Avoiding the Phishing Bait: The Need for Conventional Countermeasures for Mobile Users

According to the international Anti-Phishing Work Group (APWG), phishing activities have significantly risen over the last few years, and users are becoming more susceptible to online and mobile fraud. Machine Learning (ML) techniques have the potential for building technical anti-phishing models, a majority of them have yet to be applied in a real-time environment. ML models also require domain experts to interpret the results. This gives conventional techniques a vital role as supportive tools for a wider audience, especially novice users, in order to reduce the rate of phishing attacks. Our paper aims at raising awareness and educating users on phishing in general and mobile phishing in particular from a conventional perspective, unlike existing reviews that are based on data mining and machine learning. This will equip individuals with knowledge and skills that may prevent phishing on a wider context within the mobile users’ community

FORGING PAYMENT CARDS AND CYBERCRIME

Payment card forging and high-tech crime are deeply rooted problems in today’s society. These sophisticated forms of crime utilize advanced techniques and high-tech tools to illegally access financial resources and commit fraud. Payment card forgery involves the creation of fake copies of debit or credit cards with the intent of conducting illegal financial transactions. Access to card data is achieved through various methods, including skimming (illegally collecting card data), phishing (fraud through fake emails or web pages), or the physical theft of cards. Simultaneously, high-tech crime encompasses a wide range of activities aimed at the misuse of digital technologies and networks to achieve financial gain or harm to individuals, companies, or states. These crimes often include computer fraud, cyber-attacks, and digital fraud. This paper aims to highlight the importance and seriousness of payment card forgery, explore different methods and patterns of these criminal activities, and emphasize their specific connection with high-tech crime. Different methodologies were applied in the research including quantitative and qualitative content analysis, comparative analysis, as well as descriptive and analytical statistics. The obtained results clearly indicate the growing importance of this problem both in the legislative and in the criminological contexts, with a constant increase in the number of committed criminal acts. Additionally, the research highlights the inextricable link between payment card forgery and various forms of high-tech crime, which often intertwine and together constitute an overarching challenge to the justice system and the security of society. Finally, the paper will consider various strategies and methods that society and the state can use to counter the spread of these criminal activities. The ultimate goal is to preserve the safety and integrity of the financial system and protect the interests of individuals

Організація протидії кібершахрайству, що використовує фішингові веб-ресурси

Об’єкт дослідження: кібератаки з використанням фішингу. Мета дипломної роботи: вдосконалення сучасних методів протидії кібершахрайству, надання і впровадження рекомендацій. В першому розділі розглянуті основні проблеми, які пов’язані з кібершахрайством та фішинговими атаками. Розглянуто статистичні дані щодо фішингових атак та завданої ними шкоди Україні та країнам світу. Була проаналізована нормативно-правова база щодо безпеки персональних даних користувачів. У другому розділі були розглянуті основні типи фішингових атак, розглянуті методи протидії ним, їх сильні та слабкі сторони. Розроблені рекомендації щодо посилення ефективності роботи механізмів протидії кібершахрайству та рекомендації для користувачів щодо мінімізування ризиків потрапляння під вплив фішингової атаки та її наслідків. Новизна очікуваних результатів полягає у впровадженні адаптованих рекомендацій для користувачів щодо питання кібершахрайства, що використовує фішингові веб-ресурси

The Role of the Adversary Model in Applied Security Research

Adversary models have been integral to the design of provably-secure cryptographic schemes or protocols. However, their use in other computer science research disciplines is relatively limited, particularly in the case of applied security research (e.g., mobile app and vulnerability studies). In this study, we conduct a survey of prominent adversary models used in the seminal field of cryptography, and more recent mobile and Internet of Things (IoT) research. Motivated by the findings from the cryptography survey, we propose a classification scheme for common app-based adversaries used in mobile security research, and classify key papers using the proposed scheme. Finally, we discuss recent work involving adversary models in the contemporary research field of IoT. We contribute recommendations to aid researchers working in applied (IoT) security based upon our findings from the mobile and cryptography literature. The key recommendation is for authors to clearly define adversary goals, assumptions and capabilities

Trust and Voice Biometric Authentication: Understanding the Levels of User’s Trust on Authentication Methods

Due to the singularity of the distinct biometric traits, biometric authentication factors have become increasingly prevalent in daily life and are predicted to target future authentication methods. Previous studies established that the human voice is one of the most natural, non-intrusive, and convenient behavioral biometric factors compared to other biometric authentication methods. Despite the non-intrusive characteristics of voice biometric authentication, it has been brought under scrutiny for many reasons, including the accuracy of biometric data, a general societal trust and distrust with technology and the risk of theft and imitation. Although, when it comes to trusting technology, users’ perceptions change with time through continued use of technology, and thus allowing perceptions and opinions to change. However, there are fundamental factors that can contribute to how users develop trust with technologies over time. This study derived a realistic trust evaluation model that incorporates security, privacy, safety, usability, reliability, and availability factors into a trust vector for a flexible measurement of trust in the user accessing the technology. Based on the derived trust model, we experiment using quantitative method whether the users are willing to trust voice biometric authentication method over PIN, fingerprint, and token-based authentication and hence would be inclined to adopt and utilize it as a means of user authentication to access technology. We applied the Kruskal-Wallis H test and the post-hoc test to understand which authentication method the user trusts, based on statistical significance and which groups were found to have that statistical difference. The result of the study suggests that users have less trust with voice compared to other authentication methods especially traditional means of knowledge-based authentication such as PIN’s which consistently ranked much higher than voice in pairwise comparisons