Abstract

Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.

Original languageEnglish (US)
Title of host publicationProceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018
PublisherIEEE Computer Society
Pages1-12
Number of pages12
Volume2018-May
ISBN (Electronic)9781538649220
DOIs
StatePublished - Jun 8 2018
Event2018 APWG Symposium on Electronic Crime Research, eCrime 2018 - San Diego, United States
Duration: May 15 2018May 17 2018

Other

Other2018 APWG Symposium on Electronic Crime Research, eCrime 2018
CountryUnited States
CitySan Diego
Period5/15/185/17/18

Fingerprint

Ecosystems
Websites
Paint
Servers
Phishing
Ecosystem

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Information Systems and Management

Cite this

Oest, A., Safei, Y., Doupe, A., Ahn, G-J., Wardman, B., & Warner, G. (2018). Inside a phisher's mind: Understanding the anti-phishing ecosystem through phishing kit analysis. In Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018 (Vol. 2018-May, pp. 1-12). IEEE Computer Society. https://doi.org/10.1109/ECRIME.2018.8376206

Inside a phisher's mind : Understanding the anti-phishing ecosystem through phishing kit analysis. / Oest, Adam; Safei, Yeganeh; Doupe, Adam; Ahn, Gail-Joon; Wardman, Brad; Warner, Gary.

Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018. Vol. 2018-May IEEE Computer Society, 2018. p. 1-12.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Oest, A, Safei, Y, Doupe, A, Ahn, G-J, Wardman, B & Warner, G 2018, Inside a phisher's mind: Understanding the anti-phishing ecosystem through phishing kit analysis. in Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018. vol. 2018-May, IEEE Computer Society, pp. 1-12, 2018 APWG Symposium on Electronic Crime Research, eCrime 2018, San Diego, United States, 5/15/18. https://doi.org/10.1109/ECRIME.2018.8376206
Oest A, Safei Y, Doupe A, Ahn G-J, Wardman B, Warner G. Inside a phisher's mind: Understanding the anti-phishing ecosystem through phishing kit analysis. In Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018. Vol. 2018-May. IEEE Computer Society. 2018. p. 1-12 https://doi.org/10.1109/ECRIME.2018.8376206
Oest, Adam ; Safei, Yeganeh ; Doupe, Adam ; Ahn, Gail-Joon ; Wardman, Brad ; Warner, Gary. / Inside a phisher's mind : Understanding the anti-phishing ecosystem through phishing kit analysis. Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018. Vol. 2018-May IEEE Computer Society, 2018. pp. 1-12
@inproceedings{acb656d42ca84adc9b639418416d736b,
title = "Inside a phisher's mind: Understanding the anti-phishing ecosystem through phishing kit analysis",
abstract = "Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.",
author = "Adam Oest and Yeganeh Safei and Adam Doupe and Gail-Joon Ahn and Brad Wardman and Gary Warner",
year = "2018",
month = "6",
day = "8",
doi = "10.1109/ECRIME.2018.8376206",
language = "English (US)",
volume = "2018-May",
pages = "1--12",
booktitle = "Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018",
publisher = "IEEE Computer Society",

}

TY - GEN

T1 - Inside a phisher's mind

T2 - Understanding the anti-phishing ecosystem through phishing kit analysis

AU - Oest, Adam

AU - Safei, Yeganeh

AU - Doupe, Adam

AU - Ahn, Gail-Joon

AU - Wardman, Brad

AU - Warner, Gary

PY - 2018/6/8

Y1 - 2018/6/8

N2 - Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.

AB - Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.

UR - http://www.scopus.com/inward/record.url?scp=85049328203&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85049328203&partnerID=8YFLogxK

U2 - 10.1109/ECRIME.2018.8376206

DO - 10.1109/ECRIME.2018.8376206

M3 - Conference contribution

VL - 2018-May

SP - 1

EP - 12

BT - Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018

PB - IEEE Computer Society

ER -