Cynthia Dhinakaran,Dhinaharan Nagamalai,Jae Kwang Lee

DOI: https://doi.org/10.48550/arXiv.1108.1593

2011-08-08

Abstract:Spam messes up users inbox, consumes resources and spread attacks like DDoS, MiM, phishing etc. Phishing is a byproduct of email and causes financial loss to users and loss of reputation to financial institutions. In this paper we examine the characteristics of phishing and technology used by Phishers. In order to counter anti-phishing technology, phishers change their mode of operation; therefore a continuous evaluation of phishing only helps us combat phisher effectiveness. In our study, we collected seven hundred thousand spam from a corporate server for a period of 13 months from February 2008 to February 2009. From the collected data, we identified different kinds of phishing scams and mode of operation. Our observation shows that phishers are dynamic and depend more on social engineering techniques rather than software vulnerabilities. We believe that this study will develop more efficient anti-phishing methodologies. Based on our analysis, we developed an anti-phishing methodology and implemented in our network. The results show that this approach is highly effective to prevent phishing attacks. The proposed approach reduced more than 80% of the false negatives and more than 95% of phishing attacks in our network.

Cryptography and Security

Sanjeev Shukla,Manoj Misra,Gaurav Varshney

DOI: https://doi.org/10.1007/s10207-024-00871-7

2024-06-15

International Journal of Information Security

Abstract:Email bombing, a growingly prevalent and destructive cyber attack, involves inundating a target's email inbox with subscription confirmation messages from legitimate services. This type of attack, particularly challenging for conventional spam filters, is not easily detected as the emails often appear benign. In our research, we introduce an innovative real-time technique to identify and mitigate email bombing. Our method leverages a unique time gap threshold for attack detection, proving effective across various bombing types, including mass mailing and subscription bombing. Upon detecting an attack, we utilize a novel mechanism of nine features extracted from email headers to build a machine learning model. This model distinguishes between genuine and bombing emails with approximately 97% accuracy. Our study not only explores email bombing attacks but also offers a comprehensive solution, combining attack detection and a machine learning-based approach to accurately classify emails, thereby effectively mitigating such cyber threats.

computer science, information systems, theory & methods, software engineering

B. Issac,R. Chiong,S.M. Jacob

DOI: https://doi.org/10.48550/arXiv.1410.4672

2014-10-17

Abstract:One of the biggest problems with the Internet technology is the unwanted spam emails. The well disguised phishing email comes in as part of the spam and makes its entry into the inbox quite frequently nowadays. While phishing is normally considered a consumer issue, the fraudulent tactics the phishers use are now intimidating the corporate sector as well. In this paper, we analyze the various aspects of phishing attacks and draw on some possible defenses as countermeasures. We initially address the different forms of phishing attacks in theory, and then look at some examples of attacks in practice, along with their common defenses. We also highlight some recent statistical data on phishing scam to project the seriousness of the problem. Finally, some specific phishing countermeasures at both the user level and the organization level are listed, and a multi-layered anti-phishing proposal is presented to round up our studies.

Cryptography and Security

Dhinaharan Nagamalai,Cynthia Dhinakaran,Jae-Kwang Lee

DOI: https://doi.org/10.48550/arXiv.1012.0610

2010-12-03

Cryptography and Security

Abstract:Corporate mail services are designed to perform better than public mail services. Fast mail delivery, large size file transfer as an attachments, high level spam and virus protection, commercial advertisement free environment are some of the advantages worth to mention. But these mail services are frequent target of hackers and spammers. Distributed Denial of service attacks are becoming more common and sophisticated. The researchers have proposed various solutions to the DDOS attacks. Can we stop these kinds of attacks with available technology? These days the DDoS attack through spam has increased and disturbed the mail services of various organizations. Spam penetrates through all the filters to establish DDoS attacks, which causes serious problems to users and the data. In this paper we propose a novel approach to defend DDoS attack caused by spam mails. This approach is a combination of fine tuning of source filters, content filters, strictly implementing mail policies,educating user, network monitoring and logical solutions to the ongoing attack. We have conducted several experiments in corporate mail services; the results show that this approach is highly effective to prevent DDoS attack caused by spam. The novel defense mechanism reduced 60% of the incoming spam traffic and repelled many DDoS attacks caused by spam.

O. B. Longe,V. Mbarika,M. Kourouma,F. Wada,R. Isabalija

DOI: https://doi.org/10.48550/arXiv.1001.1993

2010-01-13

Abstract:The malaise of electronic spam mail that solicit illicit partnership using bogus business proposals (popularly called 419 mails) remained unabated on the internet despite concerted efforts. In addition to these are the emergence and prevalence of phishing scams that use social engineering tactics to obtain online access codes such as credit card number, ATM pin numbers, bank account details, social security number and other personal information (22). In an age where dependence on electronic transaction is on the increase, the web security community will have to devise more pragmatic measures to make the cyberspace safe from these demeaning ills. Understanding the perpetrators of internet crimes and their mode of operation is a basis for any meaningful effort towards stemming these crimes. This paper discusses the nature of the criminals engaged in fraudulent cyberspace activities with special emphasis on the Nigeria 419 scam mails. Based on a qualitative analysis and experiments to trace the source of electronic spam and phishing emails received over a six months period, we provide information about the scammers personalities, motivation, methodologies and victims. We posited that popular email clients are deficient in the provision of effective mechanisms that can aid users in identifying fraud mails and protect them against phishing attacks. We demonstrate, using state of the art techniques, how users can detect and avoid fraudulent emails and conclude by making appropriate recommendations based on our findings.

Cryptography and Security

M. Chathar Singh,P. Sumanth,S. Bala Sathyanarayana,G. Rithika

DOI: https://doi.org/10.53730/ijhs.v6ns3.7944

2022-05-26

International Journal of Health Sciences

Abstract:E-mail is one of the most widely recognised channels of communication, whether for personal or corporate purposes. The worst part about spam emails is that they intrude on user’s privacy without their consent, and the constant bombardment of spam mails fills up the user's entire email space. Additionally, the issue of wasting network capacity and time checking and deleting spam mails makes it an even more concerning issue. Although confrontation tactics are constantly being upgraded, the results of those methods are now unsatisfactory. Furthermore, phishing emails have been on the rise in recent years. To combat the issue of phishing emails, more effective phishing detection technology is required. We intend to create a phishing email detection tool that analyses the email structure first, using an upgraded Convolutional Neural Networks model with multilayer vectors and Long Short-Term Neural Network (LSTM) to model emails at the email header, character level, email content, and word level all at the same time. To assess the efficacy, we'll use an unbalanced dataset with actual phishing and genuine email ratios. The total accuracy of the experiment achieves a high percentage.

P-Y. Cousin,V. Bernard,A. Lefaillet,M. Mugaruka,C. Raibaud

DOI: https://doi.org/10.5121/csit.2017.70610

2017-06-21

Abstract:With the generalization of mobile communication systems, solicitations of all kinds in the form of messages and emails are received by users with increasing proportion of malicious ones. They are customized to pass anti-spam filters and ask the person to click or to open the joined dangerous attachment. Current filters are very inefficient against spear phishing emails. It is proposed to improve the existing filters by taking advantage of user own analysis and feedback to detect all kinds of phishing emails. The method rests upon an interface displaying different warnings to receivers. Analysis shows that users trust their first impression and are often lead to ignore warnings flagged by proposed new interactive system.

Cryptography and Security

Sibi Chakkaravarthy Sethuraman,Devi Priya V S,Tarun Reddi,Mulka Sai Tharun Reddy,Muhammad Khurram Khan

DOI: https://doi.org/10.1016/j.cose.2023.103600

IF: 5.105

2024-02-01

Computers & Security

Abstract:Attackers are becoming more skilled in recent years, using sophisticated technology to produce look-alike emails that make it difficult to distinguish between real and fake ones. Most false emails can be detected, but certain undiscovered ones can be dangerous and compromise security. The attacker compromises SMTP to launch an email spoofing attack. This is not difficult given that it was designed without any security safeguards. Spoofers typically exploit the various fields in email headers. By taking advantage of loopholes in email security systems, attackers can create an ideal spoofing mail. As a result, it appears as a reliable source and succeeds in phishing attempts. An in-depth analysis of the email process, its protocols, and authentication mechanisms along with the security measures and adoption rates that led to a variety of spoofing attacks has been examined in our work. Our experiments on renowned mail service suppliers observed that some of them are still vulnerable to associated flaws. Further, we analyzed how different aspects such as age and education, determine whether or not a message is spoofed, and how malware uses email as a command and control to compromise the victim's device and seize control of it. Further, it offers a multitude of mitigation strategies against spoofing attempts that aid aspirants in future research.

computer science, information systems

M. Tariq Banday,Jameel A. Qadri,Tariq. R. Jan,Nisar. A. Shah

DOI: https://doi.org/10.48550/arXiv.1112.5608

2011-12-24

Abstract:Fraud and terrorism have a close connect in terms of the processes that enables and promote them. In the era of Internet, its various services that include Web, e-mail, social networks, blogs, instant messaging, chats, etc. are used in terrorism not only for communication but also for i) creation of ideology, ii) resource gathering, iii) recruitment, indoctrination and training, iv) creation of terror network, and v) information gathering. A major challenge for law enforcement and intelligence agencies is efficient and accurate gathering of relevant and growing volume of crime data. This paper reports on use of established Naïve Bayesian filter for classification of threat e-mails. Efficiency in filtering threat e-mail by use of three different Naïve Bayesian filter approaches i.e. single keywords, weighted multiple keywords and weighted multiple keywords with keyword context matching are evaluated on a threat e-mail corpus created by extracting data from sources that are very close to terrorism.

Cryptography and Security

Dhinaharan Nagamalai,Cynthia Dhinakaran,Jae Kwang Lee

DOI: https://doi.org/10.48550/arXiv.1010.1583

2010-10-08

Cryptography and Security

Abstract:Corporate mail services are designed to perform better than public mail services. Fast mail delivery, large size file transfer as an attachments, high level spam and virus protection, commercial advertisement free environment are some of the advantages worth to mention. But these mail services are frequent target of hackers and spammers. Distributed Denial of service attacks are becoming more common and sophisticated. The researchers have proposed various solutions to the DDOS attacks. Can we stop these kinds of attacks with available technology? These days the DDoS attack through spam has increased and disturbed the mail services of various organizations. Spam penetrates through all the filters to establish DDoS attacks, which causes serious problems to users and the data. In this paper we propose a multilayer approach to defend DDoS attack caused by spam mails. This approach is a combination of fine tuning of source filters, content filters, strictly implementing mail policies, educating user, network monitoring and logical solutions to the ongoing attack. We have conducted several experiments in corporate mail services; the results show that this approach is highly effective to prevent DDoS attack caused by spam. The defense mechanism reduced 60% of the incoming spam traffic and repelled many DDoS attacks caused by spam

K. Kannoorpatti,M. Alazab,Bharanidharan Shanmugam,Asif Karim,S. Azam

DOI: https://doi.org/10.1109/ACCESS.2019.2954791

IF: 3.9

2019-11-20

IEEE Access

Abstract:The tremendously growing problem of phishing e-mail, also known as spam including spear phishing or spam borne malware, has demanded a need for reliable intelligent anti-spam e-mail filters. This survey paper describes a focused literature survey of Artificial Intelligence (AI) and Machine Learning (ML) methods for intelligent spam email detection, which we believe can help in developing appropriate countermeasures. In this paper, we considered 4 parts in the email’s structure that can be used for intelligent analysis: (A) Headers Provide Routing Information, contain mail transfer agents (MTA) that provide information like email and IP address of each sender and recipient of where the email originated and what stopovers, and final destination. (B) The SMTP Envelope, containing mail exchangers’ identification, originating source and destination domains\users. (C) First part of SMTP Data, containing information like from, to, date, subject – appearing in most email clients (D) Second part of SMTP Data, containing email body including text content, and attachment. Based on the number the relevance of an emerging intelligent method, papers representing each method were identified, read, and summarized. Insightful findings, challenges and research problems are disclosed in this paper. This comprehensive survey paves the way for future research endeavors addressing theoretical and empirical aspects related to intelligent spam email detection.

Computer Science

Umer Ahmed Butt,Rashid Amin,Hamza Aldabbas,Senthilkumar Mohan,Bader Alouffi,Ali Ahmadian

DOI: https://doi.org/10.1007/s40747-022-00760-3

IF: 6.7

2022-06-02

Complex & Intelligent Systems

Abstract:Abstract Cloud computing refers to the on-demand availability of personal computer system assets, specifically data storage and processing power, without the client's input. Emails are commonly used to send and receive data for individuals or groups. Financial data, credit reports, and other sensitive data are often sent via the Internet. Phishing is a fraudster's technique used to get sensitive data from users by seeming to come from trusted sources. The sender can persuade you to give secret data by misdirecting in a phished email. The main problem is email phishing attacks while sending and receiving the email. The attacker sends spam data using email and receives your data when you open and read the email. In recent years, it has been a big problem for everyone. This paper uses different legitimate and phishing data sizes, detects new emails, and uses different features and algorithms for classification. A modified dataset is created after measuring the existing approaches. We created a feature extracted comma-separated values (CSV) file and label file, applied the support vector machine (SVM), Naive Bayes (NB), and long short-term memory (LSTM) algorithm. This experimentation considers the recognition of a phished email as a classification issue. According to the comparison and implementation, SVM, NB and LSTM performance is better and more accurate to detect email phishing attacks. The classification of email attacks using SVM, NB, and LSTM classifiers achieve the highest accuracy of 99.62%, 97% and 98%, respectively.

computer science, artificial intelligence

B. B. Gupta,Nalin Asanka Gamagedara Arachchilage,Konstantinos E. Psannis

DOI: https://doi.org/10.48550/arXiv.1705.09819

2017-05-27

Abstract:Internet technology is so pervasive today, for example, from online social networking to online banking, it has made people's lives more comfortable. Due the growth of Internet technology, security threats to systems and networks are relentlessly inventive. One such a serious threat is "phishing", in which, attackers attempt to steal the user's credentials using fake emails or websites or both. It is true that both industry and academia are working hard to develop solutions to combat against phishing threats. It is therefore very important that organisations to pay attention to end-user awareness in phishing threat prevention. Therefore, the aim of our paper is twofold. First, we will discuss the history of phishing attacks and the attackers' motivation in details. Then, we will provide taxonomy of various types of phishing attacks. Second, we will provide taxonomy of various solutions proposed in literature to protect users from phishing based on the attacks identified in our taxonomy. Moreover, we have also discussed impact of phishing attacks in Internet of Things (IoTs). We conclude our paper discussing various issues and challenges that still exist in the literature, which are important to fight against with phishing threats.

Cryptography and Security

Fatima Salahdine,Zakaria El Mrabet,Naima Kaabouch

DOI: https://doi.org/10.1109/UEMCON53757.2021.9666627

2022-01-26

Abstract:Phishing attacks are one of the most common social engineering attacks targeting users emails to fraudulently steal confidential and sensitive information. They can be used as a part of more massive attacks launched to gain a foothold in corporate or government networks. Over the last decade, a number of anti-phishing techniques have been proposed to detect and mitigate these attacks. However, they are still inefficient and inaccurate. Thus, there is a great need for efficient and accurate detection techniques to cope with these attacks. In this paper, we proposed a phishing attack detection technique based on machine learning. We collected and analyzed more than 4000 phishing emails targeting the email service of the University of North Dakota. We modeled these attacks by selecting 10 relevant features and building a large dataset. This dataset was used to train, validate, and test the machine learning algorithms. For performance evaluation, four metrics have been used, namely probability of detection, probability of miss-detection, probability of false alarm, and accuracy. The experimental results show that better detection can be achieved using an artificial neural network.

Cryptography and Security,Machine Learning

Tejveer Singh,Manoj Kumar,Santosh Kumar

DOI: https://doi.org/10.1016/j.compeleceng.2024.109374

IF: 4.152

2024-06-20

Computers & Electrical Engineering

Abstract:Phishing has emerged as a significant cyber threat, resulting in huge financial frauds for internet users annually. This malicious activity uses social engineering and upgraded methodologies (like file archiver in the browser, content injection, calendar phishing, more convincing fake websites or emails, voice manipulation, or other tools designed to deceive and exploit the target's confidence) to extract sensitive information from unsuspected victims. In order to mitigate these attacks, several methods and tools have been devised; various detection techniques and block phishing websites, and browser extensions that notify users about suspicious websites. Our work elaborates on meticulous analysis of the detection of phishing attacks by classifying them into four broader categories based on the adopted methodologies like List-Based Detection, Heuristic-Based Detection, machine learning (ML)-based, and deep learning (DL)-based. Additionally, it summarizes the popular devised schemes, highlighting their advantages and limitations, and how these are suitable for the different types of deployments.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Sachin Shukla,Omid Mirzaei

DOI: https://doi.org/10.1145/3658644.3691381

2024-09-04

Abstract:In the pursuit of an effective spam detection system, the focus has often been on identifying known spam patterns either through rule-based detection systems or machine learning (ML) solutions that rely on keywords. However, both systems are susceptible to evasion techniques and zero-day attacks that can be achieved at low cost. Therefore, an email that bypassed the defense system once can do it again in the following days, even though rules are updated or the ML models are retrained. The recurrence of failures to detect emails that exhibit layout similarities to previously undetected spam is concerning for customers and can erode their trust in a company. Our observations show that threat actors reuse email kits extensively and can bypass detection with little effort, for example, by making changes to the content of emails. In this work, we propose an email visual similarity detection approach, named Pisco, to improve the detection capabilities of an email threat defense system. We apply our proof of concept to some real-world samples received from different sources. Our results show that email kits are being reused extensively and visually similar emails are sent to our customers at various time intervals. Therefore, this method could be very helpful in situations where detection engines that rely on textual features and keywords are bypassed, an occurrence our observations show happens frequently.

Cryptography and Security,Artificial Intelligence,Machine Learning

Said Salloum,Tarek Gaber,Sunil Vadera,Khaled Shaalan

DOI: https://doi.org/10.1016/j.procs.2021.05.077

2021-01-01

Procedia Computer Science

Abstract:Phishing is the most prevalent method of cybercrime that convinces people to provide sensitive information; for instance, account IDs, passwords, and bank details. Emails, instant messages, and phone calls are widely used to launch such cyber-attacks. Despite constant updating of the methods of avoiding such cyber-attacks, the ultimate outcome is currently inadequate. On the other hand, phishing emails have increased exponentially in recent years, which suggests a need for more effective and advanced methods to counter them. Numerous methods have been established to filter phishing emails, but the problem still needs a complete solution. To the best of our knowledge, this is the first survey that focuses on using Natural Language Processing (NLP) and Machine Learning (ML) techniques to detect phishing emails. This study provides an analysis of the numerous state-of-the-art NLP strategies currently in use to identify phishing emails at various stages of the attack, with an emphasis on ML strategies. These approaches are subjected to a comparative assessment and analysis. This gives a sense of the problem, its immediate solution space, and the expected future research directions.

Peace Nmachi Wosah

DOI: https://doi.org/10.5121/ijnsa.2023.15602

2023-12-07

Abstract:Emails are used every day for communication, and many countries and organisations mostly use email for official communications. It is highly valued and recognised for confidential conversations and transactions in day-to-day business. The Often use of this channel and the quality of information it carries attracted cyber attackers to it. There are many existing techniques to mitigate attacks on email, however, the systems are more focused on email content and behaviour and not securing entrances to email boxes, composition, and settings. This work intends to protect users' email composition and settings to prevent attackers from using an account when it gets hacked or hijacked and stop them from setting forwarding on the victim's email account to a different account which automatically stops the user from receiving emails. A secure code is applied to the composition send button to curtail insider impersonation attack. Also, to secure open applications on public and private devices.

Cryptography and Security

Safaa S I Ismail,Romany F Mansour,Rasha M Abd El-Aziz,Ahmed I Taloba

DOI: https://doi.org/10.1155/2022/7710005

2022-03-24

Abstract:In this modern era, each and everything is computerized, and everyone has their own smart gadgets to communicate with others around the globe without any range limitations. Most of the communication pathways belong to smart applications, call options in smartphones, and other multiple ways, but e-mail communication is considered the main professional communication pathway, which allows business people as well as commercial and noncommercial organizations to communicate with one another or globally share some important official documents and reports. This global pathway attracts many attackers and intruders to do a scam with such innovations; in particular, the intruders generate false messages with some attractive contents and post them as e-mails to global users. This kind of unnecessary and not needed advertisement or threatening mails is considered as spam mails, which usually contain advertisements, promotions of a concern or institution, and so on. These mails are also considered or called junk mails, which will be reflected as the same category. In general, e-mails are the usual way of message delivery for business oriented as well as any official needs, but in some cases there is a necessity of transferring some voice instructions or messages to the destination via the same e-mail pathway. These kinds of voice-oriented e-mail accessing are called voice mails. The voice mail is generally composed to deliver the speech aspect instructions or information to the receiver to do some particular tasks or convey some important messages to the receiver. A voice-mail-enabled system allows users to communicate with one another based on speech input which the sender can communicate to the receiver via voice conversations, which is used to deliver voice information to the recipient. These kinds of mails are usually generated using personal computers or laptops and exchanged via general e-mail pathway, or separate paid and nonpaid mail gateways are available to deal with certain mail transactions. The above-mentioned e-mail spam is considered in many past researches and attains some solutions, but in case of voice-based e-mail aspect, there will be no options to manage such kind of security parameters. In this paper, a hybrid data processing mechanism is handled with respect to both text-enabled and voice-enabled e-mails, which is called Genetic Decision Tree Processing with Natural Language Processing (GDTPNLP). This proposed approach provides a way of identifying the e-mail spam in both textual e-mails and speech-enabled e-mails. The proposed approach of GDTPNLP provides higher spam detection rate in terms of text extraction speed, performance, cost efficiency, and accuracy. These all will be explained in detail with graphical output views in the Results and Discussion.

Asiema Mwavali

DOI: https://doi.org/10.47604/ijts.2781

2024-07-15

International Journal of Technology and Systems

Abstract:Purpose: Phishing is a significant cybercrime threat that affects individuals and organizations globally, including the banking industry in Kenya. The sophistication of phishing attacks continues to increase, and it is increasingly challenging traditional security measures to mitigate these threats. The purpose of this thesis is to build a framework for mitigating phishing e-mail attacks in the banking industry in Kenya using artificial intelligence. Phishing emails are among the most common techniques of cyber-attacks utilized by assailants to gain unauthorized access to sensitive information such as financial details, personal information, and login credentials. These attacks can have devastating effects on the victims, leading to financial loss, reputation damage, and even identity theft. Methodology: The framework development consists of four main stages: data collection, data preprocessing, model training, and deployment. In the data collection stage, a dataset of phishing and non-phishing emails is gathered from various sources such as public databases, dark web forums, and bank employees mail. In the data preprocessing stage, the collected data is cleaned, preprocessed, and labeled. In the model training stage, machine learning algorithms and NLP techniques is used to develop a robust phishing and non-phishing emails detection model. In the deployment stage, the model is integrated into the bank's email system to detect and block phishing emails in real-time. The framework is then evaluated using a dataset of phishing and non-phishing e-mails collected from the banking industry in Kenya. Various metrics such as accuracy, precision, recall, and F1-score are used to evaluate the framework. The framework is able to detect new phishing e-mails that were not previously included in the dataset, demonstrating its ability to adapt to new threats. Findings: The framework is based on a hybrid approach that combines machine learning algorithms, natural language processing (NLP) techniques, and human expertise that identify and prevent phishing emails from reaching their targets. The four main components of this framework include e-mail filtering, feature extraction, classification, and response. The e-mail filtering component uses several algorithms to identify and filter suspicious e-mails. The feature extraction component analyzes the content of the e-mail and extracts relevant features to help classify the e-mail as either legitimate or phishing. The classification component uses machine-learning algorithms to classify the e-mail as either legitimate or phishing. Finally, the response component takes appropriate action based on the classification results. Unique Contribution to Theory, Practice and Policy: The framework provides an effective way to identify and mitigate phishing e-mail attacks, reducing the risk of data breaches and financial losses.