Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page

Each month, more attacks are launched with the aim of making web users believe that they are communicating with a trusted entity which compels them to share their personal, financial information. Phishing costs Internet users billions of dollars every year. Researchers at Carnegie Mellon University (CMU) created an anti-phishing landing page supported by Anti-Phishing Working Group (APWG) with the aim to train users on how to prevent themselves from phishing attacks. It is used by financial institutions, phish site take down vendors, government organizations, and online merchants. When a potential victim clicks on a phishing link that has been taken down, he / she is redirected to the landing page. In this paper, we present the comparative analysis on two datasets that we obtained from APWG's landing page log files; one, from September 7, 2008 - November 11, 2009, and other from January 1, 2014 - April 30, 2014. We found that the landing page has been successful in training users against phishing. Forty six percent users clicked lesser number of phishing URLs from January 2014 to April 2014 which shows that training from the landing page helped users not to fall for phishing attacks. Our analysis shows that phishers have started to modify their techniques by creating more legitimate looking URLs and buying large number of domains to increase their activity. We observed that phishers are exploiting ICANN accredited registrars to launch their attacks even after strict surveillance. We saw that phishers are trying to exploit free subdomain registration services to carry out attacks. In this paper, we also compared the phishing e-mails used by phishers to lure victims in 2008 and 2014. We found that the phishing e-mails have changed considerably over time. Phishers have adopted new techniques like sending promotional e-mails and emotionally targeting users in clicking phishing URLs

Evidence of personality traits on phishing attack menace among selected university undergraduates in Nigerian

Access ease, mobility, portability, and improved speed have continued to ease the adoption of computing devices; while, consequently proliferating phishing attacks. These, in turn, have created mixed feelings in increased adoption and nosedived users’ trust level of devices. The study recruited 480-students, who were exposed to socially-engineered attack directives. Attacks were designed toretrieve personal dataand entice participants to access compromised links. Wesought to determine the risks of cybercrimes among the undergraduates in selected Nigerian universities, observe students’ responses and explore their attitudes before/after each attack. Participants were primed to remain vigilant to all forms of scams as WE sought to investigate attacks’ influence on gender, students’ status, and age to perceived safety on susceptibility to phishing. Results show that contrary to public beliefs, age, status, and gender were not among the factors associated with scam susceptibility and vulnerability rates of the participants. However, the study reports decreased user trust levels in the adoption of these new, mobile computing devices

Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets

Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they require a large amount of training data and are not adept at detecting phishing attacks against new targets. In this paper, we begin with two core observations: (a) although phishers try to make a phishing webpage look similar to its target, they do not have unlimited freedom in structuring the phishing webpage, and (b) a webpage can be characterized by a small set of key terms, how these key terms are used in different parts of a webpage is different in the case of legitimate and phishing webpages. Based on these observations, we develop a phishing detection system with several notable properties: it requires very little training data, scales well to much larger test data, is language-independent, fast, resilient to adaptive attacks and implemented entirely on client-side. In addition, we developed a target identification component that can identify the target website that a phishing webpage is attempting to mimic. The target detection component is faster than previously reported systems and can help minimize false positives in our phishing detection system.Peer reviewe

Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies

Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing website attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing website attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed

A Large-Scale Study of Phishing PDF Documents

Phishing PDFs are malicious PDF documents that do not embed malware but trick victims into visiting malicious web pages leading to password theft or drive-by downloads. While recent reports indicate a surge of phishing PDFs, prior works have largely neglected this new threat, positioning phishing PDFs as accessories distributed via email phishing campaigns. This paper challenges this belief and presents the first systematic and comprehensive study centered on phishing PDFs. Starting from a real-world dataset, we first identify 44 phishing PDF campaigns via clustering and characterize them by looking at their volumetric, temporal, and visual features. Among these, we identify three large campaigns covering 89% of the dataset, exhibiting significantly different volumetric and temporal properties compared to classical email phishing, and relying on web UI elements as visual baits. Finally, we look at the distribution vectors and show that phishing PDFs are not only distributed via attachments but also via SEO attacks, placing phishing PDFs outside the email distribution ecosystem. This paper also assesses the usefulness of the VirusTotal scoring system, showing that phishing PDFs are ranked considerably low, creating a blind spot for organizations. While URL blocklists can help to prevent victims from visiting the attack web pages, PDF documents seem not subjected to any form of content-based filtering or detection

Phishing email detection technique by using hybrid features

Email provides convenience of communicating to such large number of people, especially for businessman. However, more attacks are launched to target electronic communication user in order to harvest credentials information from them for illegal purpose used. The most commonly phishing method is initialed by sending out email to user tends to make the user believe that they are communicating with trusted enttify, and deceive them into providing personal information. Recently, there are a lot of research have been done to overcome the phishing emails problem. This project aim to design a phishing email detection technique and focus on feature selection. The proposed method contains content-based feature. URL-based feature and behavior-based feature, which total nine feature sets. The proposed method has been evaluated on a set of 500 phishing emails and 500 legitimate emails. The proposed method obtain overall occuracy 97.25% with 1% false negative rate and 5% false positive rate. The proposed method able to classify more occurotely than the hybrid feature proposed by Hamid et al.. This evidence that two newly add on feature sets, hyperlink feature and return path feature are potential indicator. The quite promising result is motivated future work to mine the attacker behavior and explore more about behavior-based feature

Phishing happens beyond technology : the effects of human behaviors and demographics on each step of a phishing process

Prior studies have shown that the behaviours and attitudes of Internet users influence the likelihood of being victimised by phishing attacks. Many scammers design a step-by-step approach to phishing in order to gain the potential victim's trust and convince them to take the desired actions. It is important to understand which behaviours and attitudes can influence following the attacker in each step of a phishing scam. This will enable us to identify the root causes of phishing and to develop specific mitigation plans for each step of the phishing process and to increase prevention points. This study investigates to what extent people's risk-taking and decision-making styles influence the likelihood of phishing victimisation in three specific phishing steps. We asked participants to play a risk-taking game and to answer questions related to two psychological scales to measure their behaviours, and then conducted a simulated phishing campaign to assess their phishability throughout the three phishing steps selected. We find that the attitude to risk-taking and gender can predict users' phishability in the different steps selected. There are however other possible direct and indirect behavioural factors that could be investigated in future studies. The results of this study and the model developed can be used to build a comprehensive framework to prevent the success of phishing attempts, starting from their root causes

MAXIMUM PHISH BAIT: TOWARDS FEATURE BASED DETECTION OF PHISING USING MAXIMUM ENTROPY CLASSIFICATION TECHNIQUE

Several antiphishing methods have been employed with the primary task of automatically apprehending and ruling out or preventing phishing e-mail from users’ mail stream. Phishing attacks pose great threat to internet users and the extent can be enormous if unchecked. Two major category techniques that have been shown to be useful for classifying e-mail messages automatically include the rule based method which classifies email by using a set of heuristic rules and the statistical based approach which model e-mails statistically usually under a machine learning framework. The statistical based methods have been found in literature to outperform the rule based method. This study proposes the use of the Maximum Entropy Model, a generative model and show how it can be used in antiphishing tasks. The model based feature proposed by Bergholz et al (2008) will also be adopted. This has been found to outperform basic features proposed in previous studies. An experimental comparison of our approach with other generative and non-generative classifiers is also proposed. This approach is expected to perform comparably better than others method especially in the elimination of false positives

A Client based email phishing detection algorithm: case of phishing attacks in the banking industry

Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Systems Security (MSc.ISS) at Strathmore UniversityToday, the banking sector has been a target for many phishing attackers. The use of email as an electronic means of communication during working hours and mostly for official purposes has made it a lucrative attack vector. With the rapid growth of technology, phishing techniques have advanced as seen in the millions of cash lost by banks through email phishing yearly. This continues to be the case despite investments in spam filtering tools, monitoring tools as well as creating user awareness, through training of banking staff on how they can easily identify a phishing email. To protect bank users and prevent the financial loses through phishing attacks, it important to understand how phishing works as well as the techniques used to achieve it. Moreover, there is a great need to implement an anti-phishing algorithm that collectively checks against phishing linguistic techniques, existence of malicious links and malicious attachments. This can lead to an increase in the performance and accuracy of the designed tool towards detecting and flagging phishing emails thus preventing them from being read by target. Evolutionary prototyping methodology was applied during this research. The advantages are in the fact that it enabled continuous analysis and supervised learning of the algorithm development until the desired outcome was achieved. This research aimed at understanding the characteristic of phishing emails, towards achieving defence in depth through creation of an algorithm for detecting and flagging phishing emails. In this research, we have implemented a client-based anti-phishing algorithm. The algorithm is able to analyse phishing links, identify malicious email attachments and perform text classification using a Naïve Bayes classifier to identify phishing terms in a new unread email. It then flags the email as malicious and sends it to the spam folder. Therefore the user only gets clean emails in the inbox folder