Phishing within e-commerce: A trust and confidence game

Abstract

E-Commerce has been plagued with problems since its inception and this paper examines one of these problems: The lack of user trust in E-commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefitted honest Internet users, but has enabled criminals to increase their effectiveness which has caused considerable damage to this budding area of commerce. Moreover, it has negatively impacted on both the user and online business, breaking down the trust relationship between them. In an attempt to explore this problem, the following was considered; firstly, e-commerce's vulnerability to phishing attacks. By referring to the Common Criteria Security Model, various critical security areas within e-commerce are identified, and with that, the areas of vulnerability and weakness. Secondly, the methods and techniques used in phishing such as phishing emails, phishing websites and addresses, distributed attacks and redirected attacks as well as the data that phishers seek to obtain, is examined. Furthermore, the way to reduce the risk of phishing and in turn increase the trust between users and websites is explored. Here the importance of Trust and the Uncertainty Reduction Theory plus the fine balance between trust and control is explored. Finally, the paper presents Critical Success Factors that aid in phishing prevention and control, these being: User Authentication, Website Authentication, Email Authentication, Data Cryptography, Communication, and Active Risk Mitigation.