Needle in a Haystack

Tian, Ke; Jan, Steve T. K.; Hu, Hang; Yao, Danfeng; Wang, Gang

doi:10.1145/3278532.3278569

Cited by 85 publications

(22 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such solutions process and analyze all incoming email messages and, based on rules or ML, classify them as either phishing or legitimate. ML filtering techniques have become state of the art and the classification of phishing website (e.g., [34][35][36][37][38]) can be used for blacklists. Such approaches can prevent a phishing message from reaching the target user, but attackers can use ML techniques as well (e.g., [39]) for bypassing such AI detection systems.…”

Section: Phishing Countermeasuresmentioning

confidence: 99%

Don’t click: towards an effective anti-phishing training. A comparative literature review

Jampen

Gür

Sutter

et al. 2020

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

The security threat posed by email-based phishing campaigns targeted at employees is a well-known problem experienced by many organizations. Attacks are reported each year, and a reduction in the number of such attacks is unlikely to occur in the near future (see Fig. 1). A common type of phishing attack involves an attacker attempting to trick victims into clicking on links sent via email. Such links redirect victims to websites that are carefully designed to mimic those of legitimate organizations with the goal of convincing users to provide their personal information and credentials. Attackers then use the phished data to execute their schemes further. Phishing attacks may be used to obtain access to an organization's internal servers and steal company secrets or to steal victims' personal information, such as credit card details [1]. In this publication, we focus on email-based phishing attacks, as this is currently the most commonly used channel and poses a significant threat to both individuals and companies globally

show abstract

Section: Phishing Countermeasuresmentioning

confidence: 99%

Don’t click: towards an effective anti-phishing training. A comparative literature review

Jampen

Gür

Sutter

et al. 2020

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

show abstract

“…VirusTotal reports malware detections on 5 domains, but only by at most 3 out of 67 engines; these detections appear to be based on outdated information. However, Tian et al [66] have found that over 90% of phishing sites served through squatting domains could evade blacklisting, meaning that phishing may already be much more prevalent on our candidate IDNs. Finally, parked domains are known to only sometimes redirect to malicious content [68]: we manually saw instances of such intermittent redirects to blacklisted sites for several IDNs.…”

Section: Securitymentioning

confidence: 97%

“…Moreover, they generated 42 434 additional IDNs with sufficient visual similarity that are still unregistered. Tian et al [66] searched for phishing sites that impersonate a set of 702 popular brands both in content and in domain, a.o. through homograph domains.…”

Section: Background and Related Workmentioning

confidence: 99%

Funny Accents: Exploring Genuine Interest in Internationalized Domain Names

Pochat

Goethem

Joosen

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

International Domain Names (IDNs) were introduced to support non-ASCII characters in domain names. In this paper, we explore IDNs that hold genuine interest, i.e. that owners of brands with diacritical marks may want to register and use. We generate 15 276 candidate IDNs from the page titles of popular domains, and see that 43% are readily available for registration, allowing for spoofing or phishing attacks. Meanwhile, 9% are not allowed by the respective registry to be registered, preventing brand owners from owning the IDN. Based on WHOIS records, DNS records and a web crawl, we estimate that at least 50% of the 3 189 registered IDNs have the same owner as the original domain, but that 35% are owned by a different entity, mainly domain squatters; malicious activity was not observed. Finally, we see that application behavior toward these IDNs remains inconsistent, hindering user experience and therefore widespread uptake of IDNs, and even uncover a phishing vulnerability in iOS Mail.

show abstract

“…Malicious Domain Names and Websites. Much research has been conducted on ways to observe the registration and early activity of malicious domain names [10,12,20]. Hao et al [10] unveiled that DNS infrastructures and early DNS lookup patterns for a newly registered malicious domain name differ significantly from those with a legitimate domain name.…”

Section: Related Workmentioning

confidence: 99%

A First Look at COVID-19 Domain Names: Origin and Implications

Kawaoka

Chiba

Watanabe

et al. 2021

Passive and Active Measurement

View full text Add to dashboard Cite

This work takes a first look at domain names related to COVID-19 (Cov19doms in short), using a large-scale registered Internet domain name database, which accounts for 260 M of distinct domain names registered for 1.6 K of distinct top-level domains. We extracted 167 K of Cov19doms that have been registered between the end of December 2019 and the end of September 2020. We attempt to answer the following research questions through our measurement study: RQ1: Is the number of Cov19doms registrations correlated with the COVID-19 outbreaks?, RQ2: For what purpose do people register Cov19doms? Our chief findings are as follows: (1) Similar to the global COVID-19 pandemic observed around April 2020, the number of Cov19doms registrations also experienced the drastic growth, which, interestingly, pre-ceded the COVID-19 pandemic by about a month, (2) 70% of active Cov19doms websites with visible content provided useful information such as health, tools, or product sales related to and (3) non-negligible number of registered Cov19doms was used for malicious purposes. These findings imply that it has become more challenging to distinguish domain names registered for legitimate purposes from others and that it is crucial to pay close attention to how Cov19doms will be used/misused in the future.

show abstract

Needle in a Haystack

Cited by 85 publications

References 37 publications

Don’t click: towards an effective anti-phishing training. A comparative literature review

Don’t click: towards an effective anti-phishing training. A comparative literature review

Funny Accents: Exploring Genuine Interest in Internationalized Domain Names

A First Look at COVID-19 Domain Names: Origin and Implications

Contact Info

Product

Resources

About