Abstract
Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.
Original language | English (US) |
---|---|
Title of host publication | Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018 |
Publisher | IEEE Computer Society |
Pages | 1-12 |
Number of pages | 12 |
Volume | 2018-May |
ISBN (Electronic) | 9781538649220 |
DOIs | |
State | Published - Jun 8 2018 |
Event | 2018 APWG Symposium on Electronic Crime Research, eCrime 2018 - San Diego, United States Duration: May 15 2018 → May 17 2018 |
Other
Other | 2018 APWG Symposium on Electronic Crime Research, eCrime 2018 |
---|---|
Country | United States |
City | San Diego |
Period | 5/15/18 → 5/17/18 |
ASJC Scopus subject areas
- Computer Networks and Communications
- Computer Science Applications
- Information Systems
- Information Systems and Management