K. Beznosov and O. Beznosova, On the imbalance of the security problem space and its expected consequences, Information Management & Computer Security, vol.15, issue.5, pp.420-431, 2007.
DOI : 10.1108/09685220710831152

M. Cobb, Preventing phishing attacks: Enterprise best practices, SearchSecurity.co.uk, 2010.

C. Colwill, Human factors in information security: The insider threat ??? Who can you trust these days?, Information Security Technical Report, vol.14, issue.4, pp.1-11, 2010.
DOI : 10.1016/j.istr.2010.04.004

R. Dhamija, J. D. Tygar, and M. Hearst, Why phishing works, Proceedings of the SIGCHI conference on Human Factors in computing systems , CHI '06, pp.581-590, 2006.
DOI : 10.1145/1124772.1124861

J. S. Downs, M. Holbrook, and L. F. Cranor, Behavioral response to phishing risk, Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit on , eCrime '07, pp.37-44, 2007.
DOI : 10.1145/1299015.1299019
URL : http://repository.cmu.edu/cgi/viewcontent.cgi?article=1044&context=isr

C. E. Drake, J. J. Oliver, and E. J. Koontz, Anatomy of a Phishing Email, Conference on Email and Anti-Spam (CEAS). Citeseer, 2004.

S. Egelman, L. F. Cranor, and J. Hong, You've been warned, Proceeding of the twenty-sixth annual CHI conference on Human factors in computing systems , CHI '08, pp.106-1074, 2008.
DOI : 10.1145/1357054.1357219

I. Fette, N. Sadeh, and A. Tomasic, Learning to detect phishing emails, Proceedings of the 16th international conference on World Wide Web , WWW '07, pp.649-656, 2007.
DOI : 10.1145/1242572.1242660
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.90.3251

E. D. Frauenstein and R. Von-solms, Phishing: How an organisation can protect itself, Information Security South Africa, pp.253-268, 2009.

E. D. Frauenstein and R. Von-solms, The Wild Wide West of Social Networking Sites. South African Information Security Multi-Conference, Proceedings of the 7 th World Conference on Information Security Education 9-10, pp.74-88, 2010.

S. Garera, N. Provos, M. Chew, and A. D. Rubin, A framework for detection and measurement of phishing attacks, Proceedings of the 2007 ACM workshop on Recurring malcode, WORM '07, pp.1-8, 2007.
DOI : 10.1145/1314389.1314391

A. Herzberg, A. Jbara, and G. Hinson, Security and identification indicators for browsers against spoofing and phishing attacks, ACM Transactions on Internet Technology, vol.8, issue.4, pp.1-36, 2003.
DOI : 10.1145/1391949.1391950

M. Jakobsson, The Human Factor in Phishing. Privacy & Security of Consumer Information, p.7

S. Kraemer, P. Carayon, and J. Clem, Human and organizational factors in computer and information security: Pathways to vulnerabilities, Computers & Security, vol.28, issue.7, pp.509-520, 2009.
DOI : 10.1016/j.cose.2009.04.006

P. Kumaraguru, S. Sheng, A. Acquisti, L. F. Cranor, and J. Hong, Teaching Johnny not to fall for phish, ACM Transactions on Internet Technology, vol.10, issue.2, pp.1-31, 2010.
DOI : 10.1145/1754393.1754396
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.206.5718

N. Leavitt, Instant messaging: a new target for hackers, Computer, vol.38, issue.7, pp.20-33, 2005.
DOI : 10.1109/MC.2005.234

K. D. Mitnick, W. L. Simon, and S. Wozniack, The Art of Deception: Controlling the Human Element of Security, 2002.

C. Ohaya, Managing phishing threats in an organization, Proceedings of the 3rd annual conference on Information security curriculum development , InfoSecCD '06, pp.159-161, 2006.
DOI : 10.1145/1231047.1231083

G. Ollman, The Phishing Guide (white paper), http://www.ngssoftware.com, 2008.

G. L. Orgill, G. W. Romney, M. G. Bailey, and P. M. Orgill, The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems, Proceedings of the 5th conference on Information technology education , CITC5 '04, pp.177-181, 2004.
DOI : 10.1145/1029533.1029577

D. Patel and X. Luo, Take a close look at phishing, Proceedings of the 4th annual conference on Information security curriculum development, InfoSecCD '07, pp.1-4, 2007.
DOI : 10.1145/1409908.1409943

T. Raffetseder, E. Kirda, and C. Kruegel, Building Anti-Phishing Browser Plug-Ins: An Experience Report, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007), 2007.
DOI : 10.1109/SESS.2007.6
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.149.3249

S. A. Robila and J. W. Ragucci, Don't be a phish: steps in user education In: 11th annual SIGCSE conference on Innovation and technology in computer science education, pp.237-241, 2006.

S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti, L. F. Cranor et al., Anti-Phishing Phil, Proceedings of the 3rd symposium on Usable privacy and security, SOUPS '07, pp.88-99, 2007.
DOI : 10.1145/1280680.1280692

. Sophos, Phishing and the threat to corporate networks (white paper), 2005.

K. Thomson, R. Von-solms, and L. Louw, Cultivating an organizational information security culture, Computer Fraud & Security, vol.2006, issue.10, 2006.
DOI : 10.1016/S1361-3723(06)70430-4

S. H. Von-solms and R. Von-solms, Information Security Governance, 2009.
DOI : 10.1007/978-0-387-79984-1

R. Werlinger, K. Hawkey, and K. Beznosov, Human, Organizational and Technological Challenges of Implementing IT Security in Organizations In: Human Aspects of Information Security and Assurance, Proceedings of the 7 th World Conference on Information Security Education 9-10, pp.35-48, 2008.

M. Wu, R. C. Miller, and S. L. Garfinkel, Do security toolbars actually prevent phishing attacks?, Proceedings of the SIGCHI conference on Human Factors in computing systems , CHI '06, pp.601-610, 2006.
DOI : 10.1145/1124772.1124863
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.136.7624

Y. Zhang, J. I. Hong, and L. F. Cranor, Cantina, Proceedings of the 16th international conference on World Wide Web , WWW '07, pp.639-648
DOI : 10.1145/1242572.1242659