Fighting Phishing with Discriminative Keypoint Features of Webpages
|
|
- Milton Johnson
- 5 years ago
- Views:
Transcription
1 1 Fighting Phishing with Discriminative Keypoint Features of Webpages Kuan-Ta Chen, Jau-Yuan Chen, Chun-Rong Huang, and Chu-Song Chen Institute of Information Science, Academia Sinica {ktchen, nckuos, Abstract Phishing is a form of online identity theft associated with both social engineering and technical subterfuge. As such, it has become a major threat to information security and personal privacy. According to Gartner Inc., in 2007, more than $3.2 billion was lost due to phishing attacks in the US, and 3.6 million people lost money in such attacks. In this article, we present an effective image-based anti-phishing scheme based on discriminative keypoint features in webpages. We use an invariant content descriptor, the Contrast Context Histogram (CCH), to compute the similarity degree between suspicious pages and authentic pages. The results show that the proposed scheme achieves high accuracy and low error rates. (a) (b) 1 INTRODUCTION Phishing is a form of online identity theft associated with both social engineering and technical subterfuge. Specifically, phishers attempt to trick Internet users into revealing sensitive or private information, such as their bank account and credit card numbers. Unwary users are often lured to browse counterfeit websites through spoofed s, and they may easily be convinced that fake pages with hijacked brand names are authentic. When users unwittingly browse phishing pages, phishers can plant crimeware, also known as malware, on the victims computers. Then, through the crimeware, phishers can steal users private information, redirect users to malicious sites directly, or redirect them to the intended websites by way of phisher-controlled proxies. The Anti-Phishing Working Group (APWG) reported that the number of phishing webpages has increased by 28% each month since July 2004, and 5% of users who receive phishing s respond to such scams. More than 66, 000 cases of phishing were reported to, or detected by, APWG in September 2007; and up to 95% of the phishing targets were related to financial services and Internet retailers. According to a survey by Gartner, Inc., in 2007, more than $3.2 billion was lost due to phishing attacks in the United States, and 3.6 million people lost money in such attacks. Phishing has thus become a serious threat to information security and the privacy of Internet users. To deceive users into thinking phishing sites are legitimate, fake pages are often designed to look almost the same as the official pages in both layout and content. In addition, an arbitrary advertisement banner may be inserted to redirect users to another malicious website if they click on it. Take the (c) Fig. 1. Comparison of the official ebay page and phishing pages: (a) the official page; (b) a phishing page with the modified logo; (c) a phishing page with an advertisement banner inserted. phisher s favorite target, ebay, for example. Figure 1(a) shows the login page of the official ebay website, while Fig. 1(b) is a phishing page with a slight modification to the logo; specifically, the logo is smaller and the colored bar below the logo is missing. Figure 1(c) is a phishing page with an advertisement banner placed at the top of the page. These examples show how phishers ensnare the public and how difficult it is for general users to distinguish between legitimate and phishing pages. 2 CURRENT ANTI-PHISHING TECHNIQUES Several anti-phishing techniques have been proposed in recent years to strive to counter or prevent the increasing number of phishing attacks. Generally speaking, phishing detection and prevention techniques can be divided into two categories: 1) level approaches, including authentication and content filtering; and 2) browser integrated tools, which usually use URL blacklists, or employ webpage content analysis.
2 2 filtering techniques used to prevent phishing are quite popular in anti-spam solutions, as both try to stop scams from reaching target users by analyzing the content of s. The challenge in designing such techniques lies in how to construct efficient filter rules and simultaneously reduce the probability of false alarms. Phishing messages are usually sent as spoofed s; therefore, a number of path-based verification methods have been proposed. Current mechanisms, such as Sender ID proposed by Microsoft and DomainKey developed by Yahoo, are designed by looking up mail sources in DNS tables. However, these solutions have not been widely applied yet. Currently, the companies only provide the mechanisms in their own products and services free of charge. A browser-integrated tool usually relies on a blacklist, which contains the URLs of malicious sites, to determine whether a URL corresponds to a phishing page or not. In Microsoft Internet Explorer 7, for example, the address bar turns red when a malicious page is loaded. The effectiveness of a blacklist is strongly influenced by its coverage, credibility, and update frequency. At present, the most well-known blacklists are those maintained by Google and Microsoft, which are used by the most popular browsers, Mozilla Firefox and Microsoft Internet Explorer, respectively. However, experiments [4], [10] show that neither database can achieve a correct detection rate over 90%, and the worst case scenario can be lower than 60%. Some browser-integrated tools, e.g., SpoofGuard [2], itrustpage [11], and Liu et al. [8], [12] adopt approaches other than blacklists. One of these approaches examines the URL of a suspect page to determine if it is a spoofed address. For example, may link to a phishing page that mimics as the target. Some other approaches focus on analyzing a webpage s content, such as the HTML code, text, input fields, forms, links, and images. In the past, the content-based approach, which analyzes the HTML code and text on a webpage, proved effective in detecting phishing pages; however, phishers responded by compiling phishing pages with non-html components, such as images, Flash objects, and Java applets. For example, a phisher may design a fake page which is composed entirely of images, even if the original page only contains text information. In this case, the suspect page becomes unanalyzable by contentbased anti-phishing tools as its HTML code contains nothing but HTML <img/> elements. To address this problem, Fu et al. [3] proposed detecting phishing pages based on the similarity between the phishing and authentic pages at the visual appearance level, instead of rather than using text-based analysis. However, the proposed approach is susceptible to significant changes in the webpage s aspect ratio and colors used. 3 THE PROPOSED SCHEME As phishers may compose visually similar phishing pages in many different ways with non-text HTML elements, such as images and Flash objects, we compute the similarity of the phishing pages and the authentic pages at their presentation Fig. 2. The flow of the proposed phishing detection scheme. We first take a snapshot of a suspect page, and extract its keypoint feature information. Next, the features are matched with the keypoint feature information of protected webpages. The suspect page can then be assessed to determine whether or not it is a phishing page. level. Specifically, we treat phishing page detection as an image matching problem. Figure 2 illustrates the flow of our proposed detection scheme, which involves two steps: 1) image-based page matching, and 2) page classification. In the proposed scheme, we first take a snapshot of a suspect webpage and treat it as an image in the remainder of the detection process. We use the Contrast Context Histogram (CCH) descriptors proposed by Huang et al. [6], [7] to capture the invariant information around discriminative keypoints on the suspect page. The descriptors are then matched with those of the authentic pages of the protected domains, which are stored in a database compiled by users and authoritative organizations, such as the Anti-Phishing Working Group (APWG). The matching of CCH descriptors yields a similarity degree for a suspect page and an authentic page. Finally, we use the similarity degree between two pages to determine whether the suspect page is a counterfeit or not. If the similarity degree between a phishing page and an authentic page is greater than a certain threshold, the suspect page is considered as a phishing page of the authentic page, and considered genuine if it is not a phishing page of any of the authentic pages in the database. 3.1 Contrast Context Histogram (CCH) Image matching techniques have long been used for a long time in the computer vision and image processing fields. To determine whether two images are similar, a common approach involves extracting a vector of salient features from each image, and computing the distance between the vectors,
3 3 (a) (b) Fig. 3. (Left) Keypoints (marked by green crosses) detected in the image. Keypoints are the points in an image that can still be detected easily after changes (e.g., lighting variations) are applied. (Right) The logpolar coordinate system centered on a keypoint. The angle coordinate is divided into 8 levels, and the distance coordinate is divided into 3 levels; we have n = 24 subregions as a result. which is then taken as the degree of visual difference between the two images. The color histogram, which represents the distribution of the colors used in an image, for example, is one of the most widely-used features for image matching. However, we consider it unsuitable for computing the similarity between webpages. The reason is that webpages usually contain fewer colors than paintings; thus, it is not uncommon to find that many webpages have similar color distributions. In other words, the color histogram is not a useful discriminative feature for judging the similarity of webpages. We use the Contrast Context Histogram (CCH) [6], [7] descriptor because of its effectiveness and computational efficiency. Originally, the CCH descriptor was designed to achieve scale- and rotation-invariance in image matching; that is, two images are considered similar even if one of them has been undergone various types of scale- or rotationtransformation. However, such transformations are rarely seen in phishing pages because the pages must be very similar to the corresponding authentic pages in order to deceive unsuspecting users. Thus, we adapt the CCH descriptor to a more lightweight design for webpage comparisons. We call our design the L-CCH descriptor hereafter. To construct L-CCH descriptors for an image, we only use the gray-level information, which we obtain by averaging the red, green, and blue values of each pixel in the image. The Harris-Laplacian corners are then taken as the keypoints of the image. Readers not familiar with the Harris-Laplacian corner may refer to Mikolajczyk and Schmid s work [9] for details. Basically, the corner-detection method finds a number of salient points in an image. A point is considered a keypoint if it can still be detected after the image undergoes various changes, such as shifting, lighting variation, color transformation, or format conversion. Fig. 3 shows an example of the keypoints detected (marked by the green crosses) in an Fig. 4. The L-CCH descriptor with the log-polar coordinate system. (a) The gray-value contrast value between neighboring pixels and the keypoint (the center). (b) The L-CCH descriptor with a 2-tuple contrast vector in each sub-region. image. We use the relative brightness of neighboring pixels to describe a keypoint. By uniformly quantizing the azimuth angle and the distance coordinates, the neighbor region of each keypoint is divided into n non-overlapping sub-regions, where n = 24 in Fig. 4. The advantage of using a log-polar coordinate system is that this system is more sensitive to the image points nearby the center than those points farther away. For each neighboring pixel of a keypoint, we calculate the contrast value, i.e., the difference between the gray levels of the pixel and those of the keypoint. As shown in Fig. 4(a), a sub-region may contain some pixels with positive contrast values (the pink pixels), and some with negative contrast values (the blue pixels). We summarize the information in each sub-region by averaging the positive and negative contrast values respectively; therefore each sub-region can be described by a 2-tuple contrast vector, as shown in Fig. 4(b). We then concatenate the contrast vectors of all sub-regions to form a 2n-dimensional vector and define it as the L-CCH descriptor, where n is the number of sub-regions. Finally, to make the L-CCH descriptor invariant to linear lighting changes, we normalize it to a unit-length vector. Having obtained the L-CCH descriptor for each keypoint, we can quantify the similarity between two keypoints based on the Euclidean distance between their descriptors. A short Euclidean distance indicates that the keypoints are similar in terms of neighboring information. Based on this property, we find the most similar keypoint on a suspect webpage for each keypoint, K, on the authentic webpage by the following steps: First, we search for the two keypoints, A and B, on the suspect page that have the shortest and the second-shortest Euclidean distances from the keypoint, K, on the authentic page. Second, we consider K and A as a successful match if the ratio between the distance from K to A and the distance from K to B is smaller than a certain threshold (set to 0.6 in our experiments); otherwise, we consider that the keypoint K has no corresponding keypoints on the suspect page. An example of image correspondence found by the L-CCH descriptor is shown in Fig. 5, where a line connecting two keypoints means that a match exists between the images.
4 4 TABLE 1 The Top 5 Phishing Target Sites Sites Number of Records CR FNR FPR ebay % PayPal % Marshall & Ilsley Bank % Charter One Bank % Bank of America % 2.0% 2.1% Total Number of Phishing Target Pages: 300 pages in 74 sites. CR: Correct Rate; FNR: False Negative Rate; FPR: False Positive Rate Fig. 5. Sample result of image matching using the L-CCH descriptor. Fig. 7. Matching two pages from different sites. In this case, there are too few matched keypoints required to perform clustering. 3.2 Page Similarity Degree To determine whether a suspect webpage is a phishing webpage, we evaluate its similarity to the potential target based on CCH descriptors. Ideally, the number of successful matches found by descriptors should indicate the degree of similarity between the two pages. However, this is not always true in the cases of webpage comparison. Two webpages may have a number of keypoint matches not because they look similar, but simply because they contain the same logo, e.g., the logo of VeriSign, Inc., a well-known identity protection service provider. Therefore, to judge the similarity of two webpages, we need to consider not only the number, but also the spatial distribution, i.e., the locations, of the matched keypoints. To take the location of matched keypoints into account, we use the k-means algorithm [5] to divide them into a number of coherent groups based on their spatial distributions. The algorithm ensures that the keypoints in a group are always in a neighboring region. Figure 6 shows the clustering result of the official ebay webpage (left-hand side) and a phishing ebay page (right-hand side), where k = 4 groups are circled using different colors. Based on the results, we match groups of keypoints between the two webpages by voting; that is, for a group of keypoints, A, on the authentic page, a group of keypoints, B, on the suspect page will be considered as A s mapping if most of the keypoints in A match keypoints in B. We then define a keypoint as geographically matched if its group is a mapping of its corresponding keypoint s group. In cases where two pages are dissimilar, the number of matched points will be small so that the clustering cannot even be performed. For example, Fig. 7 shows the matching result of pages from different sites. Although a few of match, none of them are considered geographically matched as no clusters are found. Given the geographical matching information, we define the similarity degree between two webpages by the ratio of geographically matched keypoints to all the identified keypoints on the two pages. As phishing pages are similar to the authentic pages they try to mimic, we use the similarity degree between a suspect webpage and the authentic page to determine whether the suspect is indeed a counterfeit, which is normally designed to steal users sensitive information. 4 P ERFORMANCE E VALUATION According to a survey conducted by Secure Computing [1], more than half the phishing attacks in 2007 were targeted famous websites, such as ebay, a popular online auction service, and PayPal, a popular online billing service. For this reason, we collected a number of real-life phishing webpages that targeted the top 5 phishing targets, namely ebay, PayPal, Marshall and Ilsley Bank, Charter One Bank, and Bank of America. In addition, we collected 300 webpages of wellknown online bank and auction services, which are often targeted in phishing attacks in order to observe the distribution of 1) the similarity degree between a phishing page and its corresponding authentic page, and 2) the similarity between two unrelated webpages. We find that the former is normally a small value around zero, while the latter is normally a large value around one. Based on our observations, we empirically set the threshold to 0.6 and determine that a suspect page is a phishing page if its similarity degree is higher than this threshold. The evaluation results listed in Table 1 show that our scheme achieves a high degree of accuracy that ranges between 95% and 98%; moreover, the error rates, i.e., the false positive rate and false negative rate, are much lower than 1% in most cases. Case Studies In the following, we explain how our detection scheme works in real-life cases. Although phishers endeavor to make phishing pages indistinguishable from the authentic pages to deceive users, they usually make some modifications to evade phishing detection techniques. In our first case, which is a typical example, the phishers add an advertisement banner to the phishing page to slightly alter the layout. The change
5 5 Fig. 6. Clustering and matching of ebay s official page and a phishing page. Different clusters are circled in different colors. Fig. 8. Case study: the login page and a phishing page of Bank of America may not be noticed by unwary users, but it may make antiphishing tools less effective. Figure 8 shows the authentic Bank of America login page on the left-hand side, and a phishing page with an advertisement banner inserted on the right-hand side. Because the change is minor and Internet users are accustomed to advertisements on webpages, the inserted banner may go unnoticed by users. Even so, the banner changes the aspect ratio of the page and adds a great deal of red to the image, which will reduce the detection ability of anti-phishing solutions based on color distributions and page layout. In contrast, the effectiveness of our scheme is not degraded because it is based on local discriminative keypoints, which are invariant to changes in image layout and color distribution, the banner insertion does not affect the effectiveness of our scheme. It is worth noting that such banners not only help phishers evade anti-phishing solutions, but also make money for the phishers every time a banner is displayed on a user s computer. Our second case demonstrates another common phishing strategy whereby phishers alter the input form by adding or removing fields. For example, in the Bank of American case shown in Fig. 8, the phishers added an additional Enter Passcode field to the phishing page. As a result, unwitting users may provide sensitive information without realizing that such information is not requested on the authentic page. In other cases, phishers add fields that ask for more private data from users, such as credit card numbers and social security numbers. It is difficult for most users to detect that these modifications are fake because people do not usually remember exactly what fields should appear on an input form.
6 6 Once again, this case demonstrates the efficacy of our scheme. Even though both the advertisement banner and the additional field alter the page layout and aspect ratio, our CCH descriptor still yields a near perfect matching between the keypoints of the phishing and authentic pages. The above examples demonstrate how phishers can alter the design of an authentic webpage to deceive unwary users. Nevertheless, to ensure that phishing pages are similar to the authentic pages, most of the main elements of the original page must to be preserved. Our scheme is capable of detecting the similarity between fake pages and the original pages regardless of the types of changes. 5 CONCLUSION Phishing has become a major threat to information security and personal privacy, and many people have been cheated out of vast sums of money as a consequence. As phishing pages often look almost identical to their target pages, many anti-phishing solutions, such as content analysis and HTML code analysis, rely on this property to detect fake webpages. However, phishers are now countering these detection techniques by composing phishing pages with non-analyzable elements, such as images and Flash objects, even though the pages still look like the authentic pages. To address this problem, we propose an image-based phishing detection scheme that uses the Contrast Context Histogram, a descriptor for describing localinvariant discriminative keypoints. The results of evaluations and case studies show that our scheme can detect phishing pages with a high degree of accuracy and only a few false alarms. Moreover, as our scheme is purely based on passive monitoring of web pages that users browse, it is orthogonal to other solutions and therefore can be freely integrated with existing prevention and detection schemes to fight phishing together. [5] J. Han and M. Kamber, Data Mining: Concepts and Techniques (The Morgan Kaufmann Series in Data Management Systems). Morgan Kaufmann, September [6] C.-R. Huang, C.-S. Chen, and P.-C. Chung, Contrast context histogram - a discriminating local descriptor for image matching, in ICPR (4). IEEE Computer Society, 2006, pp [7], Contrast context histogram an efficient discriminating local descriptor for object recognition and image matching, Pattern Recognition, vol. 41, no. 10, pp , [Online]. Available: [8] W. Liu, X. Deng, G. Huang, and A. Y. Fu, An antiphishing strategy based on visual similarity assessment, IEEE Internet Computing, vol. 10, no. 2, pp , [9] K. Mikolajczyk and C. Schmid, Indexing based on scale invariant interest points, in Proc. of the Int. Conf. on Computer Vision, vol. 1, 2001, pp [10] P. Robichaux and D. L. Ganger, Gone phishing: Evaluating anti-phishing tools for windows, September 2006, [11] T. Ronda, S. Saroiu, and A. Wolman, itrustpage: A user-assisted antiphishing tool, the Proceedings of the ACM European Conference on Computer Systems (EuroSys), April [12] L. Wenyin, G. Huang, L. Xiaoyue, Z. Min, and X. Deng, Detection of phishing webpages based on visual similarity, in WWW (Special interest tracks and posters), A. Ellis and T. Hagino, Eds. ACM, 2005, pp ACKNOWLEDGEMENT This work was supported in part by Taiwan Information Security Center (TWISC), National Science Council under the grants NSC E and NSC E It was also supported in part by Taiwan E-learning and Digital Archives Programs (TELDAP) sponsored by the National Science Council of Taiwan under the grants NSC and NSC REFERENCES [1] Phishing statistics, Secure Computing, 2007, [2] N. Chou, R. Ledesma, Y. Teraguchi, and J. C. Mitchell, Client-side defense against web-based identity theft, in NDSS. The Internet Society, [3] A. Y. Fu, L. Wenyin, and X. Deng, Detecting phishing web pages with visual similarity assessment based on earth mover s distance (EMD), IEEE Trans. on Dependable and Secure Computing, vol. 3, no. 4, pp , [4] B. M. Hämmerli and R. Sommer, Eds., Detection of Intrusions and Malware, and Vulnerability Assessment, 4th International Conference, DIMVA 2007, Lucerne, Switzerland, July 12-13, 2007, Proceedings, ser. Lecture Notes in Computer Science, vol Springer, 2007.
Phishing Activity Trends
Phishing Activity Trends Report for the Month of September, 2007 Summarization of September Report Findings The total number of unique phishing reports submitted to APWG in September 2007 was 38,514, an
More informationHow to prevent phishing attacks? In 3 Pages. Author: Soroush Dalili irsdl {4t[ yahoo }d0t] com Website: Soroush.SecProject.
How to prevent phishing attacks? In 3 Pages Author: Soroush Dalili Email: irsdl {4t[ yahoo }d0t] com Website: Soroush.SecProject.Com March 2009 How to prevent phishing attacks? 1. Introduction Phishing
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received rose to 24,853 in, an increase of over 1, from February but still more than
More informationCE Advanced Network Security Phishing I
CE 817 - Advanced Network Security Phishing I Lecture 15 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
More informationPhishing Activity Trends Report August, 2005
Phishing Activity Trends Report August, 25 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial
More informationPhishing Activity Trends Report August, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More informationA new method of comparing webpages
A new method of comparing webpages Hao Jiang, CS657 Fall, 2013 Abstract Webpage comparison compare the similarity of two webpages. It can be useful in areas such as distinguishing phishing website and
More informationTrain employees to avoid inadvertent cyber security breaches
Train employees to avoid inadvertent cyber security breaches TRAIN EMPLOYEES TO AVOID INADVERTENT CYBER SECURITY BREACHES PAGE 2 How much do you know about cyber security? Small business owners often lack
More informationFAQ. Usually appear to be sent from official address
FAQ 1. What is Phishing Email? A form of fraud by which an attacker masquerades as a reputable entity in order to obtain your personal information. Usually appear to be sent from official email address
More informationPhishFighter: A Hybrid Anti-Phishing Plug-in
PhishFighter: A Hybrid Anti-Phishing Plug-in 1 Beena Kurian, 2 Jasmine Jolly, 3 Beena M V 1 M-Tech Student, 2 M-Tech Student, 3 Professor 1 Department of Computer Science & Engineering, 1 Vidya Academy
More informationELECTRONIC BANKING & ONLINE AUTHENTICATION
ELECTRONIC BANKING & ONLINE AUTHENTICATION How Internet fraudsters are trying to trick you What you can do to stop them How multi-factor authentication and other new techniques can help HELPING YOU STAY
More information06CS051. Server Side Support for SiteWatcher, an Antiphishing Software
Department of Computer Science BSCCS/BSCS Final Year Project Report 2006 2007 06CS051 Server Side Support for SiteWatcher, an Antiphishing Software (Volume 1 of 1 ) Student Name : Man Kin Pong Student
More informationAnti-Phishing Working Group
Phishing Attack Trends Report April, 2004 Phishing attacks use spoofed e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of June, 2007 Summarization of June Report Findings In the June 2007 report the APWG introduces a brand-domain pairs measurement (page 4) which combines the
More informationAnti-Phishing Security Strategy
Anti-Phishing Security Strategy Angelo P. E. Rosiello angelo@rosiello.org Who am I? Angelo P. E. Rosiello received the B.S. and M.S. degrees in Computer Science Engineering cum laude from Politecnico di
More informationA Lightweight Framework for Detection and Resolution for Phishing, Pharming and Spoofing
A Lightweight Framework for Detection and Resolution for Phishing, Pharming and Email Spoofing Pooja Modi 1, Hardik Upadhyay 2, Ketan Modi 3, Krunal Suthar 4 ME Student, Department of Computer Engineering,
More informationCustom Plugin A Solution to Phishing and Pharming Attacks
Custom Plugin A Solution to Phishing and Pharming Attacks Omer Mahmood School of Information Technology Charles Darwin University Darwin, NT, Australia Abstract - This paper proposes a new method to detect,
More informationPhishEye: Live Monitoring of Sandboxed Phishing Kits. Xiao Han Nizar Kheir Davide Balzarotti
PhishEye: Live Monitoring of Sandboxed Phishing Kits Xiao Han Nizar Kheir Davide Balzarotti Summary Motivation Sandboxed phishing kits Implementation Results [APWG Phishing Activity Trends Report 2 nd
More informationA REVIEW PAPER ON PHISHING A GROWING SCAM
http:// A REVIEW PAPER ON PHISHING A GROWING SCAM 1 Md Rashid Hussain, 2 Garima Srivastava 1 Associate Professor, ABESIT Ghaziabad, (India) 2 B.Tech Scholar, ABESIT Ghaziabad, (India) ABSTRACT Phishing
More informationPhishing Activity Trends Report October, 2004
Phishing Activity Trends Report October, 2004 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent websites which attempt to trick them into divulging
More informationPhishing Read Behind The Lines
Phishing Read Behind The Lines Veljko Pejović veljko@cs.ucsb.edu What is Phishing? "Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and
More informationThe Highly Insidious Extreme Phishing Attacks
The Highly Insidious Extreme Phishing Attacks Rui Zhao, Samantha John, Stacy Karas, Cara Bussell, Jennifer Roberts, Daniel Six, Brandon Gavett, and Chuan Yue Colorado School of Mines, Golden, CO 80401
More informationDoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations
//FOUO DoD Spear-Phishing Awareness Training Joint Task Force - Global Network Operations Updated: 16 NOV 2006 //FOUO Objective Inform and increase the awareness of all Department of Defense personnel
More informationAN ANTI-SPOOFING TOOL: SPOOFGUARD++
AN ANTI-SPOOFING TOOL: SPOOFGUARD++ A dissertation submitted to The University of Manchester for the degree of MSc in Advance Computer Science in the Faculty of Engineering and Physical Sciences 2011 MOHAMMED
More informationSecurity and Privacy
E-mail Security and Privacy Department of Computer Science Montclair State University Course : CMPT 320 Internet/Intranet Security Semester : Fall 2008 Student Instructor : Alex Chen : Dr. Stefan Robila
More informationUsability Testbed for Website Authentication Technologies
Usability Testbed for Website Authentication Technologies Maritza Johnson, Chaitanya Atreya, Adam Aviv, Mariana Raykova, Bryan Gwin, and Steve Bellovin 1 Financial Services Technology Consortium: Authenticating
More informationHow to recognize phishing s
Phishing email messages, websites, and phone calls are designed to steal money, steal data and/or destroy information. Cybercriminals can do this by installing malicious software on your computer or stealing
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of July, 2007 Summarization of July Report Findings For the first time recorded by the APWG, China has surpassed the United States as the country hosting the
More informationDesigning a Software that Detect and Block Phishing Attacks
Designing a Software that Detect and Block Phishing Attacks 1 Priyanka R. Raut, 2 Samiksha Bharne Abstract Phishing is a significant security threat to the Internet, which causes tremendous economic lost
More informationColor Content Based Image Classification
Color Content Based Image Classification Szabolcs Sergyán Budapest Tech sergyan.szabolcs@nik.bmf.hu Abstract: In content based image retrieval systems the most efficient and simple searches are the color
More informationSSAC Public Meeting Paris. 24 June 2008
SSAC Public Meeting Paris 1 in Phishing Attacks 2 What is? A phishing attack The attacker impersonates a registrar The phish emails are sent to The registrar's customers (bulk) A particular, targeted customer
More informationThe Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015
The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table
More informationDetecting Printed and Handwritten Partial Copies of Line Drawings Embedded in Complex Backgrounds
9 1th International Conference on Document Analysis and Recognition Detecting Printed and Handwritten Partial Copies of Line Drawings Embedded in Complex Backgrounds Weihan Sun, Koichi Kise Graduate School
More informationPROTECTING YOUR BUSINESS ASSETS
PROTECTING YOUR BUSINESS ASSETS How to Spot Danger Before Your Computer Gets Infected, Your Site Hosts Malware, and Your Credit Card Number Gets Stolen A MyNAMS Presentation by Regina Smola @2012 Regina
More informationEvolution of Spear Phishing. White Paper
Evolution of Spear Phishing White Paper Executive Summary Phishing is a well-known security threat, but few people understand the difference between phishing and spear phishing. Spear phishing is the latest
More informationAnti-Phishing Method for Detecting Suspicious URLs in Twitter
Anti-Phishing Method for Detecting Suspicious URLs in Twitter Salu Sudhakar 1, Narasimhan T 2 P.G. Scholar, Dept of Computer Science, Mohandas College of engineering and technology Anad, TVM 1 Assistant
More informationA NEW FEATURE BASED IMAGE REGISTRATION ALGORITHM INTRODUCTION
A NEW FEATURE BASED IMAGE REGISTRATION ALGORITHM Karthik Krish Stuart Heinrich Wesley E. Snyder Halil Cakir Siamak Khorram North Carolina State University Raleigh, 27695 kkrish@ncsu.edu sbheinri@ncsu.edu
More informationClient-side defenses against web-based identity theft
Client-side defenses against web-based identity theft Students: Robert Ledesma, Blake Ross, Yuka Teraguchi Faculty: Dan Boneh and John Mitchell Stanford University PORTIA Project 1 Phishing Attack Spam
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationUsable Security: Phishing
Usable Security: Phishing Dr. Kirstie Hawkey Content from: - Teaching Usable Privacy and Security: A guide for instructors (http:// cups.cs.cmu.edu/course-guide/) - some slides/content from Dr. Lorrie
More informationPhishing. Spoofed s
Phishing Spoofed emails 1 A Few Headlines 11.9 million Americans clicked on a phishing email in 2005 Gartner estimates that the total financial losses attributable to phishing will total $2.8 bln in 2006
More informationPhishing Activity Trends Report January, 2005
Phishing Activity Trends Report January, 2005 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent web sites which attempt to trick them into divulging
More informationFighting Spam, Phishing and Malware With Recurrent Pattern Detection
Fighting Spam, Phishing and Malware With Recurrent Pattern Detection White Paper September 2017 www.cyren.com 1 White Paper September 2017 Fighting Spam, Phishing and Malware With Recurrent Pattern Detection
More informationEE368 Project Report CD Cover Recognition Using Modified SIFT Algorithm
EE368 Project Report CD Cover Recognition Using Modified SIFT Algorithm Group 1: Mina A. Makar Stanford University mamakar@stanford.edu Abstract In this report, we investigate the application of the Scale-Invariant
More informationPhishing: When is the Enemy
Phishing: When E-mail is the Enemy Phishing, once only a consumer worry, is creating headaches for e-mail administrators as businesses become the next target. CONTENTS Understanding the Enemy 2 Three Things
More informationRobust Defenses for Cross-Site Request Forgery Review
Robust Defenses for Cross-Site Request Forgery Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic
More informationCHAPTER 5 URL ANALYSIS
112 CHAPTER 5 URL ANALYSIS 5.1 INTRODUCTION The Web has become a platform for supporting a wide range of criminal enterprises such as spam-advertised commerce, financial fraud and as a vector for propagating
More informationTarget Breach Overview
Target Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more specifics? A: Yes, Target has confirmed that it experienced unauthorized access to its systems
More informationPHONEY: Mimicking User Response to Detect Phishing Attacks
PHONEY: Mimicking User to Detect Phishing Attacks Madhusudhanan Chandrasekaran Ramkumar Chinchani Shambhu Upadhyaya Department of Computer Science and Engineering University at Buffalo 201, Bell Hall,
More informationIntroduction. Logging in. WebMail User Guide
Introduction modusmail s WebMail allows you to access and manage your email, quarantine contents and your mailbox settings through the Internet. This user guide will walk you through each of the tasks
More informationDetecting Malicious Web Links and Identifying Their Attack Types
Detecting Malicious Web Links and Identifying Their Attack Types Anti-Spam Team Cellopoint July 3, 2013 Introduction References A great effort has been directed towards detection of malicious URLs Blacklisting
More informationOnline (in)security: The current threat landscape Nikolaos Tsalis
Online (in)security: The current threat landscape Nikolaos Tsalis November 2015 Online (in)security: The current threat landscape Nikolaos Tsalis (ntsalis@aueb.gr) Information Security & Critical Infrastructure
More informationHash-based password authentication protocol against phishing and pharming attacks
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING XX, XXX-XXX (201X) Hash-based password authentication protocol against phishing and pharming attacks IKSU KIM 1, YONGYUN CHO 2 1 School of Computer Science
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More informationPhishing Attacks. Mendel Rosenblum. CS142 Lecture Notes - Phishing Attack
Phishing Attacks Mendel Rosenblum Phishing Basic idea: Get unsuspecting users to visit an evil Web site Convince them that the evil Web site is actually a legitimate site (such as a bank or PayPal) Trick
More informationThe Rise of Phishing. Dave Brunswick Tumbleweed Communications Anti-Phishing Working Group
The Rise of Phishing Dave Brunswick Tumbleweed Communications Anti-Phishing Working Group 2 The Anti-Phishing Working Group Industry association focused on eliminating identity theft and fraud from the
More informationPhishing Attack Prevention using Site Privileges
IJIRST International Journal for Innovative Research in Science & Technology Volume 1 Issue 11 April 2015 ISSN (online): 2349-6010 Phishing Attack Prevention using Site Privileges Ramesh R Department of
More informationQuick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page
Workshop #7 Email Security Previous workshops 1. Introduction 2. Smart phones & Tablets 3. All about WatsApp 4. More on WatsApp 5. Surfing the Internet 6. Emailing Quick recap on Emailing Email Security
More informationCOMMON WAYS IDENTITY THEFT CAN HAPPEN:
COMMON WAYS IDENTITY THEFT CAN HAPPEN: OLD FASHIONED STEALING / DUMPSTER DIVING Thieves typically steal wallets and purses. They also steal mail such as credit card and bank statements, pre-approved credit
More information3.5 SECURITY. How can you reduce the risk of getting a virus?
3.5 SECURITY 3.5.4 MALWARE WHAT IS MALWARE? Malware, short for malicious software, is any software used to disrupt the computer s operation, gather sensitive information without your knowledge, or gain
More informationConspicuous Character Patterns
Conspicuous Character Patterns Seiichi Uchida Kyushu Univ., Japan Ryoji Hattori Masakazu Iwamura Kyushu Univ., Japan Osaka Pref. Univ., Japan Koichi Kise Osaka Pref. Univ., Japan Shinichiro Omachi Tohoku
More informationA STUDY OF TWO-FACTOR AUTHENTICATION AGAINST ON-LINE IDENTITY THEFT
A STUDY OF TWO-FACTOR AUTHENTICATION AGAINST ON-LINE IDENTITY THEFT Seungjae Shin, Mississippi State University, 1000 HWY 19N Meridian MS 39307, sshin@meridian.msstate.edu, (601)484-0160 Jerry Cunningham,
More informationAssessing the Gap: Measure the Impact of Phishing on an Organization
Annual ADFSL Conference on Digital Forensics, Security and Law 2016 May 26th, 9:00 AM Assessing the Gap: Measure the Impact of Phishing on an Organization Brad Wardman PayPal Inc., brad.wardman@yahoo.com
More informationPhishing: Don t Phall Phor It Part 1
Phishing: Don t Phall Phor It Part 1 Software Training Services Welcome to Part 1 of the online course: Phishing: Don t Fall for it! 1 Objectives Definition of Phishing State of Phishing Today Recognizing
More informationAUTHENTICATION AND LOOKUP FOR NETWORK SERVICES
Vol.5, No.1, pp. 81-90, 2014 doi: 10.7903/ijecs.1040 AUTHENTICATION AND LOOKUP FOR NETWORK SERVICES Daniel J. Buehrer National Chung Cheng University 168 University Rd., Min-Hsiung Township, Chiayi County,
More informationIdentity Theft, Fraud & You. PrePare. Protect. Prevent.
PrePare. Protect. Prevent. Identity Theft, Fraud & You Fraud and identity theft incidents claimed fewer victims in 2010 than in previous years. But don t get too comfortable. Average out-of-pocket consumer
More informationPHISHING FILTERING MECHANISM USING HEURISTIC TECHNIQUE. Introduction
PHISHING E-MAIL FILTERING MECHANISM USING HEURISTIC TECHNIQUE M.K.P.Madushanka and AL.Hanees Department of Mathematical Sciences, Faculty of Applied Sciences South Eastern University of Sri Lanka Abstract
More informationWebroot Phishing Threat Trends
December 2016 Webroot Phishing Threat Trends An update to the 2016 Threat Brief Introduction Who would ever fall for that? That s what many people think when they see a phishing attempt, since less advanced
More informationEBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.
EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have
More informationReview of Phishing Detection Techniques
Review of Phishing Detection Techniques Swati Gaikwad Computer Engineering, DACOE, Pune, India. swatigaikwad0385@gmail.com Abstract Nowadays phishing attacks are increasing with burgeoning rate which is
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com KASPERSKY FRAUD PREVENTION 1. Ways of Attacking Online Banking The prime motive behind cybercrime is making money and today s sophisticated criminal
More informationWebomania Solutions Pvt. Ltd. 2017
The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.
More informationJPCERT/CC Incident Handling Report [January 1, March 31, 2018]
JPCERT-IR-2018-01 Issued: 2018-04-12 JPCERT/CC Incident Handling Report [January 1, 2018 - March 31, 2018] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives
More informationComment Extraction from Blog Posts and Its Applications to Opinion Mining
Comment Extraction from Blog Posts and Its Applications to Opinion Mining Huan-An Kao, Hsin-Hsi Chen Department of Computer Science and Information Engineering National Taiwan University, Taipei, Taiwan
More informationIT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)
IT Security Protecting Ourselves From Phishing Attempts Ray Copeland Chief Information Officer (CIO) Phishing Defined The fraudulent practice of sending emails claiming to be from reputable people or companies
More informationTrustwave SEG Cloud BEC Fraud Detection Basics
.trust Trustwave SEG Cloud BEC Fraud Detection Basics Table of Contents About This Document 1 1 Background 2 2 Configuring Trustwave SEG Cloud for BEC Fraud Detection 5 2.1 Enable the Block Business Email
More informationProtecting from Attack in Office 365
A hacker only needs one person to click on their fraudulent link to access credit card, debit card and Social Security numbers, names, addresses, proprietary information and other sensitive data. Protecting
More informationCorrelation and Phishing
A Trend Micro Research Paper Email Correlation and Phishing How Big Data Analytics Identifies Malicious Messages RungChi Chen Contents Introduction... 3 Phishing in 2013... 3 The State of Email Authentication...
More informationHow Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong
How Enterprise Tackles Phishing Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong Hackers turning to easy marks - Social engineering Phishing was the #1 threat vector (> 50%) for Office
More informationMobiFish: A Lightweight Anti-Phishing Scheme for Mobile Phones
MobiFish: A Lightweight Anti-Phishing Scheme for Mobile Phones Longfei Wu, Xiaojiang Du, and Jie Wu Dept. of Computer and Information Science Temple University Philadelphia, Pennsylvania 19122 {longfei.wu,
More informationContent Based Image Retrieval Using Color Quantizes, EDBTC and LBP Features
Content Based Image Retrieval Using Color Quantizes, EDBTC and LBP Features 1 Kum Sharanamma, 2 Krishnapriya Sharma 1,2 SIR MVIT Abstract- To describe the image features the Local binary pattern (LBP)
More informationThe 2011 IDN Homograph Attack Mitigation Survey
Edith Cowan University Research Online ECU Publications 2012 2012 The 2011 IDN Homograph Attack Survey Peter Hannay Edith Cowan University Gregory Baatard Edith Cowan University This article was originally
More informationInternational Journal of Scientific & Engineering Research, Volume 4, Issue 7, July ISSN
International Journal of Scientific & Engineering Research, Volume 4, Issue 7, July-2013 1492 An Anti-phishing Strategy Based On Webpage Structuring Rosali Pujapanda 1, Monalisha Parida 2, Ashis Kumar
More information(Botnets and Malware) The Zbot attack. Group 7: Andrew Mishoe David Colvin Hubert Liu George Chen John Marshall Buck Scharfnorth
(Botnets and Malware) The Zbot attack Group 7: Andrew Mishoe David Colvin Hubert Liu George Chen John Marshall Buck Scharfnorth What Happened? Type of Attack Botnet - refers to group of compromised computers
More informationSiteAdvisor Enterprise
SiteAdvisor Enterprise What Is SAE?... 2 Safety icons show threats while searching... 2 View site report while searching... 2 SiteAdvisor Enterprise button shows threats while browsing... 3 Access SiteAdvisor
More informationIntroduction. Logging in. WebQuarantine User Guide
Introduction modusgate s WebQuarantine is a web application that allows you to access and manage your email quarantine. This user guide walks you through the tasks of managing your emails using the WebQuarantine
More informationATTACHMENTS, INSERTS, AND LINKS...
Conventions used in this document: Keyboard keys that must be pressed will be shown as Enter or Ctrl. Objects to be clicked on with the mouse will be shown as Icon or. Cross Reference Links will be shown
More informationPanda Security 2010 Page 1
Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency
More informationCopyright 2018 Trend Micro Incorporated. All rights reserved.
Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent
More informationSecond International Barometer of Security in SMBs
1 2 Contents 1. Introduction. 3 2. Methodology.... 5 3. Details of the companies surveyed 6 4. Companies with security systems 10 5. Companies without security systems. 15 6. Infections and Internet threats.
More informationTechniques for detecting zero day phishing websites
Graduate Theses and Dissertations Graduate College 2009 Techniques for detecting zero day phishing websites Michael Blasi Iowa State University Follow this and additional works at: http://lib.dr.iastate.edu/etd
More informationElementary Computing CSC 100. M. Cheng, Computer Science
Elementary Computing CSC 100 1 Internet (2) TCP/IP and IP Addresses Hostnames and Domain Name System Internet Services Client/Server and Peer- 2- Peer Applications SPAMs & Phishing, Worms, Viruses & Trojans
More informationCountermeasure for the Protection of Face Recognition Systems Against Mask Attacks
Countermeasure for the Protection of Face Recognition Systems Against Mask Attacks Neslihan Kose, Jean-Luc Dugelay Multimedia Department EURECOM Sophia-Antipolis, France {neslihan.kose, jean-luc.dugelay}@eurecom.fr
More informationIntroduction to
Introduction to Email gcflearnfree.org/print/email101/introduction-to-email Introduction Do you ever feel like the only person who doesn't use email? You don't have to feel left out. If you're just getting
More informationPhishing Websites Classification using Hybrid SVM and KNN Approach
Phishing Websites Classification using Hybrid SVM and KNN Approach Altyeb Altaher Faculty of Computing and Information Technology in Rabigh, King Abdulaziz University, Jeddah, Saudi Arabia Abstract Phishing
More informationPEOPLE CENTRIC SECURITY THE NEW
PEOPLE CENTRIC SECURITY THE NEW PARADIGM IN CYBERSECURITY David Karlsson SE Nordics March 2018 1 2018 Proofpoint, Inc. Proofpoint at a Glance LEADING CUSTOMERS DEEP SECURITY DNA UNIQUE VISIBILITY PARTNERS
More informationFighting Phishing I: Get phish or die tryin.
Fighting Phishing I: Get phish or die tryin. Micah Nelson and Max Hyppolite bit.ly/nercomp_sap918 Please, don t forget to submit your feedback for today s session at the above URL. If you use social media
More informationHow Facebook knows exactly what turns you on
How Facebook knows exactly what turns you on We have developed our anti tracking system to combat a culture of user data collection which, we believe, has gone too far. These systems operate hidden from
More informationDo not open attachments on s that you are not sure of.
Avoid free online offers of programs to rid your hard drive of viruses and shred your history completely. It will probably install spyware or infect your hard drive. Do not open attachments on emails that
More informationCS 4495 Computer Vision A. Bobick. CS 4495 Computer Vision. Features 2 SIFT descriptor. Aaron Bobick School of Interactive Computing
CS 4495 Computer Vision Features 2 SIFT descriptor Aaron Bobick School of Interactive Computing Administrivia PS 3: Out due Oct 6 th. Features recap: Goal is to find corresponding locations in two images.
More information