Biblio

With the recent rise of HTTPS adoption on the Web, attackers have begun "HTTPSifying" phishing websites. HTTPSifying a phishing website has the advantage of making the website appear legitimate and evading conventional detection methods that leverage URLs or web contents in the network. Further, adopting HTTPS could also contribute to generating intrinsic footprints and provide defenders with a great opportunity to monitor and detect websites, including phishing sites, as they would need to obtain a public-key certificate issued for the preparation of the websites. The potential benefits of certificate-based detection include: (1) the comprehensive monitoring of all HTTPSified websites by using certificates immediately after their issuance, even if the attacker utilizes dynamic DNS (DDNS) or hosting services; this could be overlooked with the conventional domain-registration-based approaches; and (2) to detect phishing websites before they are published on the Internet. Accordingly, we address the following research question: How can we make use of the footprints of TLS certificates to defend against phishing attacks? For this, we collected a large set of TLS certificates corresponding to phishing websites from Certificate Transparency (CT) logs and extensively analyzed these TLS certificates. We demonstrated that a template of common names, which are equivalent to the fully qualified domain names, obtained through the clustering analysis of the certificates can be used for the following promising applications: (1) The discovery of previously unknown phishing websites with low false positives and (2) understanding the infrastructure used to generate the phishing websites. We use our findings on the abuse of free certificate authorities (CAs) for operating HTTPSified phishing websites to discuss possible solutions against such abuse and provide a recommendation to the CAs.

“Phishing emails” are phishing emails with illegal links that direct users to pages of some real websites that are spoofed, or pages where real HTML has been inserted with dangerous HTML code, so as to deceive users' private information such as bank or credit card account numbers, email account numbers, and passwords. People are the most vulnerable part of security. Phishing emails use human weaknesses to attack. This article describes the application of the principle of persuasion in phishing emails, and based on the existing methods, this paper proposes a phishing email detection method based on the persuasion principle. The principle of persuasion principle is to count whether the corresponding word of the feature appears in the mail. The feature is selected using an information gain algorithm, and finally 25 features are selected for detection. Finally experimentally verified, accuracy rate reached 99.6%.

One of the most dangerous threats on the internet nowadays is phishing attacks. This type of attack can lead to data breaches, and with it to image and financial loss in a company. The most common technique to exploit this type of attack is by sending emails to the target users to trick them to send their credentials to the attacker servers. If the user clicks on the link from the email, then good detection is needed to protect the user credentials. Many papers presented Computer Vision as a good detection technique, but we will explain why this solution can generate lots of false positives in some important environments. This paper focuses on challenges of the Computer Vision detection technique and proposes a combination of multiple techniques together with Computer Vision technique in order to solve the challenges we have shown. We also will present a methodology to detect phishing attacks that will work with the proposed combination techniques.

Currently and particularly with remote working scenarios during COVID-19, phishing attack has become one of the most significant threats faced by internet users, organizations, and service providers. In a phishing attack, the attacker tries to steal client sensitive data (such as login, passwords, and credit card details) using spoofed emails and fake websites. Cybercriminals, hacktivists, and nation-state spy agencies have now got a fertilized ground to deploy their latest innovative phishing attacks. Timely detection of phishing attacks has become most crucial than ever. Machine learning algorithms can be used to accurately detect phishing attacks before a user is harmed. This paper presents a novel ensemble model to detect phishing attacks on the website. We select three machine learning classifiers: Artificial Neural Network (ANN), K-Nearest Neighbors (KNN), and Decision Tree (C4.5) to use in an ensemble method with Random Forest Classifier (RFC). This ensemble method effectively detects website phishing attacks with better accuracy than existing studies. Experimental results demonstrate that the ensemble of KNN and RFC detects phishing attacks with 97.33% accuracy.

Email based Uniform Resource Locator (URL) distribution is one of the popular ways for starting phishing attacks. Conventional anti-phishing solutions rely on security facilities and investigate all incoming emails. This makes the security facilities get overloaded and cause consequences of upgrades or new deployments even with no better options. This paper presents a novel detour strategy for the traffic of visiting potential phishing URLs based on dynamic Domain Name System (DNS) Response Policy Zone (RPZ) in order to mitigate the overloads on security facilities. In the strategy, the URLs included in the incoming emails will be extracted and the corresponding Fully Qualified Domain Name (FQDN) will be registered in the RPZ of the local DNS cache server with mapping the IP address of a special Hypertext Transfer Protocol (HTTP) proxy. The contribution of the approach is to avoid heavy investigations on all incoming emails and mitigate the overloads on security facilities by directing the traffic to phishing URLs to the special HTTP proxy connected with a set of security facilities conducting various inspections. The evaluation results on the prototype system showed that the URL extraction and FQDN registration were finished before the emails had been delivered and accesses to the URLs were successfully directed to the special HTTP proxy. The results of overhead measurements also confirmed that the proposed strategy only affected the internal email server with 11% of performance decrease on the prototype system.

Email-based phishing is still a widespread problem, that affects many users worldwide. Although many aspects of phishing have been extensively studied in the past, they mainly focus on the execution and prevention of different types of phishing and do not consider the process how attackers collect the contact information of potential victims. In this paper, we analyze the collection process of email addresses in more detail. Based on the results of this analysis, we propose email address separation as a way for users to detect phishing emails, and reason about its effectiveness against several typical types of phishing attacks. We find, that email address separation has the potential to greatly reduce the perceived authenticity of general phishing emails, that target a large amount of users, e.g., by impersonating a popular service and spreading malware or links to phishing websites. It is, however, not likely to prevent more sophisticated phishing attacks, that do not depend on the impersonation of a previously known organization or entity. Our results motivate further studies to analyze the usability and applicability of the proposed method, and to determine, whether address separation has additional positive effects on users’ phishing awareness or automated phishing detection.

Today, the Internet covers worldwide. All over the world, people prefer an E-commerce platform to buy or sell their products. Therefore, cybercrime has become the center of attraction for cyber attackers in cyberspace. Phishing is one such technique where the unidentified structure of the Internet has been used by attackers/criminals that intend to deceive users with the use of the illusory website and emails for obtaining their credentials (like account numbers, passwords, and PINs). Consequently, the identification of a phishing or legitimate web page is a challenging issue due to its semantic structure. In this paper, a phishing detection system is implemented using deep learning techniques to prevent such attacks. The system works on URLs by applying a convolutional neural network (CNN) to detect the phishing webpage. In paper [19] the proposed model has achieved 97.98% accuracy whereas our proposed system achieved accuracy of 98.00% which is better than earlier model. This system doesn’t require any feature engineering as the CNN extract features from the URLs automatically through its hidden layers. This is other advantage of the proposed system over earlier reported in [19] as the feature engineering is a very time-consuming task.

Phishing is an act of creating a website similar to a legitimate website with a motive of stealing user's confidential information. Phishing fraud might be the most popular cybercrime. Phishing is one of the risks that originated a couple of years back but still prevailing. This paper discusses various phishing attacks, some of the latest phishing evasion techniques used by attackers and anti-phishing approaches. This review raises awareness of those phishing strategies and helps the user to practice phishing prevention. Here, a hybrid approach of phishing detection also described having fast response time and high accuracy.

Spear phishing emails target to specific individual or organization, they are more elaborated, targeted, and harmful than phishing emails. The attackers usually harvest information about the recipient in any available ways, then create a carefully camouflaged email and lure the recipient to perform dangerous actions. In this paper we present a new effective approach to detect spear phishing emails based on machine learning. Firstly we extracted 21 Stylometric features from email, 3 forwarding features from Email Forwarding Relationship Graph Database(EFRGD), and 3 reputation features from two third-party threat intelligence platforms, Virus Total(VT) and Phish Tank(PT). Then we made an improvement on Synthetic Minority Oversampling Technique(SMOTE) algorithm named KM-SMOTE to reduce the impact of unbalanced data. Finally we applied 4 machine learning algorithms to distinguish spear phishing emails from non-spear phishing emails. Our dataset consists of 417 spear phishing emails and 13916 non-spear phishing emails. We were able to achieve a maximum recall of 95.56%, precision of 98.85% and 97.16% of F1-score with the help of forwarding features, reputation features and KM-SMOTE algorithm.

Phishing URL is a type of cyberattack, based on falsified URLs. The number of phishing URL attacks continues to increase despite cybersecurity efforts. According to the Anti-Phishing Working Group (APWG), the number of phishing websites observed in 2020 is 1 520 832, doubling over the course of a year. Various algorithms, techniques and methods can be used to build models for phishing URL detection and classification. From our reading, we observed that Machine Learning (ML) is one of the recent approaches used to detect and classify phishing URL in an efficient and proactive way. In this paper, we evaluate eleven of the most adopted ML algorithms such as Decision Tree (DT), Nearest Neighbours (KNN), Gradient Boosting (GB), Logistic Regression (LR), Naïve Bayes (NB), Random Forest (RF), Support Vector Machines (SVM), Neural Network (NN), Ex-tra\_Tree (ET), Ada\_Boost (AB) and Bagging (B). To do that, we compute detection accuracy metric for each algorithm and we use lexical analysis to extract the URL features.

Phishing is a type of fraud on the Internet in the form of fake web pages that mimic the original web pages to trick users into sending sensitive information to phisher. The statistics presented by APWG and Phistank show that the number of phishing websites from 2015 to 2020 tends to increase continuously. To overcome this problem, several studies have been carried out including detecting phishing web pages using various features of web pages with various methods. Unfortunately, the use of several methods is not really effective because the design and evaluation are only too focused on the achievement of detection accuracy in research, but evaluation does not represent application in the real world. Whereas a security detection device should require effectiveness, good performance, and deployable. In this study the authors evaluated several methods and proposed rules-based applications that can detect phishing more efficiently.

This paper investigates what cues people use to spot a phishing email when the email is spoken back to them by the Alexa voice assistant, instead of read on a screen. We configured Alexa to read there emails to a sample of 52 participants and ask for their phishing evaluations. We also asked a control group of another 52 participants to evaluate these emails on a regular screen to compare the plausibility of phishing pretexting in voice assistant environments. The results suggest that Alexa can be used for pretexting users that lack phishing awareness to receive and act upon a relatively urgent email from an authoritative sender. Inspecting the sender (authority cue”) and relying on their personal experiences helped participants with higher phishing awareness to use Alexa towards a preliminary email screening to flag an email as potentially “phishing.”

Phishing is a frequent assault in which unsuspecting people’s unique, private, and sensitive information is stolen through fake websites. The primary objective of phishing websites’consistent resource allocators isto steal unique, private, and sensitive information such as user login passwords and online financial transactions. Phishers construct phony websites that look and sound just like genuine things. With the advent of technology, there are protecting users significantly increased in phishing methods. It necessitates the development of an anti-phishing technology to identify phishing and protect users. Machine learning is a useful technique for combating phishing attempts. These articles were utilized to examine Machine learning for detection strategies and characteristics.

Data mining technology is a very important technology in the current era of data explosion. With the informationization of society and the transparency and openness of information, network security issues have become the focus of concern of people all over the world. This paper wants to compare the accuracy of multiple machine learning methods and two deep learning frameworks when using lexical features to detect and classify malicious URLs. As a result, this paper shows that the Random Forest, which is an ensemble learning method for classification, is superior to 8 other machine learning methods in this paper. Furthermore, the Random Forest is even superior to some popular deep neural network models produced by famous frameworks such as TensorFlow and PyTorch when using lexical features to detect and classify malicious URLs.

Recently, the threats of phishing attacks have in-creased. As a countermeasure against phishing attacks, phishing detection systems using deep learning techniques have been considered. However, deep learning techniques are vulnerable to adversarial examples (AEs) that intentionally cause misclassification. When AEs are applied to a deep-learning-based phishing detection system, they pose a significant security risk. Therefore, in this paper, we assess the vulnerability of a phishing detection system by inputting AEs generated based on a dataset that consists of phishing sites’ URLs. Moreover, we consider countermeasures against AEs and clarify whether these defense methods can prevent misclassification.

Training on cues to deception is one of the promising ways of addressing humans’ poor performance in deception detection. However, the effect of training may be subject to the context of deception and the design of training. This study aims to investigate the effect of verbal cue training on the performance of phishing email detection by comparing different designs of training and examining the effect of topic familiarity. Based on the results of a lab experiment, we not only confirm the effect of training but also provide suggestions on how to design training to better facilitate the detection of phishing emails. In addition, our results also discover the effect of topic familiarity on phishing detection. The findings of this study have significant implications for the mitigation and intervention of online deception.

A successful phishing attack is prelude to various other severe attacks such as login credentials theft, unauthorized access to user’s confidential data, malware and ransomware infestation of victim’s machine etc. This paper proposes a real time lightweight machine learning based security framework for detection of phishing attacks through analysis of Uniform Resource Locators (URLs). The proposed framework initially extracts a set of highly discriminating and uncorrelated features from the URL string corpus. These extracted features are then used to transform the URL strings into their corresponding numeric feature vectors, which are eventually used to train various machine learning based classifier models for identification of malicious phishing URLs. Performance analysis of the proposed security framework on two well known datasets: Kaggle dataset and UNB dataset shows that it is capable of detecting malicious phishing URLs with high precision, while at the same time maintain a very low level of false positive rate. The proposed framework is also shown to outperform other similar security frameworks proposed in the literature.121https://www.kaggle.com/antonyj453/ur1dataset2https://www.unb.ca/cic/datasets/ur1-2016.htm1

Website phishing continues to persist as one of the most important security threats of the modern Internet era. A major concern has been that machine learning based approaches, which have been the cornerstones of deployed phishing detection solutions, have not been able to adapt to the evolving nature of the phishing attacks. To create updated machine learning models, the collection of a sufficient corpus of real-time phishing data has always been a challenging problem as most phishing websites are short-lived. In this work, for the first time, we address these important concerns and describe an adaptive phishing detection solution that is able to adapt to changes in phishing attacks. Our solution has two major contributions. First, our solution allows for multiple organizations to collaborate in a privacy preserving manner and generate a robust machine learning model for phishing detection. Second, our solution is designed to be flexible in order to adapt to the novel phishing features introduced by attackers. Our solution not only allows for incorporating novel features into the existing machine learning model, but also can help, to a certain extent, the “unlearning” of existing features that have become obsolete in current phishing attacks. We evaluated our approach on a large real-world data collected over a period of six months. Our results achieve a high true positive rate of 97 %, which is on par with existing state-of-the art centralized solutions. Importantly, our results demonstrate that, a machine learning model can incorporate new features while selectively “unlearning” the older obsolete features.

The availability of number of open-source hacking tools over the internet and many hacking tools in-built with the Kali Linux operating system led to easy understanding and performing hacking by individuals. Even though, hacking the Wi-Fi passwords is considered a tedious task with open-source tools, they can be hacked easily with phishing. Phishing involves tricking the users with malicious emails and obtaining sensitive information from them. This paper describes the different wireless security protocols and tools for hacking wireless networks. A python script is developed which can be sent as phishing to get all the SSID's and passwords to which the system has been connected. The script has been executed and the results are presented.

The COVID19 pandemic situation has opened a wide range of opportunities for cyber-criminals, who take advantage of the anxiety generated and the time spent on the Internet, to undertake massive phishing campaigns. Although companies are adopting protective measures, the psychological traits of the victims are still considered from a very generic perspective. In particular, current literature determines that the model proposed in the Big-Five personality traits (i.e., Openness, Conscientiousness, Extraversion, Agreeableness, and Neuroticism) might play an important role in human behaviour to counter cybercrime. However, results do not provide unanimity regarding the correlation between phishing susceptibility and neuroticism. With the aim to understand this lack of consensus, this article provides a comprehensive literature review of papers extracted from relevant databases (IEEE Xplore, Scopus, ACM Digital Library, and Web of Science). Our results show that there is not a well-established psychological theory explaining the role of neuroticism in the phishing context. We sustain that non-representative samples and the lack of homogeneity amongst the studies might be the culprits behind this lack of consensus on the role of neuroticism on phishing susceptibility.

The number of organisational cybersecurity threats continues to increase every year as technology advances. All too often, organisations assume that implementing systems security measures like firewalls and anti-virus software will eradicate cyber threats. However, even the most robust security systems are vulnerable to threats. As advanced as machine learning cybersecurity technology is becoming, it cannot be solely relied upon to solve cyber threats. There are other forces that contribute to these threats that are many-a-times out of an organisation's control i.e., human behaviour. This research article aims to create an understanding of the trends in key cybersecurity management issues that have developed in the past five years in relation to human behaviour and machine learning. The methodology adopted to guide the synthesis of this review was a systematic literature review. The guidelines for conducting the review are presented in the review approach. The key cybersecurity management issues highlighted by the research includes risky security behaviours demonstrated by employees, social engineering, the current limitations present in machine learning insider threat detection, machine learning enhanced cyber threats, and the underinvestment challenges faced in the cybersecurity domain.

This research covers the problem related to user behavior and its relationship with the protection of computer assets in terms of confidentiality, integrity, and availability. The main objective was to evaluate the relationship between the dimensions of awareness, compliance and appropriation of the information security culture and the asset protection variable, the ISCA diagnostic instrument was applied, and social engineering techniques were incorporated for this process. The results show the levels of awareness, compliance and appropriation of the university that was considered as a case study, these oscillate between the second and third level of four levels. Similarly, the performance regarding asset protection ranges from low to medium. It was concluded that there is a significant relationship between the variables of the investigation, verifying that of the total types of incidents registered in the study case, approximately 69% are associated with human behavior. As a contribution, an information security culture model was formulated whose main characteristic is a complementary diagnostic process between surveys and social engineering techniques, the model also includes the information security management system, risk management and security incident handling as part of the information security culture ecosystem in an enterprise.

A Quick Response (QR) Code is a type of barcode that can be read by the digital devices and which stores the information in a square-shaped. The QR Code readers can extract data from the patterns which are presented in the QR Code matrix. A QR Code can be acting as an attack vector that can harm indirectly. In such case a QR Code can carry malicious or phishing URLs and redirect users to a site which is well conceived by the attacker and pretends to be an authorized one. Once the QR Code is decoded the commands are triggered and executed, causing damage to information, operating system and other possible sequence the attacker expects to gain. In this paper, a new model for QR Code authentication and phishing detection has been presented. The proposed model will be able to detect the phishing and malicious URLs in the process of the QR Code validation as well as to prevent the user from validating it. The development of this application will help to prevent users from being tricked by the harmful QR Codes.

Quick response (QR) codes are currently used ubiq-uitously. Their interaction protocol design is initially unsecured. It forces users to scan QR codes, which makes it harder to differentiate a genuine code from a malicious one. Intruders can change the original QR code and make it fake, which can lead to phishing websites that collect sensitive data. The interaction model can be improved and made more secure by adding some modifications to the backend side of the application. This paper addresses the vulnerabilities of QR codes and recommends improvements in security design. Furthermore, two state-of-the-art algorithms, Digital Signature (DS) and Elliptic Curve Digital Signature (ECDS), are analytically compared to determine their strengths in QR code security.

Phishing, ransomware and cryptojacking are the main threats to cyber security in recent years. We consider the stages of phishing attacks, examples of such attacks, specifically, attacks using ransomware, malicious PDF files, and banking trojans. The article describes the specifics of phishing emails. Advices on phishing protection are given.