B. Issac,R. Chiong,S.M. Jacob

DOI: https://doi.org/10.48550/arXiv.1410.4672

2014-10-17

Abstract:One of the biggest problems with the Internet technology is the unwanted spam emails. The well disguised phishing email comes in as part of the spam and makes its entry into the inbox quite frequently nowadays. While phishing is normally considered a consumer issue, the fraudulent tactics the phishers use are now intimidating the corporate sector as well. In this paper, we analyze the various aspects of phishing attacks and draw on some possible defenses as countermeasures. We initially address the different forms of phishing attacks in theory, and then look at some examples of attacks in practice, along with their common defenses. We also highlight some recent statistical data on phishing scam to project the seriousness of the problem. Finally, some specific phishing countermeasures at both the user level and the organization level are listed, and a multi-layered anti-phishing proposal is presented to round up our studies.

Cryptography and Security

Xi Chen,Indranil Bose,Alvin Leung,Chenhui Guo

2009-01-01

Abstract:We assess the severity of phishing attacks in terms of their risk levels and the potential loss in market value to the firms. We analyze 1,030 phishing alerts released on a public database as well as financial data related to the targeted firms using a hybrid text and data mining method that predicts the severity of the attack with high accuracy. Our research identifies the important textual and financial variables that impact the severity of the attacks and determine that different antecedents influence risk level and potential financial loss associated with phishing attacks.

Cynthia Dhinakaran,Dhinaharan Nagamalai,Jae Kwang Lee

DOI: https://doi.org/10.48550/arXiv.1108.1593

2011-08-08

Abstract:Spam messes up users inbox, consumes resources and spread attacks like DDoS, MiM, phishing etc. Phishing is a byproduct of email and causes financial loss to users and loss of reputation to financial institutions. In this paper we examine the characteristics of phishing and technology used by Phishers. In order to counter anti-phishing technology, phishers change their mode of operation; therefore a continuous evaluation of phishing only helps us combat phisher effectiveness. In our study, we collected seven hundred thousand spam from a corporate server for a period of 13 months from February 2008 to February 2009. From the collected data, we identified different kinds of phishing scams and mode of operation. Our observation shows that phishers are dynamic and depend more on social engineering techniques rather than software vulnerabilities. We believe that this study will develop more efficient anti-phishing methodologies. Based on our analysis, we developed an anti-phishing methodology and implemented in our network. The results show that this approach is highly effective to prevent phishing attacks. The proposed approach reduced more than 80% of the false negatives and more than 95% of phishing attacks in our network.

Cryptography and Security

M. Tariq Banday,Jameel A. Qadri

DOI: https://doi.org/10.48550/arXiv.1112.5732

2011-12-24

Abstract:In today's business environment, it is difficult to imagine a workplace without access to the web, yet a variety of email born viruses, spyware, adware, Trojan horses, phishing attacks, directory harvest attacks, DoS attacks, and other threats combine to attack businesses and customers. This paper is an attempt to review phishing - a constantly growing and evolving threat to Internet based commercial transactions. Various phishing approaches that include vishing, spear phishng, pharming, keyloggers, malware, web Trojans, and others will be discussed. This paper also highlights the latest phishing analysis made by Anti-Phishing Working Group (APWG) and Korean Internet Security Center.

Cryptography and Security

Tarini Saka,Rachiyta Jain,Kami Vaniea,Nadin Kökciyan

2024-08-17

Abstract:Phishing is one of the most prevalent and expensive types of cybercrime faced by organizations and individuals worldwide. Most prior research has focused on various technical features and traditional representations of text to characterize phishing emails. There is a significant knowledge gap about the qualitative traits embedded in them, which could be useful in a range of phishing mitigation tasks. In this paper, we dissect the structure of phishing emails to gain a better understanding of the factors that influence human decision-making when assessing suspicious emails and identify a novel set of descriptive features. For this, we employ an iterative qualitative coding approach to identify features that are descriptive of the emails. We developed the ``Phishing Codebook'', a structured framework to systematically extract key information from phishing emails, and we apply this codebook to a publicly available dataset of 503 phishing emails collected between 2015 and 2021. We present key observations and challenges related to phishing attacks delivered indirectly through legitimate services, the challenge of recurring and long-lasting scams, and the variations within campaigns used by attackers to bypass rule-based filters. Furthermore, we provide two use cases to show how the Phishing Codebook is useful in identifying similar phishing emails and in creating well-tailored responses to end-users. We share the Phishing Codebook and the annotated benchmark dataset to help researchers have a better understanding of phishing emails.

Cryptography and Security

Khalifa Afane,Wenqi Wei,Ying Mao,Junaid Farooq,Juntao Chen

2024-11-21

Abstract:The escalating threat of phishing emails has become increasingly sophisticated with the rise of Large Language Models (LLMs). As attackers exploit LLMs to craft more convincing and evasive phishing emails, it is crucial to assess the resilience of current phishing defenses. In this study we conduct a comprehensive evaluation of traditional phishing detectors, such as Gmail Spam Filter, Apache SpamAssassin, and Proofpoint, as well as machine learning models like SVM, Logistic Regression, and Naive Bayes, in identifying both traditional and LLM-rephrased phishing emails. We also explore the emerging role of LLMs as phishing detection tools, a method already adopted by companies like NTT Security Holdings and JPMorgan Chase. Our results reveal notable declines in detection accuracy for rephrased emails across all detectors, highlighting critical weaknesses in current phishing defenses. As the threat landscape evolves, our findings underscore the need for stronger security controls and regulatory oversight on LLM-generated content to prevent its misuse in creating advanced phishing attacks. This study contributes to the development of more effective Cyber Threat Intelligence (CTI) by leveraging LLMs to generate diverse phishing variants that can be used for data augmentation, harnessing the power of LLMs to enhance phishing detection, and paving the way for more robust and adaptable threat detection systems.

Cryptography and Security,Artificial Intelligence

Weibo Chu,Bin B. Zhu,Feng Xue,Xiaohong Guan,Zhongmin Cai

DOI: https://doi.org/10.1109/ICC.2013.6654816

2013-01-01

Abstract:Phishing is the third cyber-security threat globally and the first cyber-security threat in China. There were 61.69 million phishing victims in China alone from June 2011 to June 2012, with the total annual monetary loss more than 4.64 billion US dollars. These phishing attacks were highly concentrated in targeting at a few major Websites. Many phishing Webpages had a very short life span. In this paper, we assume the Websites to protect against phishing attacks are known, and study the effectiveness of machine learning based phishing detection using only lexical and domain features, which are available even when the phishing Webpages are inaccessible. We propose several novel highly effective features, and use the real phishing attack data against Taobao and Tencent, two main phishing targets in China, in studying the effectiveness of each feature, and each group of features. We then select an optimal set of features in our phishing detector, which has achieved a detection rate better than 98%, with a false positive rate of 0.64% or less. The detector is still effective when the distribution of phishing URLs changes.

Chibuike Samuel Eze,Lior Shamir

2024-05-09

Abstract:Phishing email attacks are among the most common and most harmful cybersecurity attacks. With the emergence of generative AI, phishing attacks can be based on emails generated automatically, making it more difficult to detect them. That is, instead of a single email format sent to a large number of recipients, generative AI can be used to send each potential victim a different email, making it more difficult for cybersecurity systems to identify the scam email before it reaches the recipient. Here we describe a corpus of AI-generated phishing emails. We also use different machine learning tools to test the ability of automatic text analysis to identify AI-generated phishing emails. The results are encouraging, and show that machine learning tools can identify an AI-generated phishing email with high accuracy compared to regular emails or human-generated scam email. By applying descriptive analytic, the specific differences between AI-generated emails and manually crafted scam emails are profiled, and show that AI-generated emails are different in their style from human-generated phishing email scams. Therefore, automatic identification tools can be used as a warning for the user. The paper also describes the corpus of AI-generated phishing emails that is made open to the public, and can be used for consequent studies. While the ability of machine learning to detect AI-generated phishing email is encouraging, AI-generated phishing emails are different from regular phishing emails, and therefore it is important to train machine learning systems also with AI-generated emails in order to repel future phishing attacks that are powered by generative AI.

Cryptography and Security,Artificial Intelligence,Computation and Language

Fiona Carroll,John Ayooluwa Adejobi,Reza Montasari

DOI: https://doi.org/10.1007/s42979-022-01069-1

Abstract:Phishing attacks are on the increase. The fact that our ways of living, studying and working have drastically changed as a result of the COVID pandemic (i.e., almost everything being done online) has created many new cyber security concerns. In particular, with the move to remote working, the number of phishing emails threatening employees has increased. The 2020 Phishing Attack Landscape Report (Greathorn: 2020 Phishing attack landscape. https://info.greathorn.com/report-2020-phishing-attack-landscape/, 2020) highlights a sharp increase in the frequency of attempted phishing attacks. In this paper, we are interested in how the phishing email attack has evolved to this very threatening state. In detail, we explore the current phishing attack characteristics especially the growing challenges that have emerged as a result of the COVID-19 pandemic. The paper documents a study that presented test participants with five different categories of emails (including phishing and non phishing) . The findings from the study show that participants, generally, found it difficult to detect modern phishing email attacks. Saying that, participants were alert to the spelling mistakes of the older phishing email attacks, sensitive information being requested from them and any slight change to what they were normally used to from an email. Moreover, we have found that people were not confident, worried and often dissatisfied with the current technologies available to protect them against phishing emails. In terms of trust, these feelings alerted us to the increasing severity of the phishing attack situation and just how vulnerable society has become/ still is.

Tejveer Singh,Manoj Kumar,Santosh Kumar

DOI: https://doi.org/10.1016/j.compeleceng.2024.109374

IF: 4.152

2024-06-20

Computers & Electrical Engineering

Abstract:Phishing has emerged as a significant cyber threat, resulting in huge financial frauds for internet users annually. This malicious activity uses social engineering and upgraded methodologies (like file archiver in the browser, content injection, calendar phishing, more convincing fake websites or emails, voice manipulation, or other tools designed to deceive and exploit the target's confidence) to extract sensitive information from unsuspected victims. In order to mitigate these attacks, several methods and tools have been devised; various detection techniques and block phishing websites, and browser extensions that notify users about suspicious websites. Our work elaborates on meticulous analysis of the detection of phishing attacks by classifying them into four broader categories based on the adopted methodologies like List-Based Detection, Heuristic-Based Detection, machine learning (ML)-based, and deep learning (DL)-based. Additionally, it summarizes the popular devised schemes, highlighting their advantages and limitations, and how these are suitable for the different types of deployments.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Yusi Lei,Sen Chen,Lingling Fan,Fu Song,Yang Liu

DOI: https://doi.org/10.48550/arXiv.2004.06954

2020-04-15

Abstract:Machine learning (ML) based approaches have been the mainstream solution for anti-phishing detection. When they are deployed on the client-side, ML-based classifiers are vulnerable to evasion attacks. However, such potential threats have received relatively little attention because existing attacks destruct the functionalities or appearance of webpages and are conducted in the white-box scenario, making it less practical. Consequently, it becomes imperative to understand whether it is possible to launch evasion attacks with limited knowledge of the classifier, while preserving the functionalities and appearance. In this work, we show that even in the grey-, and black-box scenarios, evasion attacks are not only effective on practical ML-based classifiers, but can also be efficiently launched without destructing the functionalities and appearance. For this purpose, we propose three mutation-based attacks, differing in the knowledge of the target classifier, addressing a key technical challenge: automatically crafting an adversarial sample from a known phishing website in a way that can mislead classifiers. To launch attacks in the white- and grey-box scenarios, we also propose a sample-based collision attack to gain the knowledge of the target classifier. We demonstrate the effectiveness and efficiency of our evasion attacks on the state-of-the-art, Google's phishing page filter, achieved 100% attack success rate in less than one second per website. Moreover, the transferability attack on BitDefender's industrial phishing page classifier, TrafficLight, achieved up to 81.25% attack success rate. We further propose a similarity-based method to mitigate such evasion attacks, Pelican. We demonstrate that Pelican can effectively detect evasion attacks. Our findings contribute to design more robust phishing website classifiers in practice.

Cryptography and Security,Machine Learning

Abdul Basit,Maham Zafar,Xuan Liu,Abdul Rehman Javed,Zunera Jalil,Kashif Kifayat

DOI: https://doi.org/10.1007/s11235-020-00733-2

Abstract:In recent times, a phishing attack has become one of the most prominent attacks faced by internet users, governments, and service-providing organizations. In a phishing attack, the attacker(s) collects the client's sensitive data (i.e., user account login details, credit/debit card numbers, etc.) by using spoofed emails or fake websites. Phishing websites are common entry points of online social engineering attacks, including numerous frauds on the websites. In such types of attacks, the attacker(s) create website pages by copying the behavior of legitimate websites and sends URL(s) to the targeted victims through spam messages, texts, or social networking. To provide a thorough understanding of phishing attack(s), this paper provides a literature review of Artificial Intelligence (AI) techniques: Machine Learning, Deep Learning, Hybrid Learning, and Scenario-based techniques for phishing attack detection. This paper also presents the comparison of different studies detecting the phishing attack for each AI technique and examines the qualities and shortcomings of these methodologies. Furthermore, this paper provides a comprehensive set of current challenges of phishing attacks and future research direction in this domain.

Yuosuf Al-Hamar,Hoshang Kolivand,Mostafa Tajdini,Tanzila Saba,Varatharajan Ramachandran

DOI: https://doi.org/10.1016/j.compeleceng.2021.107363

2021-09-01

Abstract:The latest report by Kaspersky on email Spam and targeted Phishing attacks, by percentage, highlights the need of an urgent solution. Attachment-driven Spear-phishing struggles to succeed against many email providers’ malware-filtration systems, which proactively check emails for malicious software. In this paper, we provided a solution that can detect targeted Spear-phishing attacks based on required similarities in the specific domain which it has been targeted. The strategy is to figure out whether the domain is genuine or a forgery, which is to be evaluated by multi novel grading algorithms. Therefore, this research addresses targeted attacks on specific organisations by presenting a new enterprise solution. This detection system focuses on domain names, which tend to be registered domain names trusted by the victims. The results from this investigation show that this detection system has proven its ability to reduce email phishing attacks significantly.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Yu Chen,Yajian Zhou,Qingqing Dong,Qi Li

DOI: https://doi.org/10.1109/TOCS50858.2020.9339761

2020-01-01

Abstract:In recent years, phishing events occur frequently, and the detection of phishing URL has become a common concern in the field of network security. In previous studies, researchers distinguish phishing URLs from normal URLs by the string characteristics. However, this method is difficult to achieve efficient detection accuracy in the case of attacker's forgery of URL features. In this paper, we propose a phishing URL detection method based on URL content. Firstly, the simple features are used for preliminary screening, and then, the URLs that cannot be distinguished by simple features are input into the simulation environment to obtain the page content. Finally, the method based on CNN is used to detect malicious URLs based on the page content. Experiments show that our method can achieve satisfying detection accuracy.

Wen Wei-ping,Qing Si-han

DOI: https://doi.org/10.1007/bf02828623

2005-01-01

Abstract:With the explosive growth of network applications, the threat of the malicious code against network security becomes increasingly serious. In this paper we explore the mechanism of the malicious code by giving an attack model of the malicious code, and discuss the critical techniques of implementation and prevention against the malicious code. Theremaining problems and emerging trends in this area are also addressed in the paper.

Sultan Asiri,Yang Xiao,Saleh Alzahrani,Shuhui Li,Tieshan Li

DOI: https://doi.org/10.1109/access.2023.3237798

IF: 3.9

2023-01-01

IEEE Access

Abstract:Phishing attacks are a type of cybercrime that has grown in recent years. It is part of social engineering attacks where an attacker deceives users by sending fake messages using social media platforms or emails. Phishing attacks steal users’ information or download and install malicious software. They are hard to detect because attackers can design a phishing message that looks legitimate to a user. This message may contain a phishing URL so that even an expert can be a victim. This URL leads the victim to a fake website that steals information, such as login information, payment information, etc. Researchers and engineers work to develop methods to detect phishing attacks without the need for the eyes of experts. Even though many papers discuss HTML and URL-based phishing detection methods, there is no comprehensive survey to discuss these methods. Therefore, this paper comprehensively surveys HTML and URL phishing attacks and detection methods. We review the current state-of-art deep learning models to detect URL-based and hybrid-based phishing attacks in detail. We compare each model based on its data preprocessing, feature extraction, model design, and performance.

Ethan Morrow

DOI: https://doi.org/10.1016/j.chb.2024.108274

IF: 9.9

2024-04-27

Computers in Human Behavior

Abstract:Universities are frequent targets of cyberattacks. This investigation seeks to explore common phishing techniques targeting institutions of higher education. This study analyzes the content and message features of a sample of 2,300 emails from 2010 to 2023 collected from Cornell's Phish Bowl, including topics, persuasive appeals, emotional appeals, and spelling errors. Using analyses of association and text mining, the work maps out changes in phishing trends over time. One major finding is that security-focused phish have been replaced by those attempting to reflect routine university life, such as job offer scams. Additionally, this study identifies authority and scarcity as common persuasive appeals in phishing attempts and demonstrates a decrease in spelling errors over time. These findings have practical implications for cybersecurity training and awareness. They may also guide future work seeking to determine user susceptibility to phishing by providing insight into frequent attacks.

psychology, multidisciplinary, experimental

Grant Ho,Asaf Cidon,Lior Gavish,Marco Schweighauser,Vern Paxson,Stefan Savage,Geoffrey M. Voelker,David Wagner

DOI: https://doi.org/10.48550/arXiv.1910.00790

2019-10-02

Cryptography and Security

Abstract:We present the first large-scale characterization of lateral phishing attacks, based on a dataset of 113 million employee-sent emails from 92 enterprise organizations. In a lateral phishing attack, adversaries leverage a compromised enterprise account to send phishing emails to other users, benefitting from both the implicit trust and the information in the hijacked user's account. We develop a classifier that finds hundreds of real-world lateral phishing emails, while generating under four false positives per every one-million employee-sent emails. Drawing on the attacks we detect, as well as a corpus of user-reported incidents, we quantify the scale of lateral phishing, identify several thematic content and recipient targeting strategies that attackers follow, illuminate two types of sophisticated behaviors that attackers exhibit, and estimate the success rate of these attacks. Collectively, these results expand our mental models of the 'enterprise attacker' and shed light on the current state of enterprise phishing attacks.

Bo Yun Zhang,Xi Ai Yan,De Quan Tang

DOI: https://doi.org/10.1088/1742-6596/1087/6/062026

2018-09-01

Journal of Physics: Conference Series

Abstract:This paper describes the research status and progress of malicious code intelligent detection techniques. It introduced the research background of the malicious code detection. Then the classified and analyzed research work from the theoretical research on malicious code detection, malicious code static detection and dynamic detection, integrated detection and based on biological immune detection techniques are described in detail. The contrastive analysis of different detection methods principle and further study on the future directions are discussed.

Hiroki Nakano,Daiki Chiba,Takashi Koide,Naoki Fukushi,Takeshi Yagi,Takeo Hariu,Katsunari Yoshioka,Tsutomu Matsumoto

DOI: https://doi.org/10.48550/arXiv.2303.15847

2023-06-06

Abstract:The rise in phishing attacks via e-mail and short message service (SMS) has not slowed down at all. The first thing we need to do to combat the ever-increasing number of phishing attacks is to collect and characterize more phishing cases that reach end users. Without understanding these characteristics, anti-phishing countermeasures cannot evolve. In this study, we propose an approach using Twitter as a new observation point to immediately collect and characterize phishing cases via e-mail and SMS that evade countermeasures and reach users. Specifically, we propose CrowdCanary, a system capable of structurally and accurately extracting phishing information (e.g., URLs and domains) from tweets about phishing by users who have actually discovered or encountered it. In our three months of live operation, CrowdCanary identified 35,432 phishing URLs out of 38,935 phishing reports, 31,960 (90.2%) of these phishing URLs were later detected by the anti-virus engine. We analyzed users who shared phishing threats by categorizing them into two groups: experts and non-experts. As a results, we discovered that CrowdCanary extracts non-expert report-specific information, like company brand name in tweets, phishing attack details from tweet images, and pre-redirect landing page information.

Cryptography and Security,Social and Information Networks