Phishing Attacks and Protection Against Them

Ivanov, Michael A.; Kliuchnikova, Bogdana V.; Chugunkov, Ilya V.; Plaksina, Anna M.

doi:10.1109/elconrus51938.2021.9396693

Cited by 6 publications

(4 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Social engineering is the main attack in the cryptocurrency community and has become increasingly common (Ivanov et al 2021;Weber et al 2020); it involves attackers using psychological tricks that enable them to gain access to the contents of users' wallets (Weber et al 2020). Cryptocurrency phishing is the most common technique used in social engineering techniques.…”

Section: Cryptocurrency Fraud and Phishingmentioning

confidence: 99%

Phishing Attacks on Cryptocurrency Investors in the Arab States of the Gulf

Alyami,

Alhotaylah,

Alshehri

et al. 2023

JRFM

View full text Add to dashboard Cite

With the rapid development of technology in all fields, including the financial field, people have flocked to invest in cryptocurrencies, sometimes without prior knowledge or experience. This has prompted hackers to prey on inexperienced investors through many types of fraud and attacks, especially phishing attacks. Cryptocurrency investment transactions take place without intermediaries such as banks and monetary institutions. Investing in cryptocurrencies is a form of peer-to-peer transaction and takes place without the involvement of physical wallets. This study addresses cases where people may become victims of phishing attacks due to the nature of cryptocurrency investments. The aim of this study was to understand the concepts of various phishing attacks on cryptocurrencies and to measure the awareness of cryptocurrency investors in the Arab Gulf countries regarding the security risks associated with cryptocurrency investments. This research was conducted by distributing a questionnaire among cryptocurrency investors and collecting and analyzing all the survey responses. The results reveal a lack of awareness about how to deal with the security risks associated with cryptocurrency investments. The research concludes that the majority of cryptocurrency investors are unaware of how to deal with phishing attacks. Finally, we address future research directions and recommend actions that can be taken to increase investors’ awareness of this issue.

show abstract

Section: Cryptocurrency Fraud and Phishingmentioning

confidence: 99%

Phishing Attacks on Cryptocurrency Investors in the Arab States of the Gulf

Alyami,

Alhotaylah,

Alshehri

et al. 2023

JRFM

View full text Add to dashboard Cite

show abstract

“…The most common PDF attack vectors are malicious links that can hide under regular-looking buttons inside the PDF file [72], [73]. The button could be a Fake CAPTCHA, coupon, file sharing download/request access button, static picture with a video play button, or any lure trick.…”

Section: Linksmentioning

confidence: 99%

Content Disarm and Reconstruction of PDF Files

Dubin

2023

IEEE Access

View full text Add to dashboard Cite

Content Disarm and Reconstruction (CDR) is a zero-trust file methodology that proactively extracts threat attack vectors from documents and media files. While extensive literature on CDR emphasizes its importance, a detailed discussion of how the CDR process works, its effectiveness, and its drawbacks is not presented. Therefore, this paper presents PdfCDR, the first PDF CDR system in which the validation, the prevention rate, and the received visual similarity effect of disarming and reconstruction are presented and measured. Furthermore, PdfCDR suggests for the first time a novel method dealing with new emerging exploits by automatically converting detection rules to disarm and reconstruction rules. As a result, PdfCDR can prevent evasive attacks without any software upgrades and utilize the cyber security community knowledge to prevent cyber attacks as soon as they are advertised. The effectiveness of the novel PdfCDR against well-known PDF datasets shows that it disarmed not only the malicious components, but the reconstructed file is also usable and functional. However, since CDR relies on understanding the file format, any CDR solution should handle each supported file type separately due to the vast difference in each file format. Hence, this paper focuses on the Portable Document Format (PDF) file type that attackers commonly exploit. The results indicate that PdfCDR successfully CDR 90% of the malicious files while the remaining 10% were encrypted or had abnormal structures compared to the standard and were quarantined.

show abstract

“…Phishing is the sending of messages with the main objective to gather personal data of users [35,36]. It is a popular method for stealing credentials, committing fraud and distributing malware.…”

Section: Overview Ddos Phishing and Ransomwarementioning

confidence: 99%

“…It is a popular method for stealing credentials, committing fraud and distributing malware. Phishing is based on social engineering: by using methods of persuasion the attacker tries to circumvent a victim's critical thinking and let him perform the action which the phisher wants to accomplish, like giving credentials or installing malware [35]. There are 3 types of targets for phishing: general/indiscriminate, semi-targeted and spear phishing [37].…”

Section: Overview Ddos Phishing and Ransomwarementioning

confidence: 99%

Untitled

2022

JISIS

View full text Add to dashboard Cite

Recent leaks (such as Conti) have provided greater insights on the working of cybercriminal organisations. Just like any other business, these malicious actors strategically manage their processes in order to maximise their revenues. Coordinating different types of cybercrimes as part of a single attack campaign provides another opportunity to these criminal groups to improve the efficiency of their attacks. To investigate the promise of this "coordination" between cybercrimes in improving the financial gains realised by cybercriminals, we take a two-step approach. First, we perform a bibliometric analysis of past scientific literature discussing the concept of "coordination" w.r.t to cybercrime. Second, as a case study, analysing the attack chains of DDoS, phishing and ransomware attacks, we identify vantage points for potential coordination from an attacker's perspective. Based on our findings, we propose a model (COORDINATE) to identify the types of potential cybercrime "coordinations". COORDINATE considers three relevant types of coordination: direct collaborated coordination, indirect collaborated coordination, and opportunistic coordination. Given the advantages of coordinated attacks, our results suggest that one crime may provide opportunities for the next one. Coordinated attacks will become more prevalent, and that we may witness the development of a dynamic that leads to more online crime.

show abstract

Phishing Attacks and Protection Against Them

Cited by 6 publications

References 0 publications

Phishing Attacks on Cryptocurrency Investors in the Arab States of the Gulf

Phishing Attacks on Cryptocurrency Investors in the Arab States of the Gulf

Content Disarm and Reconstruction of PDF Files

Untitled

Contact Info

Product

Resources

About