An interdiscplinary study of phishing and spear-phishing attacks
نویسندگان
چکیده
In a world where spear-phishing is one of the most common attacks used to steal confidential data, it is necessary to instruct technical and non-technical users about new mechanisms attackers can use to generate these attacks. We want to focus on phishing attacks, where a social engineer communicates a deceitful message to their victims in order to obtain some confidential information, because of recent advancements in the field. Nowadays, with all the information most users provide online along with the advancements of fields such as data mining, it is more difficult for users to distinguish between malicious and benign communication. If the attack is designed to target a specific user with the knowledge of his or her information it is called spearphishing. Spear-phishing attacks tend to be more successful than other attacks due to their targeted nature. Recent studies by Intel suggest that 97% of people cannot identify phishing emails. Therefore, as educators we find the need to instruct users about the structure, purpose, and power of these attacks. In this investigation we propose the construction of a body of knowledge for phishing and spear-phishing attacks. Our motivation is the increasement of accuracy, success, and scale of these attacks in the last decade. The body of knowledge we propose provide a corpus of what we think are the main components of phishing attacks: psychology, computation, and sociology. Studying these aspects of phishing attacks can help future generations of computer science students to better understand how to defend against them. As a community, we need to provide a better definition for the set of vulnerabilities social engineers use to exploit their victims. We propose to expand the curriculum for these types of attacks and to include interdisciplinary areas such as psychology and sociology in future courses that relate to social engineering. More precisely, we aim to educate students on the aspects we argue are involved in the eval-
منابع مشابه
A Design for an Anti-spear-phishing System Aycock
Phishing is a widespread and effective computer-mediated social attack. Phishers have proven highly adaptable in terms of exploiting new communications channels – witness ‘vishing’ and ‘SMiShing’ – and are becoming increasingly sophisticated. At the same time, research has shown that current anti-phishing measures are less than adequate. One concern in terms of malicious software is targeted at...
متن کاملPhishing Attacks in a Mobile Environment
There is no agreed upon definition for Phishing. Although, the medium of attack may vary, the goal is to steal confidential information from an individual. Classical Phishing attacks via mass mailing have a low return of investment rate. Generally, one mass mailing of 100,000 emails may collect between 10 to 100 victims. On the contrary, Phishing scams targeted to a specific group of people in ...
متن کاملAn Initial Study on Personalized Filtering Thresholds in Defending Sequential Spear Phishing Attacks
Different from spam and regular phishing attacks, spear phishing attacks target a small group of people, and the attackers usually make elaborate plans before attacking. There is existing work on classifying spear phishing emails where a threshold value is used to balance misclassified normal emails and misclassified malicious emails. However, most existing systems use a uniform threshold for a...
متن کاملPhishing - A Growing Threat to E-Commerce
In today’s business environment, it is difficult to imagine a workplace without access to the web, yet a variety of email born viruses, spyware, adware, Trojan horses, phishing attacks, directory harvest attacks, DoS attacks, and other threats combine to attack businesses and customers. This paper is an attempt to review phishing – a constantly growing and evolving threat to Internet based comm...
متن کاملDetecting Fake Websites Using Swarm Intelligence Mechanism in Human Learning
The internet and its various services have made users to easily communicate with each other. Internet benefits including online business and e-commerce. E-commerce has boosted online sales and online auction types. Despite their many uses and benefits, the internet and their services have various challenges, such as information theft, which challenges the use of these services. Information thef...
متن کامل