An educational experiment in discovering spear phishing attacks / Ett utbildningsexperiment för att upptäcka spear phishing attacker

Floderus, Sebastian, Rosenholm, Linus

January 2019

Background: Spear phishing attacks uses social engineering targeting a specific person to steal credential information or infect the users computer with malware. It is often done through emails and it can be very hard to spot the difference between a legitimate email and a scam email. Cybercrime is a growing problem and there is many ways to inform and educate individuals on the subject.Objectives: This study intends to perform an experiment to see if an educationalsupport tool can be used to better identify phishing emails. Furthermore see if there is a difference in susceptibility between students from different university programs. Methods: A qualitative research study was used to get the necessary understanding how to properly develop a phishing educational tool. A Pretest-Posttest experiment is done to see if there is an improvement in result between an experimental group that received education and the control group that did not. Results: The result shows an overall higher score for the technical program compared to the non-technical. Comparing the pretest with the posttest shows an increase in score for the non-technical program and a decrease in score for the technical program. Furthermore 58% of the non-technical students who started the test did not complete it. Conclusions: There is a noticeable difference in susceptibility between the programs for detecting scam emails for students. However further research is needed in order to explore to what extent the education process had an impact.

Phishing

Spear-phishing

Experiment

Security awareness

Computer Sciences

Datavetenskap (datalogi)

Learning

Lärande

Categorization of Phishing Detection Features And Using the Feature Vectors to Classify Phishing Websites

January 2017

abstract: Phishing is a form of online fraud where a spoofed website tries to gain access to user's sensitive information by tricking the user into believing that it is a benign website. There are several solutions to detect phishing attacks such as educating users, using blacklists or extracting phishing characteristics found to exist in phishing attacks. In this thesis, we analyze approaches that extract features from phishing websites and train classification models with extracted feature set to classify phishing websites. We create an exhaustive list of all features used in these approaches and categorize them into 6 broader categories and 33 finer categories. We extract 59 features from the URL, URL redirects, hosting domain (WHOIS and DNS records) and popularity of the website and analyze their robustness in classifying a phishing website. Our emphasis is on determining the predictive performance of robust features. We evaluate the classification accuracy when using the entire feature set and when URL features or site popularity features are excluded from the feature set and show how our approach can be used to effectively predict specific types of phishing attacks such as shortened URLs and randomized URLs. Using both decision table classifiers and neural network classifiers, our results indicate that robust features seem to have enough predictive power to be used in practice. / Dissertation/Thesis / Masters Thesis Computer Science 2017

Computer science

classification

hosting domain

Neural networks

Phishing

predict phishing

website features

Anti-phishing system : Detecting phishing e-mail

Mei, Yuanxun

January 2008

Because of the development of the Internet and the rapid increase of the electronic commercial, the incidents on stealing the consumers' personal identify data and financial account credentials are becoming more and more common. This phenomenon is called phishing. Now phishing is so popular that web sites such as papal , eBay, MSN, Best Buy, and America Online are frequently spoofed by phishers. What’s more, the amount of the phishing sites is increasing at a high rate. The aim of the report is to analyze different phishing phenomenon and help the readers to identify phishing attempts. Another goal is to design an anti-phishing system which can detect the phishing e-mails and then perform some operations to protect the users. Since this is a big project, I will focus on the mail detecting part that is to analyze the detected phishing emails and extract details from these mails. A list of the most important information of this phishing mail is extracted, which contains “mail subject”, “ mail received date”, “targeted user”, “the links”, and “expiration and creation date of the domain”. The system can presently extract this information from 40% of analyzed e-mails.

Phishing

Anti-phishing

Pharming

Email

Domain name

Computer Sciences

Datavetenskap (datalogi)

A Multi-Variate Analysis of SMTP Paths and Relays to Restrict Spam and Phishing Attacks in Emails

Palla, Srikanth

12 1900

The classifier discussed in this thesis considers the path traversed by an email (instead of its content) and reputation of the relays, features inaccessible to spammers. Groups of spammers and individual behaviors of a spammer in a given domain were analyzed to yield association patterns, which were then used to identify similar spammers. Unsolicited and phishing emails were successfully isolated from legitimate emails, using analysis results. Spammers and phishers are also categorized into serial spammers/phishers, recent spammers/phishers, prospective spammers/phishers, and suspects. Legitimate emails and trusted domains are classified into socially close (family members, friends), socially distinct (strangers etc), and opt-outs (resolved false positives and false negatives). Overall this classifier resulted in far less false positives when compared to current filters like SpamAssassin, achieving a 98.65% precision, which is well comparable to the precisions achieved by SPF, DNSRBL blacklists.

Electronic mail systems -- Management.

Spam (Electronic mail)

Phishing.

spam

phishing

Eigen-behavior

Assessing Ransomware Mitigation Strategies in Swedish Organizations: A Focus on Phishing Emails

Liedgren, Johan, von Bonsdorff, Felix

January 2023

Ransomware has been a growing threat to today's organizations, with irreparable damages and billions of dollars lost, it is crucial for organizations to implement mitigation strategies that can counter these attacks. With phishing attempts being the primary attack vector, it is evident that organizations need to implement the best practices in order to avoid the consequences. Thus, this study addresses the question “How do the actual ransomware mitigation strategies implemented by Swedish organizations compare to the best practices suggested in literature, with a focus on phishing emails as a common means of ransomware transmission?” The study was conducted by utilizing semi-structured interviews and interviewing five participants that work or have worked as IT-security consultants which are then summarized and analyzed with a thematic analysis approach. Seven relevant themes and fifteen sub-themes were introduced and analyzed in order to answer the proposed research question: attack vector, security awareness training, technical solutions, challenges of solutions, frameworks, evolution and keeping yourself updated. All participants were contacted via Linkedin and the interviews were done virtually via Zoom. The findings of this study shows that Swedish organizations utilize a minimal amount of ransomware mitigation strategies due to the lack of resources, care and overall awareness regarding the topic. According to the interviewed participants, basic forms of technical solutions and administrative solutions are mostly implemented, however they are a lacking form of medium and can generally be bypassed easily. The primary factors that were brought up and introduced was security awareness training and technical solutions. Essentially, it all boils down to employee’s incompetence and lack of security awareness. No matter how many technical solutions that are implemented within an organization, if an employee is not aware that they shouldn’t click on malicious links, an infection might spread.

Ransomware

ransomware mitigation

phishing

phishing emails

malware prevention strategies

Computer Sciences

Datavetenskap (datalogi)

Nätfiske – Ett säkerhetshot mot äldre i Sverige

Bodair, Karim, Fagerström, Felicia

January 2021

Nätfiske har blivit ett allt vanligare tillvägagångssätt för bedragare som vill komma åt individers känsliga information. Särskilt nätfiske riktat mot äldre individer har ökat på senare tid och klassificeras som ett av de vanligaste brotten. Problemet i denna studie belyses utifrån ett användarperspektiv, där äldres medvetenhet gällande nätfiske kommer att centreras. För att uppfylla detta har följande frågeställning konstruerats, ”Vilken medvetenhet har personer som är 60 år och äldre i Sverige gällande nätfiske?”. För att samla in empiri till denna studie valdes surveyundersökning som forskningsstrategi. Datainsamlingsmetoden består av en enkät som skickades ut till äldre individer via olika internetforum. Den insamlade datan har analyserats med hjälp av chi-2 fördelning och Pearsons korrelationskoefficient. Resultatet påvisade att majoriteten av respondenterna inte ansåg sig vara medvetna om nätfiske. Det påvisades inga skillnader mellan kön men det framkom ett statistiskt samband mellan respondenternas noggrannhet att undersöka webbsidor och deras förmåga att identifiera ett förfalskat e-postmeddelande. / Phishing has become an increasingly common approach for fraudsters who want to access individual's sensitive information. Especially phishing aimed at older people has increased in recent times and is classified as one of the most common crimes. The problem in this study illustrates from a user perspective, where the elderly's awareness of phishing will be centered. To fulfill this study the following framing of question have been constructed, “which awareness do people who are 60 years and older have in Sweden regarding phishing?”. To gather empirical data for this study, survey research was chosen as the research strategy. The data collection method consists of a survey that was sent out to older individuals through various internet forums. The collected data were analyzed using chi-2 distribution and Pearson's correlation coefficient. The results showed that the majority of the respondents did not consider themselves aware of phishing. No gender differences were detected, but a statistical relationship was found between respondents' accuracy in examining web pages and their ability to identify a forged e-mail message.

Phishing

Phishingattacks

Phishing awareness

Social engineering

Nätfiske

Nätfiskeattacker

Nätfiske medvetenhet

Social manipulation

Computer Sciences

Datavetenskap (datalogi)

Intelligent phishing website detection system using fuzzy techniques

Aburrous, Maher R., Hossain, M. Alamgir, Thabatah, F., Dahal, Keshav P.

January 2008

Phishing websites are forged web pages that are created by malicious people to mimic web pages of real websites and it attempts to defraud people of their personal information. Detecting and identifying Phishing websites is really a complex and dynamic problem involving many factors and criteria, and because of the subjective considerations and the ambiguities involved in the detection, Fuzzy Logic model can be an effective tool in assessing and identifying phishing websites than any other traditional tool since it offers a more natural way of dealing with quality factors rather than exact values. In this paper, we present novel approach to overcome the `fuzziness¿ in traditional website phishing risk assessment and propose an intelligent resilient and effective model for detecting phishing websites. The proposed model is based on FL operators which is used to characterize the website phishing factors and indicators as fuzzy variables and produces six measures and criteria¿s of website phishing attack dimensions with a layer structure. Our experimental results showed the significance and importance of the phishing website criteria (URL & Domain Identity) represented by layer one, and the variety influence of the phishing characteristic layers on the final phishing website rate.

Phishing

Fuzzy logic

Risk assessment

Phishing website criteria

Website detection and identification

Phishing : En innehållsanalys av phishing på webben

Ghani, Hajra

January 2016

The goal with this research has been to answer questions related to social engineeringbased phishing attacks: email phishing and website phishing. This study answers questions like why these attacks occur, which type of internet users easily get tricked by phishers, Moreover this study consist of different defense mechanisms that exist against the attacks, weaknesses in them, examples to improve them and other technical solutions against them. Often the attacks consist of a combination of both email phishing and website phishing. A link can be sent to a user via email that leads to a phishing site where the user get tricked into submitting personal information.These attacks aims to steal personal information and money from users. There are anti-phishing tools in web browsers and mailsystems to protect the user. There are special phishingfilters and features that can protect users from phishing mails and detect them. Users who get attacked by phishers are those who lack knowledge about them. But since high educated people and security experts also fall for phishing beacuse phishers develop new techniques and strategies to attack users, more advanced techniques in web browsers and mail systems are needed. This study was done through a systematic litterture review where 10 articles where chosen. These articles where studied and summarised through a content analysis. / Målet med denna undersökning har varit att besvara frågor relaterat till social engineeringbaserade phishngattacker: email phishing och website phishing. Den här studien tar upp varför dessa attacker utförs, vilka användare som mest blir drabbade av de. Vidare handlar studien om olika skyddsmekanismer som existerar mot attackerna, vilka bristerna det finns i de, eventuella förbättringsförslag och förslag på andra tekniska lösningar. Oftast sker attackerna genom en kombination av email phishing och website phishing. En skadlig länk kan skickas till en användare via mail som leder till en phishingsida där användaren blir lurad till att fylla i privata uppgifter om sig själv. Dessa attacker sker främst för att stjäla personuppgifter och leder oftast till att en användare blir drabbad finansiellt. Det finns olika anti-phishing verktyg i webbläsare och mailsystem för att skydda användare. Mot email phishing finns speciella phishingfilter och olika kännetecken som hjälper till att skydda mot skadliga mail och upptäcka de. De flesta som blir drabbade av phishing är just användare som ej är medvetna om vad phishing är. Men eftersom det visat sig att även högutbildade människor och säkerhetsexperter faller för phishing då phisher utvecklar nya tekniker och strategier att utföra attacker, krävs det mer avancerade tekniska lösningar i webbläsare och mailsystem. Studien har genomförts med hjälp av en systematisk litteraturstudie, där 10 artiklar valdes ut. Dessa artiklar bearbetades och sammanfattades genom en innehållsanalys.

social engineeringbased

email phishing

website phishing antiphishingverktyg

phishingfilter

systematic litterature review

content analysis

social engineeringbaserade

email phishing

website phishing

antiphishingverktyg

phishingfilter

systematisk litteraturstudie

innehållsanalys

Information Systems

System för att upptäcka Phishing : Klassificering av mejl

Karlsson, Nicklas

January 2008

<p>Denna rapport tar en titt på phishing-problemet, något som många har råkat ut för med bland annat de falska Nordea eller eBay mejl som på senaste tiden har dykt upp i våra inkorgar, och ett eventuellt sätt att minska phishingens effekt. Fokus i rapporten ligger på klassificering av mejl och den huvudsakliga frågeställningen är: ”Är det, med hög träffsäkerhet, möjligt att med hjälp av ett klassificeringsverktyg sortera ut mejl som har med phishing att göra från övrig skräppost.” Det visade sig svårare än väntat att hitta phishing mejl att använda i klassificeringen. I de klassificeringar som genomfördes visade det sig att både metoden Naive Bayes och med Support Vector Machine kan hitta upp till 100 % av phishing mejlen. Rapporten pressenterar arbetsgången, teori om phishing och resultaten efter genomförda klassificeringstest.</p> / <p>This report takes a look at the phishing problem, something that many have come across with for example the fake Nordea or eBay e-mails that lately have shown up in our e-mail inboxes, and a possible way to reduce the effect of phishing. The focus in the report lies on classification of e-mails and the main question is: “Is it, with high accuracy, possible with a classification tool to sort phishing e-mails from other spam e-mails.” It was more difficult than expected to find phishing e-mails to use in the classification. The classifications that were made showed that it was possible to find up to 100 % of the phishing e-mails with both Naive Bayes and with Support Vector Machine. The report presents the work done, facts about phishing and the results of the classification tests made.</p>

Phishing

spam

classification

Naive Bayes

Support Vector Machine

RainBow

Cygwin

Anti-Phishing Working Group

spam filer

Phishing

nätfiske

spam

skräppost

klassificering

Naive Bayes

Support Vector Machine

RainBow

Cygwin

Anti-Phishing Working Group

spamfiler

Computer science

Datalogi

Token-based Graphical Password Authentication

Gyorffy, John

Unknown Date

No description available.

Graphical Password

Phishing

USB token

Internet security

Trojan