2011
DOI: 10.1007/s13278-011-0031-y
|View full text |Cite
|
Sign up to set email alerts
|

Profiling phishing activity based on hyperlinks extracted from phishing emails

Abstract: Phishing activity has recently been focused on social networking sites as a more effective way of exploiting not only the technology but also the trust that may exist between members in a social network. In this paper, a novel method for profiling phishing activity from an analysis of phishing emails is proposed. Profiling is useful in determining the activity of an individual or a particular group of phishers. Work in the area of phishing is usually aimed at detection of phishing emails. In this paper, we con… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
11
0

Year Published

2012
2012
2020
2020

Publication Types

Select...
5
2

Relationship

0
7

Authors

Journals

citations
Cited by 15 publications
(11 citation statements)
references
References 18 publications
0
11
0
Order By: Relevance
“…However, the user is tricked because the link directs him/her to the website following the ampersand symbol, which is a phishing website. [13] [18] In the following format <userinfo>@<host>, the browser will link to the <host> site and ignore the <userinfo>. That is, it is checked if the syntax of the URL is 'http(s)://username.password@domain_name or http://www.sbi.account.com@example.net/ Prior to the ampersand symbol is the user information, and following the ampersand symbol is the domain name to retrieve a webpage.…”
Section: Country-code Validationmentioning
confidence: 99%
See 1 more Smart Citation
“…However, the user is tricked because the link directs him/her to the website following the ampersand symbol, which is a phishing website. [13] [18] In the following format <userinfo>@<host>, the browser will link to the <host> site and ignore the <userinfo>. That is, it is checked if the syntax of the URL is 'http(s)://username.password@domain_name or http://www.sbi.account.com@example.net/ Prior to the ampersand symbol is the user information, and following the ampersand symbol is the domain name to retrieve a webpage.…”
Section: Country-code Validationmentioning
confidence: 99%
“…For Instancehttp://paypal-update.com sounds legitimate but it is phished URL, redirecting spoofed website but the genuine is https://paypal.com. [13] [18] Hexadecimal in URL: If an IP address is used as an alternative of the domain name in the URL, such as "http://125.94.5.140/phishi.html", users can be sure that someone is trying to steal their personal information. the IP address is also converted in hexadecimal code as shown in the following linkhttp://0x58.0xCC.0xCA.0x62/2/paypal.ca/index.html or in ASCII code to confuse the user and redirect to phishing site [18].…”
Section: Country-code Validationmentioning
confidence: 99%
“…These Heuristic are associated with Suspicious URL forms or patterns and symbols, The Characters such as "@" and more than one time "//" rarely appear in a URL. 23,24 The legitimate sites have one TLD so if URL containing more than one considered as phishing site. Phishing sites have very less life-time as get block listed.…”
Section: Suspicious Url Forms or Patternsmentioning
confidence: 99%
“…Fake Login form in a phishing page is a dangerous sign of loss money or sensitive information as listed in Table 1. 13,14,16,[23][24][25][26][27][28][29][30][31][32][33][34][35][36]…”
Section: Suspicious Url Forms or Patternsmentioning
confidence: 99%
“…Both these filters have high misclassification rates. AbuNimeh et al [11] [23] obtained profiles of phishing activity by solving the problem using a multi-class classification problem utilizing features extracted from URLs in the emails. This study is closely related to Bergholz et al [16,17], in the sense that, we use topic model PLSA (as compared to CLTOM) for phishing detection.…”
Section: Server Side Filters and Classifiersmentioning
confidence: 99%