PREVENTION OF PHISHING ATTACKS: A THREE-PILLARED APPROACH

Abstract

This paper presents a three-pillared strategy for the prevention of phishing attacks. Phishing is a deceptive method of creating and distributing emails and/or websites that attempt to fool users into sharing sensitive financial or identification information. Current literature agrees that these scams can be highly damaging to companies, their employees, and their stakeholders. Unlike traditional scams, though, the Internet adds a layer of anonymity and even invisibility, making it far more difficult to identify the source of the scam, or, in some cases, masking the fact that a scam has been perpetrated. In this paper, we first review information about tactics that can effectively reduce the success rate of phishing attempts. We then formulate a three-pillared prevention strategy based on: (1) one-time passwords, (2) multi-level desktop barrier applications, and (3) behavior modification. By utilizing this approach, individuals and organizations should be better able to protect their information and decrease the damage caused by phishing attacks.