Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies

Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing website attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing website attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed

Analyzing Social and Stylometric Features to Identify Spear phishing Emails

Spear phishing is a complex targeted attack in which, an attacker harvests information about the victim prior to the attack. This information is then used to create sophisticated, genuine-looking attack vectors, drawing the victim to compromise confidential information. What makes spear phishing different, and more powerful than normal phishing, is this contextual information about the victim. Online social media services can be one such source for gathering vital information about an individual. In this paper, we characterize and examine a true positive dataset of spear phishing, spam, and normal phishing emails from Symantec's enterprise email scanning service. We then present a model to detect spear phishing emails sent to employees of 14 international organizations, by using social features extracted from LinkedIn. Our dataset consists of 4,742 targeted attack emails sent to 2,434 victims, and 9,353 non targeted attack emails sent to 5,912 non victims; and publicly available information from their LinkedIn profiles. We applied various machine learning algorithms to this labeled data, and achieved an overall maximum accuracy of 97.76% in identifying spear phishing emails. We used a combination of social features from LinkedIn profiles, and stylometric features extracted from email subjects, bodies, and attachments. However, we achieved a slightly better accuracy of 98.28% without the social features. Our analysis revealed that social features extracted from LinkedIn do not help in identifying spear phishing emails. To the best of our knowledge, this is one of the first attempts to make use of a combination of stylometric features extracted from emails, and social features extracted from an online social network to detect targeted spear phishing emails.Comment: Detection of spear phishing using social media feature

A socio-cognitive and computational model for decision making and user modelling in social phishing

Systems software quality, and system security in particular, is often compromised by phishing attacks. The latter were relatively easy to detect through phishing content filters, in the past. However, it has been increasingly difficult to stop more recent and sophisticated social phishing attacks. To protect the citizens from new types of phishing attacks, software quality engineers need to provide equally sophisticating preventive technology that models people’s reactions. The authors considered the behaviour of people on the Internet from a socio-cognitive perspective and deduced who could be more prone to be spoofed by social phishing techniques. The authors herein propose a computational and interdisciplinary metamodelling methodology, which can assist in capturing and understanding people’s interactive behaviour when they are online. Online behaviour can reveal Internet users’ knowledge, information, and beliefs in a given social context; these could also constitute significant factors for trust in social phishing circumstances which, in turn, can provide valuable insights and decision making meta-knowledge for recognition of potential victims of phishers. The proposed modelling approach is illustrated and explained using real-life phishing cases. This meta-model can i) help social computing and phishing researchers to understand users’ trust decisions from a socio-cognitive perspective, and ii) open ways to integrate artificial intelligence design techniques within software quality management practices in order to protect citizens from being spoofed by social phishing attacks. Thus, this software design quality approach will increase system security as a proactive maintenance strategy

Predicting Phishing Websites using Neural Network trained with Back-Propagation

Phishing is increasing dramatically with the development of modern technologies and the global worldwide computer networks. This results in the loss of customer’s confidence in e-commerce and online banking, financial damages, and identity theft. Phishing is fraudulent effort aims to acquire sensitive information from users such as credit card credentials, and social security number. In this article, we propose a model for predicting phishing attacks based on Artificial Neural Network (ANN). A Feed Forward Neural Network trained by Back Propagation algorithm is developed to classify websites as phishing or legitimate. The suggested model shows high acceptance ability for noisy data, fault tolerance and high prediction accuracy with respect to false positive and false negative rates

An Exploration of Phishing Information Sharing: A Heuristic-Systematic Approach

Phishing is an attempt to acquire sensitive information from a user by malicious means. The losses due to phishing have exceeded a trillion dollars globally. Social media has provided an alternate to sharing information about phishing online. However, very little attention has been paid to phishing information sharing on social media. In this paper, we explore the risk characteristics of phishing information on social media, and investigate its effect on people’s sharing of information regarding phishing. We address the research questions: (a) how do people decide which phishing information to share? (b) what aspects of phishing information are more or less consequential in influencing a user to share it? The findings suggest that the phishing messages that afford coping strategies, and come from users with higher credibility are likely to achieve higher level of sharing

Phishing-Attack, Detection and Prevention

Social Engineering is the process of deceiving people to reveal confidential information about themselves. There are various categories of Social Engineering, among which Phishing is the most frequently used attack nowadays; a new phishing site is created on the internet every 20 seconds and more than seventy percent of phishing emails are opened by their targets. From fraudulent emails to deploying malicious softwares on people\u27s computers, phishing has become one of the main concerns that bothers the common people. There are various types of phishing such as Vishing (voice phishing), Email phishing, Smishing (SMS phishing) and many more, out of which we are going to deal with the email phishing. Email phishing is the practice of getting emails with malicious intents. The initial effort involved simulating potential phishing attacks within a controlled setup leading to devising a solution on how to detect and prevent clicking on the malicious links by common netizens like us. The developed Machine Learning (ML) model was able to classify the vulnerable links with 97.88% training and 96.4% testing accuracies respectively. Overall, the work provides a comprehensive overview of the state-of-the-art in ML based phishing email detection, and highlights the potential of ML techniques to enhance the security of individuals and organizations against phishing attacks. Keywords : Social Engineering, Natural Language Processing, Sentimental analysis, Email Scams, CyberSecurity Automation, Individuals, Organizationshttps://ecommons.udayton.edu/stander_posters/3904/thumbnail.jp