Bowen He,Yuan Chen,Zhuo Chen,Xiaohui Hu,Yufeng Hu,Lei Wu,Rui Chang,Haoyu Wang,Yajin Zhou

DOI: https://doi.org/10.1145/3576915.3623210

2023-01-01

Abstract:The prosperity of Ethereum attracts many users to send transactions and trade crypto assets. However, this has also given rise to a new form of transaction-based phishing scam, named TXPHISH. Specifically, tempted by high profits, users are tricked into visiting fake websites and signing transactions that enable scammers to steal their crypto assets. The past year has witnessed 11 large-scale TXPHISH incidents causing a total loss of more than $70 million. In this paper, we conduct the first empirical study of TXPHISH on Ethereum, encompassing the process of a TXPHISH campaign and details of phishing transactions. To detect TXPHISH websites and extract phishing accounts automatically, we present TxPhishScope, which dynamically visits the suspicious websites, triggers transactions, and simulates results. Between November 25, 2022, and July 31, 2023, we successfully detected and reported 26,333 TXPHISH websites and 3,486 phishing accounts. Among all of documented TXPHISH websites, 78.9% of them were first reported by us, making TxPhishScope the largest TXPHISH website detection system. Moreover, we provided criminal evidence of four phishing accounts and their fund flow totaling $1.5 million to aid in the recovery of funds for the victims. In addition, we identified bugs in six Ethereum projects and received appreciation. Based on the detection results, we perform a comprehensive study of TXPHISH websites and phishing accounts. Our study reveals that TXPHISH websites have a short lifespan, low cost, and fast update frequency. Besides, Our analysis of phishing fund flow demonstrates that 54.0% of phishing funds ($43.7 million) flowed into centralized exchanges, where the identity of owners could be traced. Our research can serve as a valuable reference for Ethereum service providers to safeguard their users against TXPHISH and assist in the recovery of victims' crypto assets.

Xi Chen,Indranil Bose,Alvin Leung,Chenhui Guo

2009-01-01

Abstract:We assess the severity of phishing attacks in terms of their risk levels and the potential loss in market value to the firms. We analyze 1,030 phishing alerts released on a public database as well as financial data related to the targeted firms using a hybrid text and data mining method that predicts the severity of the attack with high accuracy. Our research identifies the important textual and financial variables that impact the severity of the attacks and determine that different antecedents influence risk level and potential financial loss associated with phishing attacks.

Anupama Aggarwal,Ashwin Rajadesingan,Ponnurangam Kumaraguru

DOI: https://doi.org/10.48550/arXiv.1301.6899

2013-01-29

Abstract:With the advent of online social media, phishers have started using social networks like Twitter, Facebook, and Foursquare to spread phishing scams. Twitter is an immensely popular micro-blogging network where people post short messages of 140 characters called tweets. It has over 100 million active users who post about 200 million tweets everyday. Phishers have started using Twitter as a medium to spread phishing because of this vast information dissemination. Further, it is difficult to detect phishing on Twitter unlike emails because of the quick spread of phishing links in the network, short size of the content, and use of URL obfuscation to shorten the URL. Our technique, PhishAri, detects phishing on Twitter in realtime. We use Twitter specific features along with URL features to detect whether a tweet posted with a URL is phishing or not. Some of the Twitter specific features we use are tweet content and its characteristics like length, hashtags, and mentions. Other Twitter features used are the characteristics of the Twitter user posting the tweet such as age of the account, number of tweets, and the follower-followee ratio. These Twitter specific features coupled with URL based features prove to be a strong mechanism to detect phishing tweets. We use machine learning classification techniques and detect phishing tweets with an accuracy of 92.52%. We have deployed our system for end-users by providing an easy to use Chrome browser extension which works in realtime and classifies a tweet as phishing or safe. We show that we are able to detect phishing tweets at zero hour with high accuracy which is much faster than public blacklists and as well as Twitter's own defense mechanism to detect malicious content. To the best of our knowledge, this is the first realtime, comprehensive and usable system to detect phishing on Twitter.

Social and Information Networks,Physics and Society

Yun Lin,Ruofan Liu,Dinil Mon Divakaran,Jun Yang Ng,Qing Zhou Chan,Yiwen Lu,Yuxuan Si,Fan Zhang,Jin Song Dong

2021-01-01

Abstract:Recent years have seen the development of phishing detection and identification approaches to defend against phishing attacks. Phishing detection solutions often report binary results, i.e., phishing or not, without any explanation. In contrast, phishing identification approaches identify phishing webpages by visually comparing webpages with predefined legitimate references and report phishing along with its target brand, thereby having explainable results. However, there are technical challenges in visual analyses that limit existing solutions from being effective (with high accuracy) and efficient (with low runtime overhead), to be put to practical use. In this work, we design a hybrid deep learning system, Phishpedia, to address two prominent technical challenges in phishing identification, i.e., (i) accurate recognition of identity logos on webpage screenshots, and (ii) matching logo variants of the same brand. Phishpedia achieves both high accuracy and low runtime overhead. And very importantly, different from common approaches, Phishpedia does not require training on any phishing samples. We carry out extensive experiments using real phishing data; the results demonstrate that Phishpedia significantly outperforms baseline identification approaches (EMD, PhishZoo, and LogoSENSE) in accurately and efficiently identifying phishing pages. We also deployed Phishpedia with CertStream service and discovered 1,704 new real phishing websites within 30 days, significantly more than other solutions; moreover, 1,133 of them are not reported by any engines in VirusTotal.

Anargyros Chrysanthou,Yorgos Pantis,Constantinos Patsakis

DOI: https://doi.org/10.1016/j.cose.2024.103780

IF: 5.105

2024-02-25

Computers & Security

Abstract:In an era dominated by digital interactions, phishing campaigns have evolved to exploit not just technological vulnerabilities but also human traits. This study takes an unprecedented deep dive into large-scale phishing campaigns aimed at Meta's users, offering a dual perspective on the technical mechanics and human elements involved. Analysing data from over 25,000 victims worldwide, we highlight the nuances of these campaigns, from the intricate techniques deployed by the attackers to the sentiments and behaviours of those targeted. Unlike prior research conducted in controlled environments, this investigation capitalises on the vast, diverse, and genuine data extracted directly from active phishing campaigns, allowing for a more holistic understanding of the drivers, facilitators, and human factors. Through applying advanced computational techniques, including natural language processing and machine learning, this work unveils critical insights into the psyche of victims and the evolving tactics of modern phishers. Our analysis illustrates very poor password selection choices from the victims, with 30.27% of them picking low-complexity passwords and 58.23% reusing leaked passwords. Additionally, more than 10% exhibit strong persistence in re-victimisation by posting again to the phishing platforms of the same phishers. Finally, we reveal many correlations regarding demographics and the time periods when victims are more vulnerable during the day, as well as analyse the sentiment, emotion, and tone of text responses that they submitted, illustrating how convinced they were of the scam.

computer science, information systems

Weibo Chu,Bin B. Zhu,Feng Xue,Xiaohong Guan,Zhongmin Cai

DOI: https://doi.org/10.1109/ICC.2013.6654816

2013-01-01

Abstract:Phishing is the third cyber-security threat globally and the first cyber-security threat in China. There were 61.69 million phishing victims in China alone from June 2011 to June 2012, with the total annual monetary loss more than 4.64 billion US dollars. These phishing attacks were highly concentrated in targeting at a few major Websites. Many phishing Webpages had a very short life span. In this paper, we assume the Websites to protect against phishing attacks are known, and study the effectiveness of machine learning based phishing detection using only lexical and domain features, which are available even when the phishing Webpages are inaccessible. We propose several novel highly effective features, and use the real phishing attack data against Taobao and Tencent, two main phishing targets in China, in studying the effectiveness of each feature, and each group of features. We then select an optimal set of features in our phishing detector, which has achieved a detection rate better than 98%, with a false positive rate of 0.64% or less. The detector is still effective when the distribution of phishing URLs changes.

Fiona Carroll,John Ayooluwa Adejobi,Reza Montasari

DOI: https://doi.org/10.1007/s42979-022-01069-1

Abstract:Phishing attacks are on the increase. The fact that our ways of living, studying and working have drastically changed as a result of the COVID pandemic (i.e., almost everything being done online) has created many new cyber security concerns. In particular, with the move to remote working, the number of phishing emails threatening employees has increased. The 2020 Phishing Attack Landscape Report (Greathorn: 2020 Phishing attack landscape. https://info.greathorn.com/report-2020-phishing-attack-landscape/, 2020) highlights a sharp increase in the frequency of attempted phishing attacks. In this paper, we are interested in how the phishing email attack has evolved to this very threatening state. In detail, we explore the current phishing attack characteristics especially the growing challenges that have emerged as a result of the COVID-19 pandemic. The paper documents a study that presented test participants with five different categories of emails (including phishing and non phishing) . The findings from the study show that participants, generally, found it difficult to detect modern phishing email attacks. Saying that, participants were alert to the spelling mistakes of the older phishing email attacks, sensitive information being requested from them and any slight change to what they were normally used to from an email. Moreover, we have found that people were not confident, worried and often dissatisfied with the current technologies available to protect them against phishing emails. In terms of trust, these feelings alerted us to the increasing severity of the phishing attack situation and just how vulnerable society has become/ still is.

Daniele Lain,Kari Kostiainen,Srdjan Capkun

DOI: https://doi.org/10.48550/arXiv.2112.07498

2021-12-14

Cryptography and Security

Abstract:In this paper, we present findings from a large-scale and long-term phishing experiment that we conducted in collaboration with a partner company. Our experiment ran for 15 months during which time more than 14,000 study participants (employees of the company) received different simulated phishing emails in their normal working context. We also deployed a reporting button to the company's email client which allowed the participants to report suspicious emails they received. We measured click rates for phishing emails, dangerous actions such as submitting credentials, and reported suspicious emails. The results of our experiment provide three types of contributions. First, some of our findings support previous literature with improved ecological validity. One example of such results is good effectiveness of warnings on emails. Second, some of our results contradict prior literature and common industry practices. Surprisingly, we find that embedded training during simulated phishing exercises, as commonly deployed in the industry today, does not make employees more resilient to phishing, but instead it can have unexpected side effects that can make employees even more susceptible to phishing. And third, we report new findings. In particular, we are the first to demonstrate that using the employees as a collective phishing detection mechanism is practical in large organizations. Our results show that such crowd-sourcing allows fast detection of new phishing campaigns, the operational load for the organization is acceptable, and the employees remain active over long periods of time.

Avisha Das,Shahryar Baki,Ayman El Aassal,Rakesh Verma,Arthur Dunbar

DOI: https://doi.org/10.48550/arXiv.1911.00953

2019-11-04

Abstract:Phishing and spear-phishing are typical examples of masquerade attacks since trust is built up through impersonation for the attack to succeed. Given the prevalence of these attacks, considerable research has been conducted on these problems along multiple dimensions. We reexamine the existing research on phishing and spear-phishing from the perspective of the unique needs of the security domain, which we call security challenges: real-time detection, active attacker, dataset quality and base-rate fallacy. We explain these challenges and then survey the existing phishing/spear phishing solutions in their light. This viewpoint consolidates the literature and illuminates several opportunities for improving existing solutions. We organize the existing literature based on detection techniques for different attack vectors (e.g., URLs, websites, emails) along with studies on user awareness. For detection techniques, we examine properties of the dataset, feature extraction, detection algorithms used, and performance evaluation metrics. This work can help guide the development of more effective defenses for phishing, spear-phishing, and email masquerade attacks of the future, as well as provide a framework for a thorough evaluation and comparison.

Cryptography and Security

Daniel Timko,Daniel Hernandez Castillo,Muhammad Lutfor Rahman

2024-05-30

Abstract:With the booming popularity of smartphones, threats related to these devices are increasingly on the rise. Smishing, a combination of SMS (Short Message Service) and phishing has emerged as a treacherous cyber threat used by malicious actors to deceive users, aiming to steal sensitive information, money or install malware on their mobile devices. Despite the increase in smishing attacks in recent years, there are very few studies aimed at understanding the factors that contribute to a user's ability to differentiate real from fake messages. To address this gap in knowledge, we have conducted an online survey on smishing detection with 187 participants. In this study, we presented them with 16 SMS screenshots and evaluated how different factors affect their decision making process in smishing detection. Next, we conducted a post-survey to garner information on the participants' security attitudes, behavior and knowledge. Our results highlighted that attention and security behavioral scores had a significant impact on participants' accuracy in identifying smishing messages. We found that participants had more difficulty identifying real messages from fake ones, with an accuracy of 67.1% with fake messages and 43.6% with real messages. Our study is crucial in developing proactive strategies to encounter and mitigate smishing attacks. By understanding what factors influence smishing detection, we aim to bolster users' resilience against such threats and create a safer digital environment for all.

Cryptography and Security,Human-Computer Interaction

Anargyros Chrysanthou,Yorgos Pantis,Constantinos Patsakis

2023-10-05

Abstract:In an era dominated by digital interactions, phishing campaigns have evolved to exploit not just technological vulnerabilities but also human traits. This study takes an unprecedented deep dive into large-scale phishing campaigns aimed at Meta's users, offering a dual perspective on the technical mechanics and human elements involved. Analysing data from over 25,000 victims worldwide, we highlight the nuances of these campaigns, from the intricate techniques deployed by the attackers to the sentiments and behaviours of those who were targeted. Unlike prior research conducted in controlled environments, this investigation capitalises on the vast, diverse, and genuine data extracted directly from active phishing campaigns, allowing for a more holistic understanding of the drivers, facilitators, and human factors. Through the application of advanced computational techniques, including natural language processing and machine learning, this work unveils critical insights into the psyche of victims and the evolving tactics of modern phishers. Our analysis illustrates very poor password selection choices from the victims but also persistence in the revictimisation of a significant part of the users. Finally, we reveal many correlations regarding demographics, timing, sentiment, emotion, and tone of the victims' responses.

Cryptography and Security

Mohit Singhal,Nihal Kumarswamy,Shreyasi Kinhekar,Shirin Nilizadeh

DOI: https://doi.org/10.1609/icwsm.v17i1.22189

2022-08-18

Abstract:Prior work has extensively studied misinformation related to news, politics, and health, however, misinformation can also be about technological topics. While less controversial, such misinformation can severely impact companies' reputations and revenues, and users' online experiences. Recently, social media has also been increasingly used as a novel source of knowledgebase for extracting timely and relevant security threats, which are fed to the threat intelligence systems for better performance. However, with possible campaigns spreading false security threats, these systems can become vulnerable to poisoning attacks. In this work, we proposed novel approaches for detecting misinformation about cybersecurity and privacy threats on social media, focusing on two topics with different types of misinformation: phishing websites and Zoom's security & privacy threats. We developed a framework for detecting inaccurate phishing claims on Twitter. Using this framework, we could label about 9% of URLs and 22% of phishing reports as misinformation. We also proposed another framework for detecting misinformation related to Zoom's security and privacy threats on multiple platforms. Our classifiers showed great performance with more than 98% accuracy. Employing these classifiers on the posts from Facebook, Instagram, Reddit, and Twitter, we found respectively that about 18%, 3%, 4%, and 3% of posts were misinformation. In addition, we studied the characteristics of misinformation posts, their authors, and their timelines, which helped us identify campaigns.

Computers and Society,Cryptography and Security,Social and Information Networks

B. Issac,R. Chiong,S.M. Jacob

DOI: https://doi.org/10.48550/arXiv.1410.4672

2014-10-17

Abstract:One of the biggest problems with the Internet technology is the unwanted spam emails. The well disguised phishing email comes in as part of the spam and makes its entry into the inbox quite frequently nowadays. While phishing is normally considered a consumer issue, the fraudulent tactics the phishers use are now intimidating the corporate sector as well. In this paper, we analyze the various aspects of phishing attacks and draw on some possible defenses as countermeasures. We initially address the different forms of phishing attacks in theory, and then look at some examples of attacks in practice, along with their common defenses. We also highlight some recent statistical data on phishing scam to project the seriousness of the problem. Finally, some specific phishing countermeasures at both the user level and the organization level are listed, and a multi-layered anti-phishing proposal is presented to round up our studies.

Cryptography and Security

Furkan Çolhak,Mert İlhan Ecevit,Bilal Emir Uçar,Reiner Creutzburg,Hasan Dağ

2024-07-10

Abstract:The way we communicate and work has changed significantly with the rise of the Internet. While it has opened up new opportunities, it has also brought about an increase in cyber threats. One common and serious threat is phishing, where cybercriminals employ deceptive methods to steal sensitive information.This study addresses the pressing issue of phishing by introducing an advanced detection model that meticulously focuses on HTML content. Our proposed approach integrates a specialized Multi-Layer Perceptron (MLP) model for structured tabular data and two pretrained Natural Language Processing (NLP) models for analyzing textual features such as page titles and content. The embeddings from these models are harmoniously combined through a novel fusion process. The resulting fused embeddings are then input into a linear classifier. Recognizing the scarcity of recent datasets for comprehensive phishing research, our contribution extends to the creation of an up-to-date dataset, which we openly share with the community. The dataset is meticulously curated to reflect real-life phishing conditions, ensuring relevance and applicability. The research findings highlight the effectiveness of the proposed approach, with the CANINE demonstrating superior performance in analyzing page titles and the RoBERTa excelling in evaluating page content. The fusion of two NLP and one MLP model,termed MultiText-LP, achieves impressive results, yielding a 96.80 F1 score and a 97.18 accuracy score on our research dataset. Furthermore, our approach outperforms existing methods on the CatchPhish HTML dataset, showcasing its efficacies.

Cryptography and Security,Artificial Intelligence

Amir Kashapov,Tingmin Wu,Alsharif Abuadbba,Carsten Rudolph

DOI: https://doi.org/10.48550/arXiv.2203.13380

2022-03-25

Abstract:Cyber-phishing attacks recently became more precise, targeted, and tailored by training data to activate only in the presence of specific information or cues. They are adaptable to a much greater extent than traditional phishing detection. Hence, automated detection systems cannot always be 100% accurate, increasing the uncertainty around expected behavior when faced with a potential phishing email. On the other hand, human-centric defence approaches focus extensively on user training but face the difficulty of keeping users up to date with continuously emerging patterns. Therefore, advances in analyzing the content of an email in novel ways along with summarizing the most pertinent content to the recipients of emails is a prospective gateway to furthering how to combat these threats. Addressing this gap, this work leverages transformer-based machine learning to (i) analyze prospective psychological triggers, to (ii) detect possible malicious intent, and (iii) create representative summaries of emails. We then amalgamate this information and present it to the user to allow them to (i) easily decide whether the email is "phishy" and (ii) self-learn advanced malicious patterns.

Cryptography and Security,Machine Learning

Marzieh Bitaab,Haehyun Cho,Adam Oest,Penghui Zhang,Zhibo Sun,Rana Pourmohamad,Doowon Kim,Tiffany Bao,Ruoyu Wang,Yan Shoshitaishvili,Adam Doupé,Gail-Joon Ahn

DOI: https://doi.org/10.48550/arXiv.2103.12843

2021-03-24

Abstract:As the COVID-19 pandemic started triggering widespread lockdowns across the globe, cybercriminals did not hesitate to take advantage of users' increased usage of the Internet and their reliance on it. In this paper, we carry out a comprehensive measurement study of online social engineering attacks in the early months of the pandemic. By collecting, synthesizing, and analyzing DNS records, TLS certificates, phishing URLs, phishing website source code, phishing emails, web traffic to phishing websites, news articles, and government announcements, we track trends of phishing activity between January and May 2020 and seek to understand the key implications of the underlying trends. We find that phishing attack traffic in March and April 2020 skyrocketed up to 220\% of its pre-COVID-19 rate, far exceeding typical seasonal spikes. Attackers exploited victims' uncertainty and fear related to the pandemic through a variety of highly targeted scams, including emerging scam types against which current defenses are not sufficient as well as traditional phishing which outpaced the ecosystem's collective response.

Cryptography and Security

Tosin Ige,Christopher Kiekintveld,Aritran Piplai,Amy Waggler,Olukunle Kolade,Bolanle Hafiz Matti

2024-11-24

Abstract:Phishing is one of the most effective ways in which cybercriminals get sensitive details such as credentials for online banking, digital wallets, state secrets, and many more from potential victims. They do this by spamming users with malicious URLs with the sole purpose of tricking them into divulging sensitive information which is later used for various cybercrimes. In this research, we did a comprehensive review of current state-of-the-art machine learning and deep learning phishing detection techniques to expose their vulnerabilities and future research direction. For better analysis and observation, we split machine learning techniques into Bayesian, non-Bayesian, and deep learning. We reviewed the most recent advances in Bayesian and non-Bayesian-based classifiers before exploiting their corresponding weaknesses to indicate future research direction. While exploiting weaknesses in both Bayesian and non-Bayesian classifiers, we also compared each performance with a deep learning classifier. For a proper review of deep learning-based classifiers, we looked at Recurrent Neural Networks (RNN), Convolutional Neural Networks (CNN), and Long Short Term Memory Networks (LSTMs). We did an empirical analysis to evaluate the performance of each classifier along with many of the proposed state-of-the-art anti-phishing techniques to identify future research directions, we also made a series of proposals on how the performance of the under-performing algorithm can improved in addition to a two-stage prediction model

Cryptography and Security,Artificial Intelligence,Machine Learning

Mingxuan Liu,Yiming Zhang,Baojun Liu,Zhou Li,Haixin Duan,Donghong Sun

DOI: https://doi.org/10.1145/3485832.3488012

2021-01-01

Abstract:Although spearphishing is a well-known security issue and has been widely researched, it is still an evolving threat with emerging forms. In recent years, Short Message Service (SMS) has been revealed as a new distribution channel for spearphishing messages, which already has caused a serious impact in the real world, but has not yet attracted enough attention from the academic community. In this paper, we report the first systemic study to spotlight this emerging threat, SMS spearphishing attack. Through cooperating with a leading security vendor, we obtain 31.96M real-world spam messages that span three months. We design and implement a novel NLP-based detection algorithm, and uncover 90,801 spearphishing messages on the entire dataset. And then, a large-scale measurement was performed on the detected messages to reveal and understand the characteristics of SMS spearphishing attack. Our findings are multi-fold. We discover that SMS spearphishing has a significant negative impact on the real-world, and a large number of victims have been affected. And the distribution of active illicit types between spearphishing message and common spam is quite inconsistent. At the micro-level, to evade detection and increase the probability of success, adversary campaigns have evolved a set of sophisticated strategies. Our research highlights the impact of SMS spearphishing attack is prominent. We call on different communities to work together to mitigate this emerging security threat.

Tejveer Singh,Manoj Kumar,Santosh Kumar

DOI: https://doi.org/10.1016/j.compeleceng.2024.109374

IF: 4.152

2024-06-20

Computers & Electrical Engineering

Abstract:Phishing has emerged as a significant cyber threat, resulting in huge financial frauds for internet users annually. This malicious activity uses social engineering and upgraded methodologies (like file archiver in the browser, content injection, calendar phishing, more convincing fake websites or emails, voice manipulation, or other tools designed to deceive and exploit the target's confidence) to extract sensitive information from unsuspected victims. In order to mitigate these attacks, several methods and tools have been devised; various detection techniques and block phishing websites, and browser extensions that notify users about suspicious websites. Our work elaborates on meticulous analysis of the detection of phishing attacks by classifying them into four broader categories based on the adopted methodologies like List-Based Detection, Heuristic-Based Detection, machine learning (ML)-based, and deep learning (DL)-based. Additionally, it summarizes the popular devised schemes, highlighting their advantages and limitations, and how these are suitable for the different types of deployments.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Cynthia Dhinakaran,Dhinaharan Nagamalai,Jae Kwang Lee

DOI: https://doi.org/10.48550/arXiv.1108.1593

2011-08-08

Abstract:Spam messes up users inbox, consumes resources and spread attacks like DDoS, MiM, phishing etc. Phishing is a byproduct of email and causes financial loss to users and loss of reputation to financial institutions. In this paper we examine the characteristics of phishing and technology used by Phishers. In order to counter anti-phishing technology, phishers change their mode of operation; therefore a continuous evaluation of phishing only helps us combat phisher effectiveness. In our study, we collected seven hundred thousand spam from a corporate server for a period of 13 months from February 2008 to February 2009. From the collected data, we identified different kinds of phishing scams and mode of operation. Our observation shows that phishers are dynamic and depend more on social engineering techniques rather than software vulnerabilities. We believe that this study will develop more efficient anti-phishing methodologies. Based on our analysis, we developed an anti-phishing methodology and implemented in our network. The results show that this approach is highly effective to prevent phishing attacks. The proposed approach reduced more than 80% of the false negatives and more than 95% of phishing attacks in our network.

Cryptography and Security