A novel hybrid approach of SVM combined with NLP and probabilistic neural network for email phishing

Phishing attacks are one of the slanting cyber-attacks that apply socially engineered messages that are imparted to individuals from expert hackers going for tricking clients to uncover their delicate data, the most mainstream correspondence channel to those messages is through clients' emails. Phishing has turned into a generous danger for web clients and a noteworthy reason for money related misfortunes. Therefore, different arrangements have been created to handle this issue. Deceitful emails, also called phishing emails, utilize a scope of impact strategies to convince people to react, for example, promising a fiscal reward or summoning a feeling of criticalness. Regardless of far reaching alerts and intends to instruct clients to distinguish phishing sends, these are as yet a pervasive practice and a worthwhile business. The creators accept that influence, as a style of human correspondence intended to impact others, has a focal job in fruitful advanced tricks. Cyber criminals have ceaselessly propelling their techniques for assault. The current strategies to recognize the presence of such malevolent projects and to keep them from executing are static, dynamic and hybrid analysis. In this work we are proposing a hybrid methodology for phishing detection incorporating feature extraction and classification of the mails using SVM. At last, alongside the chose features, the PNN characterizes the spam mails from the genuine mails with more exactness and accuracy

Kuritegevus kui kommunikatsioon: diagnostiliselt kasuliku teabe tuvastamine manipulatsioonirünnete sisust ja kontekstist

Väitekirja elektrooniline versioon ei sisalda publikatsiooneTänapäevases teabe ülekülluse tingimustes on aina sagedasemaks muutunud erinevat tüüpi manipulatsiooniründed, mis jõuavad sõnumisaajateni e-kirjade, telefoni, lühisõnumite kui ka sotsiaalmeedia vahendusel. Tähelepanu hajutatuse, saabunud sõnumite tekitatud tugevate emotsioonide ning tõerääkimise eeldamise koostoime tõttu on manipulatsioonirünnete ohvriks langemine üha süvenev probleem, millega kaasnevad nii majanduslik kui ka vaimne kahju. Doktoritöö „Kuritegevus kui kommunikatsioon: diagnostiliselt kasuliku teabe tuvastamine manipulatsioonirünnete sisust ja kontekstist“ eesmärk on saada teada, millist manipulatsiooniründe ennetamise aspektist olulist teavet saavad sõnumisaajad rünnete toimepanemiseks kasutatud sõnumite sisust ning kontekstist. Eesmärgi saavutamiseks esitan väitekirjas kuritegevus kui kommunikatsioon käsituse, mis lähtub eeldusest, et iga tehnoloogia vahendatud keskkonnas toimuv tegevus tuleneb ja sõltub kommunikatsioonist. Doktoritöö aluseks olevates uurimustes kogutud e-kirjade ja rahvusvahelistes meediaväljaannetes kajastatud pettuste kirjelduste teksti- ja sisuanalüüsi tulemused võimaldasid selgitada mitmeid manipulatsioonirünnete tuvastamiseks kasulikke teabekilde. Manipulatsioonirünnete puhul on konkreetsel juhul kasutatavate kanalite, näiteks e-kirjade või telefonikõnede, mitmekesisuse tõttu olulisem mõista sõnumi saatja ja vastuvõtja vahel olemasoleva avatud kanali tähtsust. Avatud kanali olemasolul kasutavad manipulatsioonirünnete toimepanijad nii kasusaamisega meelitamist kui ka kahju kandmisega ähvardamist, et suunata sõnumite vastuvõtjaid viimastele kahju toovat tegu tegema. Samuti kohandavad mõned küberkurjategijad manipulatsioonirünnetes kasutatavate sõnumite sisu nii, et sõnumid sobituksid nende saatmise ajahetkel olulisse ühiskondlikku konteksti, näiteks COVID-19 viiruspandeemiaga seonduvasse.Under the current circumstances of information overload, social engineering attacks that reach recipients via e-mail, phone calls, text messages and social media have become an increasingly common occurrence. Our exhausted ability to pay attention, the strong emotions created by received messages and the default expectation of truth-telling have combined into a state where falling victim to social engineering attacks is a growing problem with severe financial and psychological consequences for the victims. For the purpose of preventing successful social engineering attacks, the dissertation “Crime-as-Communication: Detecting Diagnostically Useful Information from the Content and Context of Social Engineering Attacks” sought to find out the types of diagnostically useful information available to recipients from the content and context of social engineering attacks. To achieve this aim, the dissertation developed the Crime-as-Communication approach, which follows from the premise that all activities in technology-mediated environments are rooted in and dependent upon communication. Based on the results of qualitative text analysis and qualitative and quantitative content analysis applied to e-mails and descriptions of social engineering attacks reported in international media outlets, the dissertation established multiple informational aspects that help people detect social engineering attacks. Due to the variety of media, such as e-mails and phone calls, used in carrying out social engineering attacks, it is more important to acknowledge the overall significance of an open channel between message senders and recipients. Where an open channel is present, perpetrators use both gain-based appeals and loss-based threats to guide recipients into taking actions that end up harming them. Furthermore, some cybercriminals adapt the content of scam messages to fit the social context - such as the COVID-19 pandemic - salient at the time of circulating the messages.  https://www.ester.ee/record=b546643

Awareness and perception of phishing variants from Policing, Computing and Criminology students in Canterbury Christ Church University

This study focuses on gauging awareness of different phishing communication students in the School of Law, Policing and Social Sciences and the School of Engineering, Technology and Design in Canterbury Christ Church University and their perception of different phishing variants. There is an exploration of the underlying factors in which students fall victim to different types of phishing attacks from questionnaires and a focus group. The students’ perception of different types of phishing variants was varied from the focus group and anonymised questionnaires. A total of 177 respondents participated in anonymised questionnaires in the study. Students were asked a mixture of scenario-based questions on different phishing attacks, their awareness levels of security tools that can be used against some phishing variants, and if they received any phishing emails in the past. Additionally, 6 computing students in a focus group discussed different types of phishing attacks and recommended potential security countermeasures against them. The vulnerabilities and issues of anti-phishing software, firewalls, and internet browsers that have security toolbars are explained in the study against different types of phishing attacks. The focus group was with computing students and their knowledge about certain phishing variants was limited. The discussion within the focus group was gauging the computing students' understanding and awareness of phishing variants. The questionnaire data collection sample was with first year criminology and final year policing students which may have influenced the results of the questionnaire in terms of their understanding, security countermeasures, and how they identify certain phishing variants. The anonymised questionnaire awareness levels on different types of phishing fluctuated in terms of lack of awareness on certain phishing variants. Some criminology and policing students either did not know about phishing variants or had limited knowledge about different types of phishing communication, security countermeasures, the identifying features of a phishing message, and the precautions they should take against phishing variants from fraudsters

A personality-based behavioural model: Susceptibility to phishing on social networking sites

The worldwide popularity of social networking sites (SNSs) and the technical features they offer users have created many opportunities for malicious individuals to exploit the behavioral tendencies of their users via social engineering tactics. The self-representation and social interactions on SNSs encourage users to reveal their personalities in a way which characterises their behaviour. Frequent engagement on SNSs may also reinforce the performance of certain activities, such as sharing and clicking on links, at a “habitual” level on these sites. Subsequently, this may also influence users to overlook phishing posts and messages on SNSs and thus not apply sufficient cognitive effort in their decision-making. As users do not expect phishing threats on these sites, they may become accustomed to behaving in this manner which may consequently put them at risk of such attacks. Using an online survey, primary data was collected from 215 final-year undergraduate students. Employing structural equation modelling techniques, the associations between the Big Five personality traits, habits and information processing were examined with the aim to identify users susceptible to phishing on SNSs. Moreover, other behavioural factors such as social norms, computer self-efficacy and perceived risk were examined in terms of their influence on phishing susceptibility. The results of the analysis revealed the following key findings: 1) users with the personality traits of extraversion, agreeableness and neuroticism are more likely to perform habitual behaviour, while conscientious users are least likely; 2) users who perform certain behaviours out of habit are directly susceptible to phishing attacks; 3) users who behave out of habit are likely to apply a heuristic mode of processing and are therefore more susceptible to phishing attacks on SNSs than those who apply systematic processing; 4) users with higher computer self-efficacy are less susceptible to phishing; and 5) users who are influenced by social norms are at greater risk of phishing. This study makes a contribution to scholarship and to practice, as it is the first empirical study to investigate, in one comprehensive model, the relationship between personality traits, habit and their effect on information processing which may influence susceptibility to phishing on SNSs. The findings of this study may assist organisations in the customisation of an individual anti-phishing training programme to target specific dispositional factors in vulnerable users. By using a similar instrument to the one used in this study, pre-assessments could determine and classify certain risk profiles that make users vulnerable to phishing attacks.Thesis (PhD) -- Faculty of Commerce, Information Systems, 202

Digital Deception in the Online Dating Space: A Study of Tinder

As technology continues to impart its worldview, the role of communication in the navigation of dating in online spaces has also evolved. This study examines the relationship between communication and digital deception within a selected population of Tinder users. Tinder is a geo-social, location-aware dating application that is used by millions of people around the world. There are three fundamentally specific objectives of this research, which include: first, examining the ways in which dating apps increase the possibility of digital deception; second, exploring ways in which Tinder\u27s design and functionality contribute to the occurrence of digital deception; and finally, identifying and examining the impacts of online deception, particularly in the context of dating apps, on human communication and relationship formation. To obtain first-hand perceptions of online representation and digital deception on Tinder (and as with other online social platforms), 51 Tinder users from Nigeria and Canada were surveyed through their responses to a questionnaire distributed on June 20 and July 11, 2023. The findings of this study suggest that the use of dating apps among youths has increased, leading to prevalent lying and distrust. In the context of using Tinder among the sampled population, Tinder\u27s design, functionality, and online communication in general facilitate and contribute to instances of digital deception, as its affordances only give room to do little, hence, there is often an attempt to ‘put best foot forward’ and the tendency of lying becomes imminent. Appearance influences deception, but some still trust online dating for meaningful connections; platforms should promote honesty

Don’t click : towards an effective anti-phishing training. A comparative literature review

Email is of critical importance as a communication channel for both business and personal matters. Unfortunately, it is also often exploited for phishing attacks. To defend against such threats, many organizations have begun to provide anti-phishing training programs to their employees. A central question in the development of such programs is how they can be designed sustainably and effectively to minimize the vulnerability of employees to phishing attacks. In this paper, we survey and categorize works that consider different elements of such programs via a clearly laid-out methodology, and identify key findings in the technical literature. Overall, we find that researchers agree on the answers to many relevant questions regarding the utility and effectiveness of anti-phishing training. However, we identified influencing factors, such as the impact of age on the success of anti-phishing training programs, for which mixed findings are available. Finally, based on our comprehensive analysis, we describe how a well-founded anti-phishing training program should be designed and parameterized with a set of proposed research directions

The Effect of Personality on SMS Phishing Vulnerability

In the last decade, cybercrime has sought to bypass technical security in place by focusing in people. Recently more attention has been given to the security of mobile devices. However, very little research has investigated the human factors of mobile phishing. This thesis investigates human aspects in relation to SMS phishing. Based on our findings, we present recommendations and opportunities for research that will help the security community to better understand phishing attacks and educate mobile users against them. The first study reports the results of a qualitative investigation of what people think and feel about mobile security. The study presents this investigation temporally by means of a series of interviews performed sequentially in multiple stages. A variation was noted in the users' responses and a theory was developed to explain such variation. The study proposed a grounded theory that suggested that human security attitude is strongly influenced by their agreeableness, conscientiousness and extraversion personality traits. The developed theory suggested that this general behaviour is moderated by individuals’ knowledge and past error-in-judgement experiences. The theory was tested via three further studies (one lab study and two experimental studies). The results suggest that the personality traits Assertiveness and Extraversion affect humans’ phishing vulnerability. To the best of our knowledge, the three studies are the first empirical studies of the human aspects involved in SMS phishing. The thesis embraces both quantitative and qualitative analysis approaches. The quantitative analysis helped in isolating the personality traits Assertiveness and Extraversion while the qualitative analysis helped us understand how individuals reason about their behaviour