Abstract
Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.
| Original language | English (US) |
|---|---|
| Title of host publication | Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018 |
| Publisher | IEEE Computer Society |
| Pages | 1-12 |
| Number of pages | 12 |
| Volume | 2018-May |
| ISBN (Electronic) | 9781538649220 |
| DOIs | |
| State | Published - Jun 8 2018 |
| Event | 2018 APWG Symposium on Electronic Crime Research, eCrime 2018 - San Diego, United States Duration: May 15 2018 → May 17 2018 |
Other
| Other | 2018 APWG Symposium on Electronic Crime Research, eCrime 2018 |
|---|---|
| Country | United States |
| City | San Diego |
| Period | 5/15/18 → 5/17/18 |
Fingerprint
ASJC Scopus subject areas
- Computer Networks and Communications
- Computer Science Applications
- Information Systems
- Information Systems and Management
Cite this
Inside a phisher's mind : Understanding the anti-phishing ecosystem through phishing kit analysis. / Oest, Adam; Safei, Yeganeh; Doupe, Adam; Ahn, Gail-Joon; Wardman, Brad; Warner, Gary.
Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018. Vol. 2018-May IEEE Computer Society, 2018. p. 1-12.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Inside a phisher's mind
T2 - Understanding the anti-phishing ecosystem through phishing kit analysis
AU - Oest, Adam
AU - Safei, Yeganeh
AU - Doupe, Adam
AU - Ahn, Gail-Joon
AU - Wardman, Brad
AU - Warner, Gary
PY - 2018/6/8
Y1 - 2018/6/8
N2 - Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.
AB - Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.
UR - http://www.scopus.com/inward/record.url?scp=85049328203&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85049328203&partnerID=8YFLogxK
U2 - 10.1109/ECRIME.2018.8376206
DO - 10.1109/ECRIME.2018.8376206
M3 - Conference contribution
AN - SCOPUS:85049328203
VL - 2018-May
SP - 1
EP - 12
BT - Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018
PB - IEEE Computer Society
ER -