• Home

  • Documents

  • Detecting Deceptive Patterns in Phishing Emails · 2014. 7. 31. · Detecting Deceptive Patterns in...
1
Detecting Deceptive Patterns in Phishing Emails Matthew Barba-Rodriguez Advisers: Lauren M. Stuart, Drs. Julia M. Taylor and Victor Raskin Problem Statement Identify cues for/patterns of deception within phishing emails to help users detect deceptive requests This material is based upon work supported by the National Science Foundation under grant #1062970. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. Threatening Account Irregularities Assurance Spelling Errors Phishing Valid Motivation Email users become more aware of phishing emails Prevents private data from being accessed by unauthorized users Saves individuals and corporations a lot of money During the 1st quarter of 2014 the Anti-Phishing Work Group reported an increase of 6,941 unique phishing email reports from January to March. What Has Been Done? Lexical Analysis Part-of-Speech Tagging Named Entity Recognition Normalization of Words to Lower Case Stemming Stop Word Removal TF-IDF Header Analysis Text Analysis IP-Based URLs Age of Linked-to Domain HTML Email Number of Links Number of Dots Redirecting Site January February March Number of unique phishing websites detected 42,828 38,175 44,212 Number of unique phishing e- mail (campaigns) received by APWG from consumers 53,984 56,883 60,925 Number of brands targeted by phishing campaigns 384 355 362 Country hosting the most phishing websites USA USA USA PhishNet-NLP PLIFER Tools Start Assurance We have the best security systems” Unable to Process Information “Error in your billing informationFalse Information We have your credit card info.” No Reason Given Threatening “Account Suspension” Assurance End Repetition of Statements Irregularities in Account 1 or more attempts to login” Dear valued PayPalï ¿ 1\/2 member : PayPalï ¿ 1\/2 is committed to maintaining a safe environment for its community of buyers and sellers . To protect the security of your account , PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity . Recently , our Account Review Team identified some unusual activity in your account . In accordance with PayPal 's User Agreement and to ensure that your account has not been compromised , access to your account was limited . Your account access will remain limited until this issue has been resolved . This is a fraud prevention measure meant to ensure that your account is not compromised . In order to secure your account and quickly restore full access , we may require some specific information from you for the following reason : We would like to ensure that your account was not accessed by an unauthorized third party . Because protecting the security of your account is our primary concern , we have limited access to sensitive PayPal account features . Pattern Organization Anti Phishing 1 st Quarter Report for 2014 Part of Sample of a Phishing Email

Detecting Deceptive Patterns in Phishing Emails · 2014. 7. 31. · Detecting Deceptive Patterns in Phishing Emails Matthew Barba-Rodriguez Advisers: Lauren M. Stuart, Drs. Julia

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

  • Detecting Deceptive Patterns in Phishing Emails Matthew Barba-Rodriguez

    Advisers: Lauren M. Stuart, Drs. Julia M. Taylor and Victor Raskin Problem Statement

    Identify cues for/patterns of deception within phishing emails to help users detect deceptive requests

    This material is based upon work supported by the National Science Foundation under grant #1062970. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

    Threatening

    Account Irregularities

    Assurance

    Spelling Errors

    Phishing

    Valid

    Motivation • Email users become more

    aware of phishing emails • Prevents private data from

    being accessed by unauthorized users

    • Saves individuals and corporations a lot of money

    During the 1st quarter of 2014 the Anti-Phishing Work Group reported an increase of 6,941 unique phishing email reports from January to March.

    What Has Been Done?

    Lexical Analysis

    Part-of-Speech Tagging

    Named Entity Recognition

    Normalization of Words to Lower Case

    Stemming

    Stop Word Removal

    TF-IDF

    Header Analysis

    Text Analysis

    IP-Based URLs

    Age of Linked-to Domain

    HTML Email

    Number of Links

    Number of Dots

    Redirecting Site

    January February March Number of unique phishing websites detected

    42,828 38,175 44,212

    Number of unique phishing e-mail (campaigns) received by APWG from consumers

    53,984 56,883 60,925

    Number of brands targeted by phishing campaigns

    384 355 362

    Country hosting the most phishing websites

    USA USA USA

    PhishNet-NLP PLIFER Tools

    Start

    Assurance “We have the best security systems”

    Unable to Process

    Information “Error in your

    billing information”

    False Information “We have your

    credit card info.”

    No Reason Given

    Threatening “Account

    Suspension”

    Assurance End

    Repetition of Statements

    Irregularities in Account

    “1 or more attempts to login”

    Dear valued PayPalï ¿ 1\/2 member : PayPalï ¿ 1\/2 is committed to maintaining a safe environment for its community of buyers and sellers . To protect the security of your account , PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity . Recently , our Account Review Team identified some unusual activity in your account . In accordance with PayPal 's User Agreement and to ensure that your account has not been compromised , access to your account was limited . Your account access will remain limited until this issue has been resolved . This is a fraud prevention measure meant to ensure that your account is not compromised . In order to secure your account and quickly restore full access , we may require some specific information from you for the following reason : We would like to ensure that your account was not accessed by an unauthorized third party . Because protecting the security of your account is our primary concern , we have limited access to sensitive PayPal account features .

    Pattern Organization

    Anti Phishing 1st Quarter Report for 2014

    Part of Sample of a Phishing Email

    Slide Number 1


 · Web viewAll emails are monitored If you receive any phishing emails or attachments do not open them. You must inform IT immediately. If you open an attachment or phishing email

 · Web viewAll emails are monitored If you receive any phishing emails or attachments do not open them. You must inform IT immediately. If you open an attachment or phishing email

Documents
DIGITAL SELF DEFENSE: RID RIT OF PHISHING ATTEMPTS · DIGITAL SELF DEFENSE: RID RIT OF PHISHING ATTEMPTS What is Phishing? Phishing is the fraudulent practice of sending spoofed emails

DIGITAL SELF DEFENSE: RID RIT OF PHISHING ATTEMPTS · DIGITAL SELF DEFENSE: RID RIT OF PHISHING ATTEMPTS What is Phishing? Phishing is the fraudulent practice of sending spoofed emails

Documents
Phishing - infosec.byu.edu · PHISHING What it is… The fraudulent practice of sending emails purporting to be from ... by connecting to your phone (landline or mobile) and prevents

Phishing - infosec.byu.edu · PHISHING What it is… The fraudulent practice of sending emails purporting to be from ... by connecting to your phone (landline or mobile) and prevents

Documents
Don’t Get Caught by Phishing Emails!

Don’t Get Caught by Phishing Emails!

Technology
Information Awareness Training and Phishing · 2017. 10. 24. · phishing emails or how to immediately report phishing attempts to the Computer Incident Response Team (CIRT).11 Recommended

Information Awareness Training and Phishing · 2017. 10. 24. · phishing emails or how to immediately report phishing attempts to the Computer Incident Response Team (CIRT).11 Recommended

Documents
Phishing - TU Berlinnet.t-labs.tu-berlin.de/.../pdf/IS09_08_phishing.handout.pdf · 2016. 8. 31. · 1 1 Phishing Spoofed emails 2 A Few Headlines “11.9 million Americans clicked

Phishing - TU Berlinnet.t-labs.tu-berlin.de/.../pdf/IS09_08_phishing.handout.pdf · 2016. 8. 31. · 1 1 Phishing Spoofed emails 2 A Few Headlines “11.9 million Americans clicked

Documents
Phishing Attack Landscape and Benchmarking · exercises and educate with ongoing security hints and tips emails. Phish Your Users Fully automated simulated phishing attacks, hundreds

Phishing Attack Landscape and Benchmarking · exercises and educate with ongoing security hints and tips emails. Phish Your Users Fully automated simulated phishing attacks, hundreds

Documents
1 in 414 Emails are a phishing attack

1 in 414 Emails are a phishing attack

Documents
PHISHING SAMPLE EMAILS------------------- · -----PHISHING SAMPLE EMAILS----- Standard Bank does not send *.htm or *.html attachments that direct you to what appears to be a login

PHISHING SAMPLE EMAILS------------------- · -----PHISHING SAMPLE EMAILS----- Standard Bank does not send *.htm or *.html attachments that direct you to what appears to be a login

Documents
HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

Documents
Analyzing Social and Stylometric Features to Identify Spear phishing Emails

Analyzing Social and Stylometric Features to Identify Spear phishing Emails

Engineering
Penetration Testing - Phishing€¦ · Phishing emails are increasingly sophisticated, and despite delivering mandatory training to staff, the risk remains that staff are susceptible

Penetration Testing - Phishing€¦ · Phishing emails are increasingly sophisticated, and despite delivering mandatory training to staff, the risk remains that staff are susceptible

Documents
Phishing emails and bogus contact: HM Revenue and … · 1 Phishing emails and bogus contact: HM Revenue and Customs examples If you think you have received a HM Revenue and Customs

Phishing emails and bogus contact: HM Revenue and … · 1 Phishing emails and bogus contact: HM Revenue and Customs examples If you think you have received a HM Revenue and Customs

Documents
THE IMPACT OF USERS CHARACTERISTICS ON … Mohammed A...THE IMPACT OF USERS’ CHARACTERISTICS ON THEIR ABILITY TO DETECT PHISHING EMAILS ii Abstract Phishing emails result in significant

THE IMPACT OF USERS CHARACTERISTICS ON … Mohammed A...THE IMPACT OF USERS’ CHARACTERISTICS ON THEIR ABILITY TO DETECT PHISHING EMAILS ii Abstract Phishing emails result in significant

Documents
PRACTICAL ADVICE FOR AVOIDING PHISHING EMAILS · PRACTICAL ADVICE FOR AVOIDING PHISHING EMAILS Phishing emails require one thing to be successful: For the recipient to take the bait

PRACTICAL ADVICE FOR AVOIDING PHISHING EMAILS · PRACTICAL ADVICE FOR AVOIDING PHISHING EMAILS Phishing emails require one thing to be successful: For the recipient to take the bait

Documents
The Cyber Threat Impact of COVID-19 to Global Business · 2020-04-11 · The Cyber Threat Impact of COVID-19 to Global Business Phishing Emails There are many phishing emails currently

The Cyber Threat Impact of COVID-19 to Global Business · 2020-04-11 · The Cyber Threat Impact of COVID-19 to Global Business Phishing Emails There are many phishing emails currently

Documents
Detecting Phishing in Emails

Detecting Phishing in Emails

Documents
Analyzing Social and Stylometric Features to Identify Spear phishing … · 2014-06-17 · of spear phishing, spam, and normal phishing emails from Symantec’s enterprise email scanning

Analyzing Social and Stylometric Features to Identify Spear phishing … · 2014-06-17 · of spear phishing, spam, and normal phishing emails from Symantec’s enterprise email scanning

Documents
Who is Using Your Domain for Phishing & Spam - TAG … is Using Your Domain for Phishing & Spam? ... Untrusted Emails Fraud Expenses ... Any email sender

Who is Using Your Domain for Phishing & Spam - TAG … is Using Your Domain for Phishing & Spam? ... Untrusted Emails Fraud Expenses ... Any email sender

Documents
Detection of Phishing Emails with Email Forensic Analysis

Detection of Phishing Emails with Email Forensic Analysis

Documents
Classifying Phishing Emails Using Confidence …Classifying Phishing Emails Using Confidence-Weighted Linear Classifiers Ram B. Basnet Computer Science & Engineering Department New

Classifying Phishing Emails Using Confidence …Classifying Phishing Emails Using Confidence-Weighted Linear Classifiers Ram B. Basnet Computer Science & Engineering Department New

Documents
Phishing Prevention, Solutions & Services | Cofense - How to Spot … · 2020. 9. 4. · Phishing emails will try to fluster recipients by creating a sense of urgency. Fear Scaring

Phishing Prevention, Solutions & Services | Cofense - How to Spot … · 2020. 9. 4. · Phishing emails will try to fluster recipients by creating a sense of urgency. Fear Scaring

Documents
Phishing and bogus emails: HM Revenue and Customs examples

Phishing and bogus emails: HM Revenue and Customs examples

Documents
Anti-Phishing Simulation & Awareness · Phishing attacks have become a significant threat. Consider the following numbers: 156 million phishing emails are sent out every dayi. Email

Anti-Phishing Simulation & Awareness · Phishing attacks have become a significant threat. Consider the following numbers: 156 million phishing emails are sent out every dayi. Email

Documents
Phishing, Vishing, & Smishing€¦ · – Creating a target list and send out phishing or spear phishing emails – Responding if the victim responds, engaging directly with some

Phishing, Vishing, & Smishing€¦ · – Creating a target list and send out phishing or spear phishing emails – Responding if the victim responds, engaging directly with some

Documents
Analysing persuasion principles in phishing emails

Analysing persuasion principles in phishing emails

Documents
So, you think you’re good at spotting phishing emails

So, you think you’re good at spotting phishing emails

Technology
Detecting Phishing in Emails Srikanth Palla Ram Dantu University of North Texas, Denton

Detecting Phishing in Emails Srikanth Palla Ram Dantu University of North Texas, Denton

Documents
Typology of Fraudulent and Deceptive Commercial Practices ...consumers, e.g., spam, spyware, phishing Category 2: Traditional fraudulent and deceptive commercial practices using the

Typology of Fraudulent and Deceptive Commercial Practices ...consumers, e.g., spam, spyware, phishing Category 2: Traditional fraudulent and deceptive commercial practices using the

Documents
Phishing Test Templates · 2020. 12. 9. · Phishing Test Templates Our most effective phishing emails, and why they work. Here are our Top 10 Phishing Email templates. Use them

Phishing Test Templates · 2020. 12. 9. · Phishing Test Templates Our most effective phishing emails, and why they work. Here are our Top 10 Phishing Email templates. Use them

Documents