Inside a phisher's mind: Understanding the anti-phishing ecosystem through phishing kit analysis

Oest, Adam; Safei, Yeganeh; Doupé, Adam; Ahn, Gail-Joon; Wardman, Brad; Warner, Gary

doi:10.1109/ecrime.2018.8376206

Cited by 79 publications

(71 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Thus, the attack can be launched through various impersonation forms such as legitimately-looking websites, emails, a third-party app UI, and more. Moreover, the attacker can spoof the victim user using advanced tools such as a Phishing kit [55] or Click-jacking [56]. For example, the attacker can use fake website templates and execute a server-side data collection using the Phishing Kit.…”

Section: B Phishing / Impersonation Attack (A 8 )mentioning

confidence: 99%

A Security Analysis of Blockchain-Based Did Services

et al. 2021

View full text Add to dashboard Cite

Decentralized identifiers (DID) has shown great potential for sharing user identities across different domains and services without compromising user privacy. DID is designed to enable the minimum disclosure of the proof from a user's credentials on a need-to-know basis with a contextualized delegation. At first glance, DID appears to be well-suited for this purpose. However, the overall security of DID has not been thoroughly examined. In this paper, we systemically explore key components of DID systems and analyze their possible vulnerabilities when deployed. First, we analyze the data flow between DID system components and analyze possible security threats. Next, we carefully identify potential security threats over seven different DID functional domains, ranging from user wallet to universal resolver. Lastly, we discuss the possible countermeasures against the security threats we identified.

show abstract

Section: B Phishing / Impersonation Attack (A 8 )mentioning

confidence: 99%

A Security Analysis of Blockchain-Based Did Services

et al. 2021

View full text Add to dashboard Cite

show abstract

“…An approach is to replace the TLD with a different TLD [88]. UTF8 encoding can also be used to produce identical-looking characters from different languages and alphabets, such as replacing the English 'b' with the Russian 'b' [90] or using confusing character combinations such as 'rn' for 'm' [69].…”

Section: A Url Lexical Featuresmentioning

confidence: 99%

“…Since obtaining a valid certificates cost money, it made some sense that legitimate sites would be more likely to have them. However, after the introduction of LetsEncrypt, which provides free certificates to websites, support for encryption is no longer a significant phishing feature as both legitimate and phishing sites now have valid certificates [8,90].…”

Section: F Certificate-based Featuresmentioning

confidence: 99%

“…Public key certificates can be verified at one of three levels which range from a simple check that the domain is controlled by the certificate requester (domain-validate) [50], to the Extended Validation (EV) certificate which requires the issuer to perform extensive checks of the identity of the organisation the certificate is being given to [108]. EV certificates are effective at proving identity, but they also expensive to obtain, and many sites do not have them [38,90].…”

Section: F Certificate-based Featuresmentioning

confidence: 99%

“…Attackers often reuse phishing kits, therefore, a URL could have similar pathname (directory) to previously blacklisted URLs [88,90,91,112]. They also reuse their redirection servers [106], therefore, another feature is to expand shortened URLs before adding to the list [40,106] and also include URLs in the redirection chain, including HTTP, meta and JavaScript redirection [88,100], in the blacklists.…”

Section: G Black/white List Featuresmentioning

confidence: 99%

See 2 more Smart Citations

A Review of Human- and Computer-Facing URL Phishing Features

Althobaiti

Rummani

Vaniea

2019

2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

When detecting phishing websites, both humans and computers rely on aspects of the website (features) to aid in their decision making. In this work, we conduct a review of URL-based phishing features that appear in publications targeting humanfacing and automated anti-phishing approaches. We focus on both humans and computers to obtain a more comprehensive feature list and create a cross-community foundation for future research. We reviewed 94 papers and categorise their features into: lexical, host, rank, redirection, certificate, search engine, and black/white lists. We find that research on automation has used all feature categories but several, such as host-based features (e.g. DNS), are minimally explored in human-facing anti-phishing research.

show abstract