Identifying Phishing Threats in Government Web Services

Yunsang Oh, Takashi Obi

Abstract


The governmental use of Web technologies, including e-Government, has many advantages for citizens, but progress in this relationship has highlighted information security as an important issue in preserving a citizen’s privacy. Unfortunately, unique governmental characteristics lead users to authenticate its service unwillingly; users may investigate service’s possible and likely vulnerabilities carelessly when perceiving trustworthiness. In this paper, we study a threat model about how government Web services become privacy leak targets, especially through phishing attacks. We identify three service characteristics, sensitivity, involuntarity, and linkability, and illustrate how phishers can effectively exploit these characteristics. Furthermore, we conducted a real phishing attack experiment, hijacking a government-certified commercial service in South Korea to complete our investigation. Finally, we propose mitigation strategies for building a trustworthy government Web service against phishing attacks.


Full Text:

PDF
Total views : 44 times

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.