Explore chapters and articles related to this topic
Evolution of Phishing Attacks: Challenges and Opportunities for Humans to Adapt to the Ubiquitous Connected World
Published in Mustapha Mouloua, Peter A. Hancock, James Ferraro, Human Performance in Automated and Autonomous Systems, 2019
Aiping Xiong, Robert W. Proctor, Ninghui Li
Xiong, Proctor, Yang, and Li (2019) evaluated the effectiveness of training embedded within a security warning to identify phishing web pages. Many phishing warnings are shown to users of Google Safe Browsing every week, but users lack understanding of the warnings. Each warning provides an opportunity to embed training that will increase users’ knowledge about phishing and the skills needed to avoid phishing attacks. The experiment compared the effectiveness of the current Chrome phishing warning with two training-embedded warning interfaces. In the first phase, participants made login decisions for 10 web pages with the aid of warning. Then, after performing a distractor task, the participants made legitimacy judgments for 10 different login web pages without warnings being presented. A week later, participants were invited back to again make legitimacy judgments for 10 different web pages. The results showed that all groups of participants discriminated fraudulent from legitimate web pages with similar accuracy in the first phase, for which warnings were presented. However, in both later phases, when no warnings were provided, those participants who received the training-embedded interfaces had better discrimination than those who did not. This study provides evidence that embedded training may provide a means for enabling security training at scale.
A Deep-dive on Machine Learning for Cyber Security Use Cases
Published in Brij B. Gupta, Michael Sheng, Machine Learning for Computer and Cyber Security, 2019
R. Vinayakumar, K.P. Soman, Prabaharan Poornachandran, Vijay Krishna Menon
Researchers have used blacklisting and machine learning-based solutions as their primary techniques to attack the malicious URLs. Blacklisting is one of the non-machine learning mechanisms widely used to block malicious URLs. It uses honeypots, web crawlers and manual reporting through human feedback as their tools to update the repository of malicious URLs. While a user attempts to visit URL, blacklisting will be triggered automatically. This does the pattern matching to know whether the URL is in their repository. If so, the request is blocked. This has been employed in web browsers, such as PhishTank [53], DNS-BH [54] and jwSpamSpy [55]. Commercial malicious URL detection systems are Google Safe Browsing [56], McAfee SiteAdvisor [57], Web of Trust (WOT) [58], Websense ThreatSeeker Network [59], Cisco IronPort Web Reputation [60] and Trend Micro Web Reputation Query Online System [61]. Blacklisting mechanisms are simple, easy-to-implement and are completely ineffective at finding the new malicious URL and additionally, always require human input to update the malicious URL repository.
Spear Phishing Detection
Published in Debabrata Samanta, SK Hafizul Islam, Naveen Chilamkurti, Mohammad Hammoudeh, Data Analytics, Computational Statistics, and Operations Research for Engineers, 2022
Shibayan Mondal, Samrajnee Ghosh, Achiket Kumar, SK Hafizul Islam, Rajdeep Chatterjee
According to the FBI, one of the most common types of cybercrime in 2020 was phishing. Phishing cases became more and more familiar with a boom in the number of instances from 114,702 cases in 2019 to 241,324 cases in 2020 (Yeboah-Boateng et al., 2014). Google safe browsing is trusted with detecting phishing sites on the Internet, and it has registered 2,145,013 phishing sites as of January 17, 2021. This is a significant hike compared to the malware sites, which are about 28,803 in number at the same time. Figure 8.1 shows the comparison of an increasing rate of unsafe websites between 2007 and 2019. According to the recent ESET threat report, in Q3 of 2020, phishing emails containing the most common types of malicious files were as follows: Windows executables files—74%Script files—11%Office documents—5%Compressed archives—4%PDF documents—2%Java files—2%Batch files—2%Shortcuts—2%Android executables—>1%
A survey of phishing attack techniques, defence mechanisms and open research challenges
Published in Enterprise Information Systems, 2022
Google provides a service for safe browsing (Google Safe browsing API 2017), which verifies the given URL with suspicious domains that are regularly updated by Google. Many popular web browsers like Mozilla Firefox, Google Chrome, etc. used this API. The latest version of this API is V4, which was introduced in 2016. Using the V4, the client can download encrypted versions of the safe browsing lists of URLs. Moreover, the latest version is fast (i.e., low-latency) and provides high accuracy. Following are the advantages and limitations of V4 API: