I Don’t Need an Expert! Making URL Phishing Features Human Comprehensible

Althobaiti, Kholoud; Meng, Nicole; Vaniea, Kami

doi:10.1145/3411764.3445574

Cited by 20 publications

(9 citation statements)

References 58 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Participants spent little time viewing security indicators when assessing websites, instead using similar strategies to those found in prior work [19], [18], such as close inspection of web-page content or paying attention to the URL, despite misunderstandings regarding syntax such as differences between domains and sub-domains. These results hold when we also consider that many end-users struggle to understand the syntax and function of URLs [2], [5], [53]. More recently, Zheng and Becker [70] conducted a study to investigate the impact of presenting email headers to end-users had on their ability to identify legitimate phishing examples.…”

Section: A Users Identifying Phishmentioning

confidence: 68%

"I didn't click": What users say when reporting phishing

Pilavakis¹,

Jenkins²,

Kökciyan³

et al. 2023

Proceedings 2023 Symposium on Usable Security

View full text Add to dashboard Cite

When people identify potential malicious phishing emails one option they have is to contact a help desk to report it and receive guidance. While there is a great deal of effort put into helping people identify such emails and to encourage users to report them, there is relatively little understanding of what people say or ask when contacting a help desk about such emails. In this work, we qualitatively analyze a random sample of 270 help desk phishing tickets collected across nine months. We find that when reporting or asking about phishing emails, users often discuss evidence they have observed or gathered, potential impacts they have identified, actions they have or have not taken, and questions they have. Some users also provide clear arguments both about why the email really is phishing and why the organization needs to take action about it.

show abstract

Section: A Users Identifying Phishmentioning

confidence: 68%

"I didn't click": What users say when reporting phishing

Pilavakis¹,

Jenkins²,

Kökciyan³

et al. 2023

Proceedings 2023 Symposium on Usable Security

View full text Add to dashboard Cite

show abstract

“…We instead seek to identify and characterize clusters of seemingly unique and disassociated URLs as a motivated whole and thus, gain more pertinent insights into such concerted attacks. This is exemplified in one of our key findings: Google Safe Browsing 1 , the default block-list used in most web-browsers, is not able to detect all unique URLs for 49.76% of 18,360 multi-URL malicious campaigns we discovered. Considering the expectation that malware is often unleashed in waves, this indicates that a more refined approach is warranted.…”

Section: Introductionmentioning

confidence: 84%

“…Regardless of their intent, malicious actors have relied on the humble Uniform Resource Locator (URL) as the penultimate step in their pernicious operations. Littered throughout phishing emails, social network spam, and suspicious web-sites, these otherwise common text strings are crafted to mislead end-users [1,2]. This results in the divulging of sensitive personal and/or commercial information via fake login pages [3], or the inadvertent download of malware which compromise machines and allow unauthorized access [4].…”

Section: Introductionmentioning

confidence: 99%

Characterizing Malicious URL Campaigns

Almashor,

Ahmed,

Pick

et al. 2021

Preprint

View full text Add to dashboard Cite

URLs are central to a myriad of cyber-security threats, from phishing to the distribution of malware. Their inherent ease of use and familiarity is continuously abused by attackers to evade defences and deceive end-users. Seemingly dissimilar URLs are being used in an organized way to perform phishing attacks and distribute malware. We refer to such behaviours as campaigns, with the hypothesis being that attacks are often coordinated to maximize success rates and develop evasion tactics. The aim is to gain better insights into campaigns, bolster our grasp of their characteristics, and thus aid the community devise more robust solutions. To this end, we performed extensive research and analysis into 311M records containing 77M unique real-world URLs that were submitted to VirusTotal from Dec 2019 to Jan 2020. From this dataset, 2.6M suspicious campaigns were identified based on their attached metadata, of which 77,810 were doubly verified as malicious. Using the 38.1M records and 9.9M URLs within these malicious campaigns, we provide varied insights such as their targeted victim brands as well as URL sizes and heterogeneity. Some surprising findings were observed, such as detection rates falling to just 13.27% for campaigns that employ more than 100 unique URLs. The paper concludes with several casestudies that illustrate the common malicious techniques employed by attackers to imperil users and circumvent defences.

show abstract

“…Recent work shifts the focus from automated phishing detection to detection support to assist users in making their own judgements [3], since automated approaches are not always 100% accurate and real-time support such as warnings can effectively change risky behaviors. Presenting users with security indicators' information enables human strength in capturing abnormal behaviors, such as contextual awareness.A human-centric solution using autonomous ML agents to aid judgment can therefore be a crucial step in the right direction.…”

Section: Introductionmentioning

confidence: 99%

“…Most of the existing works on phishing detection support heavily rely on the legitimacy of URLs [2,3]. However, explanations of URL features are easy to understand by general users, e.g., website rank, hostname, and domain popularity.…”

Section: Introductionmentioning

confidence: 99%

Email Summarization to Assist Users in Phishing Identification

Kashapov¹,

Wu²,

Abuadbba³

et al. 2022

Preprint

View full text Add to dashboard Cite

Cyber-phishing attacks recently became more precise, targeted, and tailored by training data to activate only in the presence of specific information or cues. They are adaptable to a much greater extent than traditional phishing detection. Hence, automated detection systems cannot always be 100% accurate, increasing the uncertainty around expected behavior when faced with a potential phishing email. On the other hand, human-centric defence approaches focus extensively on user training but face the difficulty of keeping users up to date with continuously emerging patterns. Therefore, advances in analyzing the content of an email in novel ways along with summarizing the most pertinent content to the recipients of emails is a prospective gateway to furthering how to combat these threats. Addressing this gap, this work leverages transformer-based machine learning to (i) analyze prospective psychological triggers, to (ii) detect possible malicious intent, and to (iii) create representative summaries of emails. We then amalgamate this information and present it to the user to allow them to (i) easily decide whether the email is "phishy" and (ii) self-learn advanced malicious patterns. CCS Concepts• Security and privacy → Network security; • Computing methodologies → Natural language processing.

show abstract

I Don’t Need an Expert! Making URL Phishing Features Human Comprehensible

Cited by 20 publications

References 58 publications

"I didn't click": What users say when reporting phishing

"I didn't click": What users say when reporting phishing

Characterizing Malicious URL Campaigns

Email Summarization to Assist Users in Phishing Identification

Contact Info

Product

Resources

About