Scaling and Effectiveness of Email Masquerade Attacks

Baki, Shahryar; Verma, Rakesh M.; Mukherjee, Arjun; Gnawali, Omprakash

doi:10.1145/3052973.3053037

Cited by 29 publications

(32 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…NLG is a challenging research area in which the goal is to generate coherent, human-like text. The Dada engine [11] has been previously used to construct short masquerade emails [5] as well as academic papers on postmodernism [10]. It is a text generation tool based on the recursive transition network (RTN).…”

Section: Natural Language Generation and Dadamentioning

confidence: 99%

“…Some of the offers had this sentence "we found your resume on Monster.com," so some participants mentioned why the offer should be sent through LinkedIn while they found the resume on Monster. 5 (3) Some mentioned that the profile picture is unprofessional or has low quality.…”

Section: Practical Issuesmentioning

confidence: 99%

“…In this paper, we use RTN (a semi automatic text generation technique) to generate phishing emails. The effectiveness of RTN in email masquerade attack has been studied in [5], but here we use it for generating company representative offers which are much longer and more complex. Although RTN requires some human interactions to generate the grammars, it showed promising results and users were not able to distinguish them from human generated email.…”

Section: Defense Mechanismmentioning

confidence: 99%

“…We also consider semi-automatic generation of such attacks using natural language generation techniques (NLG) such as those employed in the Dada tool [10]. This technique previously has been used successfully for masquerade attack [5] but with short emails. With the recent advancement of language modeling techniques using neural networks (NN) [19,50,58], some researchers used NN for generating emails [18,55], but could not generate coherent text.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Scam Augmentation and Customization: Identifying Vulnerable Users and Arming Defenders

Baki

Verma

Gnawali

2020

Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

Why do "classical" attacks such as phishing, IRS scams, etc., still succeed? How do attackers increase their chances of success? How do people reason about scams and frauds they face daily? More research is needed on these questions, which is the focus of this paper. We take a well-known attack, viz. company representative fraud, and study several parameters that bear on its effectiveness with a between-subjects study. We also study the effectiveness of a coherent language generation technique in producing phishing emails. We give ample room for the participants to demonstrate their reasoning and strategies. Unfortunately, our experiment indicates that participants are inadequately prepared for dealing with even the company representative fraud. Participants also could not differentiate between offers written by human or generated semi-automatically. Moreover, our results show attackers can easily increase their success rate by adding some basic information about the sender, so defenders should focus more on such attacks. We also observed that participants who paid attention to more clues were better in distinguishing legitimate messages from phishing, hence training regimes should check for reasoning strategies, not just who did not click on a link or download an attachment. Thus, insights from our work can help defenders in developing better strategies to evaluate their defenses and also in devising more effective training strategies. CCS CONCEPTS • Security and privacy → Phishing; Usability in security and privacy; • Human-centered computing → User studies.

show abstract

Section: Natural Language Generation and Dadamentioning

confidence: 99%

Section: Practical Issuesmentioning

confidence: 99%

Section: Defense Mechanismmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Scam Augmentation and Customization: Identifying Vulnerable Users and Arming Defenders

Baki

Verma

Gnawali

2020

Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…Whilst there has been research using eye trackers to understand engagement with phishing website there is less research applying this technology to phishing emails (Baki et al, 2017), which are one vector through which targets may be directed to a phishing website in the first instance. There are recommendations made to the public by various organizations around what is likely to denote something as being a phishing email, such as the National Cyber Security Centre advice to look for misspellings, the use of urgency and the use of threatening language (National Cyber Security Centre, 2020), which reflects the typical features of phishing emails identified in the literature (Pfeffel et al, 2019).…”

Section: Introductionmentioning

confidence: 99%

Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking

McAlaney

Hills

2020

Front. Psychol.

View full text Add to dashboard Cite

Social engineering attacks in the form of phishing emails represent one of the biggest risks to cybersecurity. There is a lack of research on how the common elements of phishing emails, such as the presence of misspellings and the use of urgency and threatening language, influences how the email is processed and judged by individuals. Eye tracking technology may provide insight into this. In this exploratory study a sample of 22 participants viewed a series of emails with or without indicators associated with phishing emails, whilst their eye movements were recorded using a SMI RED 500 eyetracker. Participants were also asked to give a numerical rating of how trustworthy they deemed each email to be. Overall, it was found that participants looked more frequently at the indicators associated with phishing than would be expected by chance but spent less overall time viewing these elements than would be expected by chance. The emails that included indicators associated with phishing were rated as less trustworthy on average, with the presence of misspellings or threatening language being associated with the lowest trustworthiness ratings. In addition, it was noted that phishing indicators relating to threatening language or urgency were viewed before misspellings. However, there was no significant interaction between the trustworthiness ratings of the emails and the amount of scanning time for phishing indicators within the emails. These results suggest that there is a complex relationship between the presence of indicators associated with phishing within an email and how trustworthy that email is judged to be. This study also demonstrates that eye tracking technology is a feasible method with which to identify and record how phishing emails are processed visually by individuals, which may contribute toward the design of future mitigation approaches.

show abstract

Community Targeted Phishing

Giaretta

Dragoni

2019

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Scaling and Effectiveness of Email Masquerade Attacks

Cited by 29 publications

References 42 publications

Scam Augmentation and Customization: Identifying Vulnerable Users and Arming Defenders

Scam Augmentation and Customization: Identifying Vulnerable Users and Arming Defenders

Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking

Community Targeted Phishing

Contact Info

Product

Resources

About