Identifying the critical indicators for phishing detection in Iranian e-banking system

Phishing is a type of electronic identity theft in which a combination of social engineering and website spoofing techniques is used to deceive a user into giving away confidential information with economic value. Phishing has flourished exponentially together with the expansion of the Internet. This flourish and the development of technology has not only benefitted Internet users, but also has enabled criminals to enhance their influence which has caused profound damage to this budding area of commerce. Moreover, it has negatively impacted on both the user and online business, breaking down the trust relationship between them. Developing countries like Iran are new to cyber threats such as phishing and due to cultural and social differences, the phishing techniques used by phishers can be different. Relatively the method of detection can be customized to increase efficiency. Identifying the critical phishing characteristics is one of important prerequisites of designing a precise phishing detection system. In this paper we made a survey to find overriding phishing indicators which best fits websites of Iranian banks. We prepared a questionnaire to access experts´ viewpoints about the degree of importance of each indicator regarding e-banking in Iran. After gathering respondent data, we used Exploratory Factor Analysis to determine the critical indicators which are effective for phishing detection in Iranian e-banking system.