Jason Hong

Communications of the ACM

January 2012

Phishing is a kind of social engineering attack in which criminals use spoofed emails to trick people into sharing sensitive information or installing malware on their computers. This article presents an overview of phishing attacks, surveying how phishing attacks work, why people fall for phishing attacks, estimates of the damage of phishing attacks, and how to protect people from these attacks.

anti-phishing phil, phishguru, phishing, usable privacy and security