The COVID‐19 scamdemic: A survey of phishing attacks and their countermeasures during COVID‐19

Al‐Qahtani, Ali F.; Cresci, Stefano

doi:10.1049/ise2.12073

Cited by 29 publications

(9 citation statements)

References 116 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another group of studies focuses on identifying and aggregating the modus operandi used in phishing emails during the Covid-19 pandemic. A survey of Al-Qahtani and Cresci (2022) reviewed 54 studies about phishing attacks and analysed the modus operandi and the proposed techniques for detecting Covid-19 phishing, smishing and vishing attacks. As indicated in the Microsoft Digital Defense Report, phishing attacks consist of almost 70% of all cyber attacks ( Kaliňák, 2021 ).…”

Section: Related Workmentioning

confidence: 99%

The development of phishing during the COVID-19 pandemic: An analysis of over 1100 targeted domains

Hoheisel¹,

Capelleveen²,

Sarmah³

et al. 2023

Computers & Security

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

The development of phishing during the COVID-19 pandemic: An analysis of over 1100 targeted domains

Hoheisel¹,

Capelleveen²,

Sarmah³

et al. 2023

Computers & Security

View full text Add to dashboard Cite

“…Phishing was by far the most prevalent form of attack that had distinctive features and was intended to take advantage of COVID-19's quirks in order to maximise its likelihood of success. [5] The majority of prominent phishing attacks that took place during COVID 2019 focussed on posing as government agencies (such as the WHO or the US Centres for disease Control and Prevention (CDC)) by either creating a fake email/website to lure the users to enter their sensitive information.…”

Section: Introductionmentioning

confidence: 99%

An enhanced deep learning‐based phishing detection mechanism to effectively identify malicious URLs using variational autoencoders

Prabakaran¹,

Chandrasekar²,

Sundaram³

2023

IET Information Security

View full text Add to dashboard Cite

Phishing attacks have become one of the powerful sources for cyber criminals to impose various forms of security attacks in which fake website Uniform Resource Locators (URL) are circulated around the Internet community in the form of email, messages etc., in order to deceive users, resulting in the loss of their valuable assets. The phishing URLs are predicted using several blacklist-based traditional phishing website detection techniques. However, numerous phishing websites are frequently constructed and launched on the Internet over time; these blacklist-based traditional methods do not accurately predict most phishing websites. In order to effectively identify malicious URLs, an enhanced deep learning-based phishing detection approach has been proposed by integrating the strength of Variational Autoencoders (VAE) and deep neural networks (DNN). In the proposed framework, the inherent features of a raw URL are automatically extracted by the VAE model by reconstructing the original input URL to enhance phishing URL detection. For experimentation, around 1 lakh URLs were crawled from two publicly available datasets, namely ISCX-URL-2016 dataset and Kaggle dataset. The experimental results suggested that the proposed model has reached a maximum accuracy of 97.45% and exhibits a quicker response time of 1.9 s, which is better when compared to all the other experimented models.

show abstract

Section: Introductionmentioning

confidence: 99%

“…Many researchers have studied phishing attacks and put forward corresponding countermeasures. Among all the recently proposed solutions to prevent phishing attacks, most research efforts have focussed on detecting phishing websites [22]. For example, Manoj et al [23] proposed an enhanced deep learning-based phishing detection approach by integrating the strength of Variational Autoencoders and deep neural networks to identify malicious URLs effectively.…”

Section: Introductionmentioning

confidence: 99%

Defending against social engineering attacks: A security pattern‐based analysis framework

Song

Pang

2023

IET Information Security

View full text Add to dashboard Cite

Social engineering attacks are a growing threat to modern complex systems. Increasingly, attackers are exploiting people's "vulnerabilities" to carry out social engineering attacks for malicious purposes. Although such a severe threat has attracted the attention of academia and industry, it is challenging to propose a comprehensive and practical set of countermeasures to protect systems from social engineering attacks due to its interdisciplinary nature. Moreover, the existing social engineering defence research is highly dependent on manual analysis, which is time-consuming and labour-intensive and cannot solve practical problems efficiently and pragmatically. This paper proposes a systematic approach to generate countermeasures based on a typical social engineering attack process. Specifically, we systematically 'attack' each step of social engineering attacks to prevent, mitigate, or eliminate them, resulting in 62 countermeasures. We have designed a set of social engineering security patterns that encapsulate relevant security knowledge to provide practical assistance in the defence analysis of social engineering attacks. Finally, we present an automatic analysis framework for applying social engineering security patterns. We applied the case study method and performed semi-structured interviews with nine participants to evaluate our proposal, showing that our approach effectively defended against social engineering attacks.

show abstract

The COVID‐19 scamdemic: A survey of phishing attacks and their countermeasures during COVID‐19

Cited by 29 publications

References 116 publications

The development of phishing during the COVID-19 pandemic: An analysis of over 1100 targeted domains

The development of phishing during the COVID-19 pandemic: An analysis of over 1100 targeted domains

An enhanced deep learning‐based phishing detection mechanism to effectively identify malicious URLs using variational autoencoders

Defending against social engineering attacks: A security pattern‐based analysis framework

Contact Info

Product

Resources

About