Matching Items (5)
153487-Thumbnail Image.png
Description
Internet browsers are today capable of warning internet users of a potential phishing attack. Browsers identify these websites by referring to blacklists of reported phishing websites maintained by trusted organizations like Google, Phishtank etc. On identifying a Unified Resource Locator (URL) requested by a user as a reported phishing URL,

Internet browsers are today capable of warning internet users of a potential phishing attack. Browsers identify these websites by referring to blacklists of reported phishing websites maintained by trusted organizations like Google, Phishtank etc. On identifying a Unified Resource Locator (URL) requested by a user as a reported phishing URL, browsers like Mozilla Firefox and Google Chrome display an 'active' warning message in an attempt to stop the user from making a potentially dangerous decision of visiting the website and sharing confidential information like username-password, credit card information, social security number etc.

However, these warnings are not always successful at safeguarding the user from a phishing attack. On several occasions, users ignore these warnings and 'click through' them, eventually landing at the potentially dangerous website and giving away confidential information. Failure to understand the warning, failure to differentiate different types of browser warnings, diminishing trust on browser warnings due to repeated encounter are some of the reasons that make users ignore these warnings. It is important to address these factors in order to eventually improve a user’s reaction to these warnings.

In this thesis, I propose a novel design to improve the effectiveness and reliability of phishing warning messages. This design utilizes the name of the target website that a fake website is mimicking, to display a simple, easy to understand and interactive warning message with the primary objective of keeping the user away from a potentially spoof website.
ContributorsSharma, Satyabrata (Author) / Bazzi, Rida (Thesis advisor) / Walker, Erin (Committee member) / Gaffar, Ashraf (Committee member) / Arizona State University (Publisher)
Created2015
155726-Thumbnail Image.png
Description
Phishing is a form of online fraud where a spoofed website tries to gain access to user's sensitive information by tricking the user into believing that it is a benign website. There are several solutions to detect phishing attacks such as educating users, using blacklists or extracting phishing characteristics found

Phishing is a form of online fraud where a spoofed website tries to gain access to user's sensitive information by tricking the user into believing that it is a benign website. There are several solutions to detect phishing attacks such as educating users, using blacklists or extracting phishing characteristics found to exist in phishing attacks. In this thesis, we analyze approaches that extract features from phishing websites and train classification models with extracted feature set to classify phishing websites. We create an exhaustive list of all features used in these approaches and categorize them into 6 broader categories and 33 finer categories. We extract 59 features from the URL, URL redirects, hosting domain (WHOIS and DNS records) and popularity of the website and analyze their robustness in classifying a phishing website. Our emphasis is on determining the predictive performance of robust features. We evaluate the classification accuracy when using the entire feature set and when URL features or site popularity features are excluded from the feature set and show how our approach can be used to effectively predict specific types of phishing attacks such as shortened URLs and randomized URLs. Using both decision table classifiers and neural network classifiers, our results indicate that robust features seem to have enough predictive power to be used in practice.
ContributorsNamasivayam, Bhuvana Lalitha (Author) / Bazzi, Rida (Thesis advisor) / Zhao, Ziming (Committee member) / Liu, Huan (Committee member) / Arizona State University (Publisher)
Created2017
Description

During October 2022, I contributed to the annual Cybersecurity Awareness Month (CSAM) program at Arizona State University (ASU). 4 cybersecurity domains were explored during the month: phishing, password hygiene, physical security, and social media security. The scope of my work involved designing and developing activities related to phishing and social

During October 2022, I contributed to the annual Cybersecurity Awareness Month (CSAM) program at Arizona State University (ASU). 4 cybersecurity domains were explored during the month: phishing, password hygiene, physical security, and social media security. The scope of my work involved designing and developing activities related to phishing and social media security. The deliverables included 8 emails for the ‘Spot the Phish’ activity, an educational flier on phishing indicators, discussion questions for The Tinder Swindler documentary, and a password security question guessing game. I also collected feedback from students and faculty who participated in ‘Spot the Phish’ and the security question game. Participants answered questions about the difficulty of the activities and how their cybersecurity knowledge improved. The security question game didn’t have much participation, so there wasn’t much information to gather from the feedback. The ‘Spot the Phish’ activity had over 50 feedback submissions. That data suggested that the ‘Spot the Phish’ activity improved participants’ confidence in identifying phishing emails. After reviewing the feedback and my own anecdotal experience conducting the activities, I looked into research regarding tools for cybersecurity education. Based on that research, I designed new activities to better inform students and faculty about phishing and social media security for 2023 CSAM.

ContributorsVenkatesh, Ramana (Author) / Meuth, Ryan (Thesis director) / Menees, Jodi (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2023-05
168593-Thumbnail Image.png
Description
Despite extensive research by the security community, cyberattacks such as phishing and Internet of Things (IoT) attacks remain profitable to criminals and continue to cause substantial damage not only to the victim users that they target, but also the organizations they impersonate. In recent years, phishing websites have taken the

Despite extensive research by the security community, cyberattacks such as phishing and Internet of Things (IoT) attacks remain profitable to criminals and continue to cause substantial damage not only to the victim users that they target, but also the organizations they impersonate. In recent years, phishing websites have taken the place of malware websites as the most prevalent web-based threat. Even though technical countermeasures effectively mitigate web-based malware, phishing websites continue to grow in sophistication and successfully slip past modern defenses. Phishing attack and its countermeasure have entered into a new era, where one side has upgraded their weapon, attempting to conquer the other. In addition, the amount and usage of IoT devices increases rapidly because of the development and deployment of 5G network. Although researchers have proposed secure execution environment, attacks targeting those devices can often succeed. Therefore, the security community desperately needs detection and prevention methodologies to fight against phishing and IoT attacks. In this dissertation, I design a framework, named CrawlPhish, to understand the prevalence and nature of such sophistications, including cloaking, in phishing attacks, which evade detections from the anti-phishing ecosystem by distinguishing the traffic between a crawler and a real Internet user and hence maximize the return-on-investment from phishing attacks. CrawlPhish also detects and categorizes client-side cloaking techniques in phishing with scalability and automation. Furthermore, I focus on the analysis redirection abuse in advanced phishing websites and hence propose mitigations to classify malicious redirection use via machine learning algorithms. Based on the observations from previous work, from the perspective of prevention, I design a novel anti-phishing system called Spartacus that can be deployed from the user end to completely neutralize phishing attacks. Lastly, inspired by Spartacus, I propose iCore, which proactively monitors the operations in the trusted execution environment to identify any maliciousness.
ContributorsZhang, Penghui (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Thesis advisor) / Oest, Adam (Committee member) / Kapravelos, Alexandros (Committee member) / Arizona State University (Publisher)
Created2022
158081-Thumbnail Image.png
Description
Despite an abundance of defenses that work to protect Internet users from online threats, malicious actors continue deploying relentless large-scale phishing attacks that target these users. Effectively mitigating phishing attacks remains a challenge for the security community due to attackers' ability to evolve and adapt to defenses, the cross-organizational

Despite an abundance of defenses that work to protect Internet users from online threats, malicious actors continue deploying relentless large-scale phishing attacks that target these users. Effectively mitigating phishing attacks remains a challenge for the security community due to attackers' ability to evolve and adapt to defenses, the cross-organizational nature of the infrastructure abused for phishing, and discrepancies between theoretical and realistic anti-phishing systems. Although technical countermeasures cannot always compensate for the human weakness exploited by social engineers, maintaining a clear and up-to-date understanding of the motivation behind---and execution of---modern phishing attacks is essential to optimizing such countermeasures.

In this dissertation, I analyze the state of the anti-phishing ecosystem and show that phishers use evasion techniques, including cloaking, to bypass anti-phishing mitigations in hopes of maximizing the return-on-investment of their attacks. I develop three novel, scalable data-collection and analysis frameworks to pinpoint the ecosystem vulnerabilities that sophisticated phishing websites exploit. The frameworks, which operate on real-world data and are designed for continuous deployment by anti-phishing organizations, empirically measure the robustness of industry-standard anti-phishing blacklists (PhishFarm and PhishTime) and proactively detect and map phishing attacks prior to launch (Golden Hour). Using these frameworks, I conduct a longitudinal study of blacklist performance and the first large-scale end-to-end analysis of phishing attacks (from spamming through monetization). As a result, I thoroughly characterize modern phishing websites and identify desirable characteristics for enhanced anti-phishing systems, such as more reliable methods for the ecosystem to collectively detect phishing websites and meaningfully share the corresponding intelligence. In addition, findings from these studies led to actionable security recommendations that were implemented by key organizations within the ecosystem to help improve the security of Internet users worldwide.
ContributorsOest, Adam (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Thesis advisor) / Shoshitaishvili, Yan (Committee member) / Johnson, RC (Committee member) / Arizona State University (Publisher)
Created2020