Inside a phisher's mind: Understanding the anti-phishing ecosystem through phishing kit analysis

Adam Oest; Yeganeh Safei; Adam Doupe; Gail-Joon Ahn; Brad Wardman; Gary Warner

doi:10.1109/ECRIME.2018.8376206

Inside a phisher's mind: Understanding the anti-phishing ecosystem through phishing kit analysis

Adam Oest, Yeganeh Safei, Adam Doupe, Gail-Joon Ahn, Brad Wardman, Gary Warner

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

14 Scopus citations

Abstract

Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.

Original language	English (US)
Title of host publication	Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018
Publisher	IEEE Computer Society
Pages	1-12
Number of pages	12
Volume	2018-May
ISBN (Electronic)	9781538649220
DOIs	https://doi.org/10.1109/ECRIME.2018.8376206
State	Published - Jun 8 2018
Event	2018 APWG Symposium on Electronic Crime Research, eCrime 2018 - San Diego, United States Duration: May 15 2018 → May 17 2018

Other

Other	2018 APWG Symposium on Electronic Crime Research, eCrime 2018
Country	United States
City	San Diego
Period	5/15/18 → 5/17/18

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Information Systems
Information Systems and Management

Access to Document

10.1109/ECRIME.2018.8376206

Fingerprint Dive into the research topics of 'Inside a phisher's mind: Understanding the anti-phishing ecosystem through phishing kit analysis'. Together they form a unique fingerprint.

Cite this

Inside a phisher's mind : Understanding the anti-phishing ecosystem through phishing kit analysis. / Oest, Adam; Safei, Yeganeh; Doupe, Adam ; Ahn, Gail-Joon; Wardman, Brad; Warner, Gary.

Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018. Vol. 2018-May IEEE Computer Society, 2018. p. 1-12.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Oest, A, Safei, Y, Doupe, A , Ahn, G-J, Wardman, B & Warner, G 2018, Inside a phisher's mind: Understanding the anti-phishing ecosystem through phishing kit analysis. in Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018. vol. 2018-May, IEEE Computer Society, pp. 1-12, 2018 APWG Symposium on Electronic Crime Research, eCrime 2018, San Diego, United States, 5/15/18. https://doi.org/10.1109/ECRIME.2018.8376206

@inproceedings{acb656d42ca84adc9b639418416d736b,

title = "Inside a phisher's mind: Understanding the anti-phishing ecosystem through phishing kit analysis",

abstract = "Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.",

author = "Adam Oest and Yeganeh Safei and Adam Doupe and Gail-Joon Ahn and Brad Wardman and Gary Warner",

year = "2018",

month = jun,

day = "8",

doi = "10.1109/ECRIME.2018.8376206",

language = "English (US)",

volume = "2018-May",

pages = "1--12",

booktitle = "Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018",

publisher = "IEEE Computer Society",

note = "2018 APWG Symposium on Electronic Crime Research, eCrime 2018 ; Conference date: 15-05-2018 Through 17-05-2018",

}

TY - GEN

T1 - Inside a phisher's mind

T2 - 2018 APWG Symposium on Electronic Crime Research, eCrime 2018

AU - Oest, Adam

AU - Safei, Yeganeh

AU - Doupe, Adam

AU - Ahn, Gail-Joon

AU - Wardman, Brad

AU - Warner, Gary

PY - 2018/6/8

Y1 - 2018/6/8

N2 - Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.

AB - Phishing attacks are becoming increasingly prevalent: 2016 saw more phishing attacks than any previous year on record according to the Anti-Phishing Working Group. At the same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing systems, as phishers have extensive control over the content they serve to their victims. By examining two large, real-world datasets of phishing kits and URLs from 2016 through mid-2017, we paint a clear picture of today's anti-phishing ecosystem while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side.htaccess filtering techniques used by phishers to evade detection by the security community. We also propose a new generic classification scheme for phishing URLs which corresponds to modern social engineering techniques and reveals a correlation between URL type and compromised infrastructure use. Our analysis identifies measures that can be taken by the security community to defeat phishers' countermeasures and increase the likelihood of a timely response to phishing. We discover that phishers have a keen awareness of the infrastructure used against them, which illustrates the ever-evolving struggle between cybercriminals and security researchers and motivates future work to positively impact online security.

UR - http://www.scopus.com/inward/record.url?scp=85049328203&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85049328203&partnerID=8YFLogxK

U2 - 10.1109/ECRIME.2018.8376206

DO - 10.1109/ECRIME.2018.8376206

M3 - Conference contribution

AN - SCOPUS:85049328203

VL - 2018-May

SP - 1

EP - 12

BT - Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018

PB - IEEE Computer Society

Y2 - 15 May 2018 through 17 May 2018

ER -