Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies

Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing website attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing website attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed

Consumer-facing technology fraud : economics, attack methods and potential solutions

The emerging use of modern technologies has not only benefited society but also attracted fraudsters and criminals to misuse the technology for financial benefits. Fraud over the Internet has increased dramatically, resulting in an annual loss of billions of dollars to customers and service providers worldwide. Much of such fraud directly impacts individuals, both in the case of browser-based and mobile-based Internet services, as well as when using traditional telephony services, either through landline phones or mobiles. It is important that users of the technology should be both informed of fraud, as well as protected from frauds through fraud detection and prevention systems. In this paper, we present the anatomy of frauds for different consumer-facing technologies from three broad perspectives - we discuss Internet, mobile and traditional telecommunication, from the perspectives of losses through frauds over the technology, fraud attack mechanisms and systems used for detecting and preventing frauds. The paper also provides recommendations for securing emerging technologies from fraud and attacks

Intelligent phishing website detection system using fuzzy techniques.

Phishing websites are forged web pages that are created by malicious people to mimic web pages of real websites and it attempts to defraud people of their personal information. Detecting and identifying Phishing websites is really a complex and dynamic problem involving many factors and criteria, and because of the subjective considerations and the ambiguities involved in the detection, Fuzzy Logic model can be an effective tool in assessing and identifying phishing websites than any other traditional tool since it offers a more natural way of dealing with quality factors rather than exact values. In this paper, we present novel approach to overcome the `fuzziness¿ in traditional website phishing risk assessment and propose an intelligent resilient and effective model for detecting phishing websites. The proposed model is based on FL operators which is used to characterize the website phishing factors and indicators as fuzzy variables and produces six measures and criteria¿s of website phishing attack dimensions with a layer structure. Our experimental results showed the significance and importance of the phishing website criteria (URL & Domain Identity) represented by layer one, and the variety influence of the phishing characteristic layers on the final phishing website rate

Understanding phishing awareness among students in tertiary institutions and setting-up defensive mechanisms against the attackers

The average loss by companies to phishing in 2021 is $14.8 million, more than triple what it was in 2015. That translates to hundreds of billions of dollars in total losses from phishing attacks on global businesses, and the vulnerability of these attacks is every day increasing, particularly among the younger generation less than 40 years of age. This paper begins with a background exposition on phishing trends and highlights previous findings concerning users' susceptibility to phishing attacks. It however explores the term Phishing itself, its kinds, types and some basic measures necessary for defense against phishing activities. The research was employed with a major focus on the email aspect of phishing. Alongside the website aspect of phishing, the certificate of a website was also considered. The purpose of this study was to identify the level of student awareness related to specific phishing tactics. Findings revealed that while students are unlikely to provide personal information in response to an email/SMS request, they can be easily tricked by numerous other tactics. This paper reports the findings of the study in addition to listing suggested points to employ for creating phishing awareness

From Understanding Telephone Scams to Implementing Authenticated Caller ID Transmission

abstract: The telephone network is used by almost every person in the modern world. With the rise of Internet access to the PSTN, the telephone network today is rife with telephone spam and scams. Spam calls are significant annoyances for telephone users, unlike email spam, spam calls demand immediate attention. They are not only significant annoyances but also result in significant financial losses in the economy. According to complaint data from the FTC, complaints on illegal calls have made record numbers in recent years. Americans lose billions to fraud due to malicious telephone communication, despite various efforts to subdue telephone spam, scam, and robocalls. In this dissertation, a study of what causes the users to fall victim to telephone scams is presented, and it demonstrates that impersonation is at the heart of the problem. Most solutions today primarily rely on gathering offending caller IDs, however, they do not work effectively when the caller ID has been spoofed. Due to a lack of authentication in the PSTN caller ID transmission scheme, fraudsters can manipulate the caller ID to impersonate a trusted entity and further a variety of scams. To provide a solution to this fundamental problem, a novel architecture and method to authenticate the transmission of the caller ID is proposed. The solution enables the possibility of a security indicator which can provide an early warning to help users stay vigilant against telephone impersonation scams, as well as provide a foundation for existing and future defenses to stop unwanted telephone communication based on the caller ID information.Dissertation/ThesisDoctoral Dissertation Computer Science 201

When Politics Rule Policy: The Role of Discursive Politics in Wisconsin\u27s Photo Identification Law

Few policies carry more controversy than voter photo identification requirements. First passed in 2003, these laws require voters to present government-issued ID’s, such as a driver’s license, state identification card, military ID, or qualifying student ID. This paper examines the discursive politics in Wisconsin’s photo ID, seeking to understand how state policymakers justified the law against accusations of voter suppression. Put broadly, this paper seeks to understand the intersection of politics and policy, exploring how irrational policies are formed, implemented, and evaluated

FraudMemory: Explainable Memory-Enhanced Sequential Neural Networks for Financial Fraud Detection

The rapid development of electronic financial services brings significant convenience to our daily life. However, it also offers criminals the opportunity to exploit financial systems to do fraudulent transactions. Previous studies on fraud detection only deal with single type transactions and cannot adapt well to evolving environment in reality. In addition, their black box models pay less attention on the interpretability of fraud detection results. Here we propose a novel fraud detection algorithm called FraudMemory. It adopts state-of-art feature representation methods to better depict users and logs with multiple types in financial systems. Our model innovatively uses sequential model to capture the sequential patterns of each transaction and leverages memory networks to improve both the performance and interpretability. Also, with the incorporation of memory components, FraudMemory possesses high adaptability to the existence of concept drift. The empirical study proves that our model is a potential tool for financial fraud detection