10,679 research outputs found

    Detecting and characterizing lateral phishing at scale

    Get PDF
    We present the first large-scale characterization of lateral phishing attacks, based on a dataset of 113 million employee-sent emails from 92 enterprise organizations. In a lateral phishing attack, adversaries leverage a compromised enterprise account to send phishing emails to other users, benefit-ting from both the implicit trust and the information in the hijacked user's account. We develop a classifier that finds hundreds of real-world lateral phishing emails, while generating under four false positives per every one-million employee-sent emails. Drawing on the attacks we detect, as well as a corpus of user-reported incidents, we quantify the scale of lateral phishing, identify several thematic content and recipient targeting strategies that attackers follow, illuminate two types of sophisticated behaviors that attackers exhibit, and estimate the success rate of these attacks. Collectively, these results expand our mental models of the 'enterprise attacker' and shed light on the current state of enterprise phishing attacks

    High Accuracy Phishing Detection Based on Convolutional Neural Networks

    Get PDF
    The persistent growth in phishing and the rising volume of phishing websites has led to individuals and organizations worldwide becoming increasingly exposed to various cyber-attacks. Consequently, more effective phishing detection is required for improved cyber defence. Hence, in this paper we present a deep learning-based approach to enable high accuracy detection of phishing sites. The proposed approach utilizes convolutional neural networks (CNN) for high accuracy classification to distinguish genuine sites from phishing sites. We evaluate the models using a dataset obtained from 6,157 genuine and 4,898 phishing websites. Based on the results of extensive experiments, our CNN based models proved to be highly effective in detecting unknown phishing sites. Furthermore, the CNN based approach performed better than traditional machine learning classifiers evaluated on the same dataset, reaching 98.2% phishing detection rate with an F1-score of 0.976. The method presented in this pa-per compares favourably to the state-of-the art in deep learning based phishing website detection

    How Good Are We at Detecting a Phishing Attack? Investigating the Evolving Phishing Attack Email and Why It Continues to Successfully Deceive Society

    Get PDF
    Phishing attacks are on the increase. The fact that our ways of living, studying and working have drastically changed as a result of the COVID pandemic (i.e., almost everything being done online) has created many new cyber security concerns. In particular, with the move to remote working, the number of phishing emails threatening employees has increased. The 2020 Phishing Attack Landscape Report (Greathorn: 2020 Phishing attack landscape. https://info.greathorn.com/report-2020-phishing-attack-landscape/, 2020) highlights a sharp increase in the frequency of attempted phishing attacks. In this paper, we are interested in how the phishing email attack has evolved to this very threatening state. In detail, we explore the current phishing attack characteristics especially the growing challenges that have emerged as a result of the COVID-19 pandemic. The paper documents a study that presented test participants with five different categories of emails (including phishing and non phishing) . The findings from the study show that participants, generally, found it difficult to detect modern phishing email attacks. Saying that, participants were alert to the spelling mistakes of the older phishing email attacks, sensitive information being requested from them and any slight change to what they were normally used to from an email. Moreover, we have found that people were not confident, worried and often dissatisfied with the current technologies available to protect them against phishing emails. In terms of trust, these feelings alerted us to the increasing severity of the phishing attack situation and just how vulnerable society has become/ still is

    AN ENHANCEMENT ON TARGETED PHISHING ATTACKS IN THE STATE OF QATAR

    Get PDF
    The latest report by Kaspersky on Spam and Phishing, listed Qatar as one of the top 10 countries by percentage of email phishing and targeted phishing attacks. Since the Qatari economy has grown exponentially and become increasingly global in nature, email phishing and targeted phishing attacks have the capacity to be devastating to the Qatari economy, yet there are no adequate measures put in place such as awareness training programmes to minimise these threats to the state of Qatar. Therefore, this research aims to explore targeted attacks in specific organisations in the state of Qatar by presenting a new technique to prevent targeted attacks. This novel enterprise-wide email phishing detection system has been used by organisations and individuals not only in the state of Qatar but also in organisations in the UK. This detection system is based on domain names by which attackers carefully register domain names which victims trust. The results show that this detection system has proven its ability to reduce email phishing attacks. Moreover, it aims to develop email phishing awareness training techniques specifically designed for the state of Qatar to complement the presented technique in order to increase email phishing awareness, focused on targeted attacks and the content, and reduce the impact of phishing email attacks. This research was carried out by developing an interactive email phishing awareness training website that has been tested by organisations in the state of Qatar. The results of this training programme proved to get effective results by training users on how to spot email phishing and targeted attacks

    Phishing-Attack, Detection and Prevention

    Get PDF
    Social Engineering is the process of deceiving people to reveal confidential information about themselves. There are various categories of Social Engineering, among which Phishing is the most frequently used attack nowadays; a new phishing site is created on the internet every 20 seconds and more than seventy percent of phishing emails are opened by their targets. From fraudulent emails to deploying malicious softwares on people\u27s computers, phishing has become one of the main concerns that bothers the common people. There are various types of phishing such as Vishing (voice phishing), Email phishing, Smishing (SMS phishing) and many more, out of which we are going to deal with the email phishing. Email phishing is the practice of getting emails with malicious intents. The initial effort involved simulating potential phishing attacks within a controlled setup leading to devising a solution on how to detect and prevent clicking on the malicious links by common netizens like us. The developed Machine Learning (ML) model was able to classify the vulnerable links with 97.88% training and 96.4% testing accuracies respectively. Overall, the work provides a comprehensive overview of the state-of-the-art in ML based phishing email detection, and highlights the potential of ML techniques to enhance the security of individuals and organizations against phishing attacks. Keywords : Social Engineering, Natural Language Processing, Sentimental analysis, Email Scams, CyberSecurity Automation, Individuals, Organizationshttps://ecommons.udayton.edu/stander_posters/3904/thumbnail.jp

    Attacking logo-based phishing website detectors with adversarial perturbations

    Full text link
    Recent times have witnessed the rise of anti-phishing schemes powered by deep learning (DL). In particular, logo-based phishing detectors rely on DL models from Computer Vision to identify logos of well-known brands on webpages, to detect malicious webpages that imitate a given brand. For instance, Siamese networks have demonstrated notable performance for these tasks, enabling the corresponding anti-phishing solutions to detect even "zero-day" phishing webpages. In this work, we take the next step of studying the robustness of logo-based phishing detectors against adversarial ML attacks. We propose a novel attack exploiting generative adversarial perturbations to craft "adversarial logos" that evade phishing detectors. We evaluate our attacks through: (i) experiments on datasets containing real logos, to evaluate the robustness of state-of-the-art phishing detectors; and (ii) user studies to gauge whether our adversarial logos can deceive human eyes. The results show that our proposed attack is capable of crafting perturbed logos subtle enough to evade various DL models-achieving an evasion rate of up to 95%. Moreover, users are not able to spot significant differences between generated adversarial logos and original ones.Comment: To appear in ESORICS 202

    Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets

    Get PDF
    Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they require a large amount of training data and are not adept at detecting phishing attacks against new targets. In this paper, we begin with two core observations: (a) although phishers try to make a phishing webpage look similar to its target, they do not have unlimited freedom in structuring the phishing webpage, and (b) a webpage can be characterized by a small set of key terms, how these key terms are used in different parts of a webpage is different in the case of legitimate and phishing webpages. Based on these observations, we develop a phishing detection system with several notable properties: it requires very little training data, scales well to much larger test data, is language-independent, fast, resilient to adaptive attacks and implemented entirely on client-side. In addition, we developed a target identification component that can identify the target website that a phishing webpage is attempting to mimic. The target detection component is faster than previously reported systems and can help minimize false positives in our phishing detection system.Peer reviewe

    Character and Word Embeddings for Phishing Email Detection

    Get PDF
    Phishing attacks are among the most common malicious activities on the Internet. During a phishing attack, cybercriminals present themselves as a trusted organization or individual. Their goal is to lure people to enter their private information, such as passwords and bank card numbers, while believing that nothing malicious is happening. The attack often starts with a phishing email, which is an email that is very similar to a legitimate email, but usually contains links to malicious websites or uses some other techniques to mislead victims. To prevent phishing attacks, it is crucial to detect phishing emails and remove them from email inbox folders. In this paper, a neural network based phishing email detection model is proposed. In comparison to some earlier approaches, our model does not use manually engineered input features. It learns character and word embeddings directly from email texts, and uses them to extract local and global features using convolutional and recurrent layers, respectively. Our model is tested on the two commonly used datasets for phishing email detection, the SpamAssassin Public Corpus and Nazario Phishing Corpus, and it achieves an accuracy of 99.81 % and F_1-score of 99.74 %, which is on par or better than the current state-of-the-art approaches

    Towards a Multi-Layered Phishing Detection.

    Get PDF
    Phishing is one of the most common threats that users face while browsing the web. In the current threat landscape, a targeted phishing attack (i.e., spear phishing) often constitutes the first action of a threat actor during an intrusion campaign. To tackle this threat, many data-driven approaches have been proposed, which mostly rely on the use of supervised machine learning under a single-layer approach. However, such approaches are resource-demanding and, thus, their deployment in production environments is infeasible. Moreover, most previous works utilise a feature set that can be easily tampered with by adversaries. In this paper, we investigate the use of a multi-layered detection framework in which a potential phishing domain is classified multiple times by models using different feature sets. In our work, an additional classification takes place only when the initial one scores below a predefined confidence level, which is set by the system owner. We demonstrate our approach by implementing a two-layered detection system, which uses supervised machine learning to identify phishing attacks. We evaluate our system with a dataset consisting of active phishing attacks and find that its performance is comparable to the state of the art

    Identification of Phishing Attacks using Machine Learning Algorithm

    Get PDF
    Phishing is a particular type of cybercrime that allows criminals to trick people and steal crucial data. The phishing assault has developed into a more complex attack vector since the first instance was published in 1990. Phishing is currently one of the most prevalent types of online fraud behavior. Phishing is done using a number of methods, such as through emails, phone calls, instant chats, adverts, pop-up windows on websites, and DNS poisoning. Phishing attacks can cause their victims to suffer significant losses, including the loss of confidential information, identity theft, businesses, and state secrets. By examining current phishing practises and assessing the state of phishing, this article seeks to assess these attacks. This article offers a fresh, in-depth model of phishing that takes into account attack stages, different types of attackers, threats, targets, attack media, and attacking strategies. Here, we categorise websites as real or phishing websites using machine learning techniques including Random Forest, XGBoost, and Logistic Regression. Additionally, the proposed anatomy will aid readers in comprehending the lifespan of a phishing attack, raising awareness of these attacks and the strategies employed as well as aiding in the creation of a comprehensive anti-phishing system
    corecore