity trends report: anti-phishing working group (APWG)\u201d, available at: http:\/\/docs.apwg.org\/reports\/apwg_trends_report_q2_2014.pdf (accessed November 2014)."},{"key":"key2020122223223541300_b4","doi-asserted-by":"crossref","unstructured":"Bakhshi, T. , Papadaki, M. and Furnell, S. (2009), \u201cSocial engineering: assessing vulnerabilities in practice\u201d, Information Management & Computer Security , Vol. 17 No. 1, pp. 53-63.","DOI":"10.1108\/09685220910944768"},{"key":"key2020122223223541300_b5","unstructured":"Brody, R.G. , Mulig, E. and Kimball, V. (2007), \u201cPhishing, pharming and identity theft\u201d, Academy of Accounting and Financial Studies Journal , Vol. 11 No. 3, pp. 43-56."},{"key":"key2020122223223541300_b6","doi-asserted-by":"crossref","unstructured":"Chen, X. , Bose, I. , Leung, A.C.M. and Guo, C. (2010), \u201cAssessing the severity of phishing attacks: a hybrid data mining approach\u201d, Decision Support Systems , Vol. 50 No. 4, pp. 662-672.","DOI":"10.1016\/j.dss.2010.08.020"},{"key":"key2020122223223541300_b7","unstructured":"Chou, N. , Ledesma, R. , Teraguchi, Y. and Mitchell, J.C. (2004), \u201cClient-side defense against web-based identity theft\u201d, Proceedings of the Network and Distributed System Security Symposium, NDSS 2004 , San Diego, CA."},{"key":"key2020122223223541300_b8","doi-asserted-by":"crossref","unstructured":"Davinson, N. and Sillence, E. (2010), \u201cIt won\u2019t happen to me: promoting secure behaviour among internet users\u201d, Computers in Human Behaviour , Vol. 26 No. 6, pp. 1739-1747.","DOI":"10.1016\/j.chb.2010.06.023"},{"key":"key2020122223223541300_b9","doi-asserted-by":"crossref","unstructured":"Dhamija, R. , Tygar, J.D. and Hearst, M. (2006), \u201cWhy phishing works\u201d, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM Press, New York, NY, pp. 581-590.","DOI":"10.1145\/1124772.1124861"},{"key":"key2020122223223541300_b10","unstructured":"Download (2014), \u201cPhishing downloads \u2013 free software downloads and software reviews\u201d, available at: http:\/\/download.cnet.com\/1770-20_4-0.html?query=phishing & platform=Windows & searchtype=downloads (accessed November 2014)."},{"key":"key2020122223223541300_b38","unstructured":"Emigh, A. (2005), \u201cOnline identity theft: phishing technology, chokepoints and countermeasures\u201d, ITTC Report on Online Identity Theft Technology and Countermeasures , available at: www.antiphishing.org\/Phishing-dhs-report.pdf (accessed November 2010)."},{"key":"key2020122223223541300_b11","doi-asserted-by":"crossref","unstructured":"Fogg, B.J. , Marshall, J. , Laraki, O. , Osipovich, A. , Varma, C. , Fang, N. , Paul, J. , Rangnekar, A. , Shon, J. , Swani, S. and Treinen, A. (2001), \u201cWhat makes Web sites credible? A report on a large quantitative study\u201d, Proceedings of the SIGCHI conference on Human Factors in Computing Systems, Seattle, WA, March, pp. 61-68.","DOI":"10.1145\/365024.365037"},{"key":"key2020122223223541300_b12","doi-asserted-by":"crossref","unstructured":"Forte, D. (2009), \u201cAnatomy of a phishing attack: a high-level overview\u201d, Network Security , Vol. 2009 No. 4, pp. 17-19.","DOI":"10.1016\/S1353-4858(09)70042-X"},{"key":"key2020122223223541300_b13","doi-asserted-by":"crossref","unstructured":"Furnell, S.M. (2007), \u201cPhishing: can we spot the signs?\u201d, Computer Fraud & Security , Vol. 2007 No. 3, pp. 10-15.","DOI":"10.1016\/S1361-3723(07)70035-0"},{"key":"key2020122223223541300_b14","doi-asserted-by":"crossref","unstructured":"Furnell, S.M. (2009), \u201cThe irreversible march of technology\u201d, Information Security Technical Report , Vol. 14 No. 4, pp. 176-180.","DOI":"10.1016\/j.istr.2010.04.002"},{"key":"key2020122223223541300_b15","unstructured":"Google (2014), \u201cChanging the HTTPS setting \u201d gmail help\u201d, available at: http:\/\/support.google.com\/mail\/bin\/answer.py?hl=en & answer=74765 (accessed November 2014)."},{"key":"key2020122223223541300_b16","doi-asserted-by":"crossref","unstructured":"Herzberg, A. (2009), \u201cWhy Johnny can\u2019t surf (safely)? Attacks and defenses for web users\u201d, Computer & Security , Vol. 28 Nos 1\/2, pp. 63-71.","DOI":"10.1016\/j.cose.2008.09.007"},{"key":"key2020122223223541300_b17","unstructured":"Herzberg, A. and Jbara, A. (2008), \u201cSecurity and identification indicators for browsers against spoofing and phishing attacks\u201d, ACM Transactions on Internet Technology , Vol. 8 No. 4, Article 16."},{"key":"key2020122223223541300_b18","doi-asserted-by":"crossref","unstructured":"Hunter, P. (2006), \u201c2005 IT security highlights \u2013 the day of the amateur hacker has gone, but there are still plenty of amateur users\u201d, Computer Fraud & Security , Vol. 2006 No. 1, pp. 13-17.","DOI":"10.1016\/S1361-3723(06)70296-2"},{"key":"key2020122223223541300_b20","doi-asserted-by":"crossref","unstructured":"Jakobsson, M. , Johnson, N. and Finn, P. (2008), \u201cWhy and how to perform fraud experiments\u201d, IEEE Security and Privacy , Vol. 6 No. 2, pp. 66-68.","DOI":"10.1109\/MSP.2008.52"},{"key":"key2020122223223541300_b19","doi-asserted-by":"crossref","unstructured":"Jakobsson, M. , Tsow, A. , Shah, A. , Blevis, E. and Lim, Y.K. (2007), \u201cWhat instills trust? A qualitative study of phishing\u201d, Lecture Notes in Computer Science, Volume 4886 , Springer Verlag, Heidelberg, pp. 356-361.","DOI":"10.1007\/978-3-540-77366-5_32"},{"key":"key2020122223223541300_b21","doi-asserted-by":"crossref","unstructured":"Kang, J. and Lee, D. (2007), \u201cAdvanced white list approach for preventing access to phishing sites\u201d, Proceedings of International Conference on Convergence Information Technology, Gyeongju, pp. 491-496.","DOI":"10.1109\/ICCIT.2007.50"},{"key":"key2020122223223541300_b22","doi-asserted-by":"crossref","unstructured":"Li, L. and Helenius, M. (2007), \u201cUsability evaluation of anti-phishing toolbars\u201d, Journal in Computer Virology , Vol. 3 No. 2, pp. 163-184.","DOI":"10.1007\/s11416-007-0050-4"},{"key":"key2020122223223541300_b23","doi-asserted-by":"crossref","unstructured":"Liu, W. , Deng, X. , Huang, G. and Fu, A.Y. (2006), \u201cAn antiphishing strategy based on visual similarity assessment\u201d, Internet Computing, IEEE , Vol. 10 No. 2, pp. 58-65.","DOI":"10.1109\/MIC.2006.23"},{"key":"key2020122223223541300_b24","doi-asserted-by":"crossref","unstructured":"Mockapetris, P. (1987), \u201cDomain implementation and specification\u201d, Request for Comments: 1035 , available at: www.ietf.org\/rfc\/rfc1035.txt (accessed November 2010).","DOI":"10.17487\/rfc1035"},{"key":"key2020122223223541300_b25","doi-asserted-by":"crossref","unstructured":"Parno, B. , Kuo, C. and Perrig, A. (2006), \u201cPhoolproof phishing prevention\u201d, Financial Cryptography and Data Security: 10th International Conference , FC 2006 Anguilla, British West Indies, February 27 \u2013 March 2.","DOI":"10.1007\/11889663_1"},{"key":"key2020122223223541300_b26","unstructured":"PhishTank (2014), \u201cPhishTank > statistics about phishing activity and phishtank usage > May 2014\u201d, available at: www.phishtank.com\/stats\/2014\/05\/ (accessed November 2014)."},{"key":"key2020122223223541300_b27","doi-asserted-by":"crossref","unstructured":"Purkait, S. (2012), \u201cPhishing counter measures and their effectiveness \u2013 literature review\u201d, Information Management & Computer Security , Vol. 20 No. 5, pp. 382-420.","DOI":"10.1108\/09685221211286548"},{"key":"key2020122223223541300_b28","unstructured":"Purkait, S. (2012a), \u201cVirtual browser: an on-demand service to prevent phishing attacks\u201d, The IUP Journal of Information Technology , Vol. 8 No. 2, pp. 7-23."},{"key":"key2020122223223541300_b29","unstructured":"Purkait, S. (2012b), \u201cExploring the factors that influence an Internet user\u2019s ability to correctly identify phishing websites\u201d, The IUP Journal of Information Technology , Vol. 8 No. 3, pp. 7-38."},{"key":"key2020122223223541300_b30","doi-asserted-by":"crossref","unstructured":"Purkait, S. , De, S.K. and Suar, D. (2014), \u201cAn empirical investigation of the factors that influence internet user\u2019s ability to correctly identify a phishing website\u201d, Information Management & Computer Security , Vol. 22 No. 3.","DOI":"10.1108\/IMCS-05-2013-0032"},{"key":"key2020122223223541300_b31","unstructured":"RSA (2014), \u201cThe current state of cybercrime 2014\u201d, available at: www.emc.com\/auth\/collateral\/white-paper\/rsa-cyber-crime-report-0414.pdf (accessed November 2014)."},{"key":"key2020122223223541300_b32","doi-asserted-by":"crossref","unstructured":"Schechter, S.E. , Dhamija, R. , Ozment, A. and Fischer, I. (2007), \u201cThe emperor\u2019s new security indicators\u201d, SP \u201807 Proceedings of the 2007 IEEE Symposium on Security and Privacy, Berkeley, CA, pp. 51-65.","DOI":"10.1109\/SP.2007.35"},{"key":"key2020122223223541300_b33","doi-asserted-by":"crossref","unstructured":"Sharifi, M. and Siadati, S.H. (2008), \u201cA phishing sites blacklist generator\u201d, Proceedings of AICCSA 2008, IEEE\/ACS International Conference on Computer Systems and Applications, Doha, pp. 840-843.","DOI":"10.1109\/AICCSA.2008.4493625"},{"key":"key2020122223223541300_b34","unstructured":"Verisign (2014), \u201cThe domain name industry brief\u201d, Vol. 11 No. 2, available at: www.verisigninc.com\/assets\/domain-name-brief-july2014.pdf (accessed November 2014)."},{"key":"key2020122223223541300_b35","doi-asserted-by":"crossref","unstructured":"Wu, M. , Miller, R.C. and Garfinkel, S.L. (2006), \u201cDo security toolbars actually prevent phishing attacks?\u201d, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM Press, New York, NY, pp. 601-610.","DOI":"10.1145\/1124772.1124863"},{"key":"key2020122223223541300_b36","doi-asserted-by":"crossref","unstructured":"Zhang, W. , Luo, X. , Burd, S.D. and Seazzu, A.F. (2012), \u201cHow could i fall for that? Exploring phishing victimization with the heuristic-systematic model\u201d, Proceedings of the 45th Hawaii International Conference on System Science (HICSS), Maui, HI, pp. 2374-2380.","DOI":"10.1109\/HICSS.2012.302"},{"key":"key2020122223223541300_b37","unstructured":"Zhang, Y. , Egelman, S. , Cranor, L. and Hong, J. (2007), \u201cPhinding phish: an evaluation of anti-phishing tools\u201d, Proceedings of the ISOC Symposium on Network and Distributed System Security, Internet Society, San Diego, CA."}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-02-2013-0009","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-02-2013-0009\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-02-2013-0009\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:39Z","timestamp":1753406559000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/23\/3\/333-346\/109571"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,7,13]]},"references-count":38,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2015,7,13]]}},"alternative-id":["10.1108\/ICS-02-2013-0009"],"URL":"https:\/\/doi.org\/10.1108\/ics-02-2013-0009","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2015,7,13]]}}}