UnPhishMe: Phishing Attack Detection by Deceptive Login Simulation through an Android Mobile App

Ndibwile, Jema David; Kadobayashi, Youki; Fall, Doudou

doi:10.1109/asiajcis.2017.19

Cited by 11 publications

(10 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In our previous work [34], we developed a prototype of an Android application (UnPhishMe) that simulates a user login procedure by using dummy login credentials to thwart phishing attacks. We used the automation framework (Selendroid [27]) which has the ability to manipulate the User Interface (UI) of Android native and web apps.…”

Section: B Recommended System Strategy For Phishing Detection On Smartphonesmentioning

confidence: 99%

An Empirical Approach to Phishing Countermeasures Through Smart Glasses and Validation Agents

et al. 2019

Self Cite

View full text Add to dashboard Cite

Phishing attacks have been persistent for more than two decades despite mitigation efforts from academia and industry. We believe that users fall victim to attacks not only because of lack of knowledge and awareness, but also because they are not attentive enough to security indicators and visual abnormalities on the webpages they visit. This is also probably why smart device users, who have more limited screen size and device capabilities compared to desktop users, are three times more likely to fall victim to phishing attacks. To assert our claim, we first investigated general phishing awareness among different groups of smartphone users. We then used smart eyeglasses (electro-oculographic) to experimentally measure the mental effort and vigilance exhibited by users while surfing a website and while playing an Android phishing game that we developed. The results showed that knowledge and awareness about phishing do not seem to have a significant impact on security behaviours, as knowledgeable participants exhibited insecure behaviours such as opening email attachments from unfamiliar senders. However, attentiveness was important as even participants with low cybersecurity knowledge could effectively identify attacks if they were reasonably attentive. Based on these results, we asserted that users are more likely to continue falling victim to phishing attacks due to insecure behaviours, unless tools to lessen the identification burden are provided. We thus recommended implementing a lightweight algorithm into a custom Android browser for detecting phishing sites deceptively without a user interaction. We used fake login credentials as validation agents and monitor the destination server HTTP responses to determine the authenticity of a webpage. We also presented initial evaluation results of this algorithm.

show abstract

Section: B Recommended System Strategy For Phishing Detection On Smartphonesmentioning

confidence: 99%

An Empirical Approach to Phishing Countermeasures Through Smart Glasses and Validation Agents

et al. 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…These factors increase the chances and risks of Wi-Fi hotspot spoofing [11]. Furthermore, since mobile devices have small computing resources, they do not offer the same level of built-in security mechanisms as desktop computers [12], [23].…”

Section: Introductionmentioning

confidence: 99%

“…The detection could be done by determining the legitimacy of AP using details collected from their broadcasts (probe responses). On the other hand, we adopt the method proposed by [23] to detect fake APs with a captive portal by deceiving the portal with fake login credentials, which minimises the risk of users exposing their true credentials to attackers. We do this by simulating a fake captive portal on Android devices.…”

Section: Introductionmentioning

confidence: 99%

FakeAP Detector: An Android-Based Client-Side Application for Detecting Wi-Fi Hotspot Spoofing

Mwinuka

Agghey²,

Kaijage

et al. 2022

IEEE Access

View full text Add to dashboard Cite

Network spoofing is becoming a common attack in wireless networks. The trend is going high due to an increase in Internet users. Similarly, there is a rapid growth of numbers in mobile devices in the working environments and on most official occasions. The trends pose a huge threat to users since they become the prime target of attackers. More unfortunately, mobile devices have weak security measures due to their limited computational powers. Current approaches to detect spoofing attacks focus on personal computers and rely on the network hosts' capacity, leaving guest users with mobile devices at risk. Some approaches on Android-based devices demand root privilege, which is highly discouraged. This paper presents an Android-based client-side solution to detect the presence of fake access points in a perimeter using details collected from probe responses. Our approach considers the difference in security information and signal level of an access point (AP). We present the detection in three networks, (i) open networks, (ii) closed networks and (iii) networks with captive portals. As a departure from existing works, our solution does not require root access for detection, and it is developed for portability and better performance. Experimental results show that our approach can detect fake access points with an accuracy of 99% and 99.7% at an average of 24.64 and 7.78 milliseconds in open and closed networks, respectively.

show abstract

“…Despite the fact that cyberattacks relying on users' naivety such as phishing are persistent [8], the cybersecurity knowledge among many users globally is still low especially in developing countries [10], [16], [17]. Previous studies have only focused on users of similar or certain demographics: permanently residing in developed countries, certain age, certain socio-economic status etc., Refs.…”

Section: Introductionmentioning

confidence: 99%

A Demographic Perspective of Smartphone Security and Its Redesigned Notifications

Ndibwile

Luhanga

Fall

et al. 2019

Journal of Information Processing

Self Cite

View full text Add to dashboard Cite

Billions of smartphones, globally, are running out-of-date Operating Systems (OS) which make them vulnerable to cyberattacks. Behaviours of users in updating their OS vary between different geographic locations considering various demographic factors. For instance, developing countries have a very different stance compared to developed ones on how their users perceive device updates. To assert our claim, we first investigated security behaviours among different demographics in Japan and Tanzania. The results indicate that demographic factors such as culture, income, and geographic location highly impact behaviours of participants on OS updating. However, education and awareness do not seem to have significant impact on security behaviours. Consequently, insecure behaviours were equally exhibited among most participants regardless of their education levels or awareness. We also found that most participants do not update their application software on their smartphones despite being aware. Moreover, in the developing country settings, most participants tend to avoid certain security advice because they necessitate incurring data charges that take up a high percentage of their incomes. Then, we surveyed and evaluated the participants' preferences for different re-designed security notifications for improving update compliance. Finally, we propose color-coded fear-appeal designs for persuading users into updating their devices' application software.

show abstract

UnPhishMe: Phishing Attack Detection by Deceptive Login Simulation through an Android Mobile App

Cited by 11 publications

References 17 publications

An Empirical Approach to Phishing Countermeasures Through Smart Glasses and Validation Agents

An Empirical Approach to Phishing Countermeasures Through Smart Glasses and Validation Agents

FakeAP Detector: An Android-Based Client-Side Application for Detecting Wi-Fi Hotspot Spoofing

A Demographic Perspective of Smartphone Security and Its Redesigned Notifications

Contact Info

Product

Resources

About