TY - GEN
T1 - Inside a phisher's mind
T2 - 2018 APWG Symposium on Electronic Crime Research, eCrime 2018
AU - Oest, Adam
AU - Safei, Yeganeh
AU - Doupe, Adam
AU - Ahn, Gail-Joon
AU - Wardman, Brad
AU - Warner, Gary
N1 - Funding Information:
This material is based upon work supported by the National Science Foundation under Grant 1703644. This work was also partially supported by a grant from the Center for Cybersecu-rity and Digital Forensics at Arizona State University.
Publisher Copyright:
© 2018 IEEE.
PY - 2018/6/8
Y1 - 2018/6/8
N2 - Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.
AB - Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.
UR - http://www.scopus.com/inward/record.url?scp=85049328203&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85049328203&partnerID=8YFLogxK
U2 - 10.1109/ECRIME.2018.8376206
DO - 10.1109/ECRIME.2018.8376206
M3 - Conference contribution
AN - SCOPUS:85049328203
T3 - eCrime Researchers Summit, eCrime
SP - 1
EP - 12
BT - Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018
PB - IEEE Computer Society
Y2 - 15 May 2018 through 17 May 2018
ER -