Dissertations / Theses on the topic 'Email phishing'

Abstract. Phishing is a constantly evolving threat in the world of information security that affects everyone, no matter if you’re a retail worker or the head of IT in a large organisation. Because of this, this thesis aims to give the reader a good overview of what phishing is, and due to its prevalence in email and instant messaging, focuses on educating the reader on common signs and techniques used in phishing in the aforementioned forms of communication. The chosen research method is literature review, as it is the ideal choice for presenting an overview of a larger subject. As a result of the research, many common phishing signs and techniques in both email and instant messaging are presented. Some of these signs include strange senders, fake domain names and spellings mistakes. With this thesis, anyone looking to improve their understanding about phishing can do so in a way that is easy to understand. Some suggestions for future research are also presented based on this thesis’ shortcomings, namely the lack of studies on phishing in instant messaging.

Thesis (M.S. in Computer Science)--Naval Postgraduate School, March 2009.
Thesis Advisor(s): Garfinkel, Simson L. "March 2009." Description based on title screen as viewed on April 24, 2009. Author(s) subject terms: Digital Authentication, S/MIME, Official bulk email, phishing. Includes bibliographical references (p. 55-57). Also available in print.

Because of the development of the Internet and the rapid increase of the electronic commercial, the incidents on stealing the consumers' personal identify data and financial account credentials are becoming more and more common. This phenomenon is called phishing. Now phishing is so popular that web sites such as papal , eBay, MSN, Best Buy, and America Online are frequently spoofed by phishers. What’s more, the amount of the phishing sites is increasing at a high rate.

The aim of the report is to analyze different phishing phenomenon and help the readers to identify phishing attempts. Another goal is to design an anti-phishing system which can detect the phishing e-mails and then perform some operations to protect the users. Since this is a big project, I will focus on the mail detecting part that is to analyze the detected phishing emails and extract details from these mails.

A list of the most important information of this phishing mail is extracted, which contains “mail subject”, “ mail received date”, “targeted user”, “the links”, and “expiration and creation date of the domain”. The system can presently extract this information from 40% of analyzed e-mails.

How does the email load and stress affect the susceptibility to phishing and scam emails? The study was conducted with a Qualitative research approach. Semi-structured interviews were selected for the data gathering. Thematic Analysis was used to analyze Empirical data. This research studied if a high email load affects the likelihood of falling victim to phishing and scam attacks. Research was studied through a theoretical lens of stress, since high email load is subjective for each individual and stress rate can show better how people are perceiving their email load. Findings suggest that high email load for the majority of people in this study, does increase the susceptibility towards phishing and scam emails. Furthermore, those people with higher email load who are processing their emails heuristically evaluated their stress rates higher than those with high email load who are processing their emails systematically. Therefore, the results indicate that there is a relation between high email load, stress and susceptibility to phishing and scam emails. In this study, it was found that majority of respondents described high stress as a factor that played a role in their susceptibility of falling victim to phishing and scam emails.

Phishing is a reoccurring issue, which uses social engineering as an attack strategy. The prevention of these attacks is often content-based filters. These solutions are however not always perfect, and phishing emails can still be able to get through the filters. We suggest a new strategy to combat phishing. The strategy is a technical platform which uses the psychology concept nudge. Nudge is a concept that can be used to change a certain behaviour, in this case to make people more cautious when reading their emails.The objective of this thesis is to suggest a nudge using a technical platform regarding possible desensitization. The nudge aims to change email related behaviours to more healthy ones. To get indications if the nudge has benefits, a qualitative survey was made. When using a psychology-based solution, one must address the possibility of desensitization. To minimize possible desensitization, a quantitative analysis was made where different ways to minimize desensitization were assessed. Data for this analysis was gathered by a simulation modeling, where the simulation aimed to replicate a user performing email related events.The conclusion of the simulation results showed that a whitelist approach was the most appropriate for our nudge. The approach minimized the chance of possible desensitization while having a low risk of not performing a nudge when needed. The conclusion of the survey results was that there was an indication of behavioural change and that there existed a risk of possible desensitization.
Nätfiske är ett återkommande problem, som använder sig av social manipulation som attackstrategi. Försvar mot dessa attacker är ofta innehållsbaserade filter. Dessa lösningar är inte alltid perfekta, då nätfiske kan ibland gå förbi filterna. Vi föreslår en ny strategi för att bekämpa nätfiske. Strategin är en teknisk plattform som använder det psykologiska konceptet nudge. Nudge är ett koncept som kan användas för att ändra ett visst beteende, i detta fall för att göra människor mer försiktiga när de läser sina emails.Syftet med detta arbete är att föreslå en nudge i en teknisk plattform där man tar hänsyn till eventuell desensibilisering. Nudgens mål är att ändra emailrelaterade beteenden så att beteendena blir säkrare. En kvalitativ undersökning gjordes för att få indikationer om nudgen har möjliga fördelar. När man använder en psykologibaserad lösning så måste man ta itu med möjligheten av desensibilisering. En kvantitativ analys gjordes där olika sätt att minimera desensibilisering bedömdes, för att sedan kunna minimera desensibiliseringen. Data för denna analys samlades in genom en simuleringsmodellering, där simuleringens syfte var att replikera en användare som utför email-relaterade händelser.Slutsatsen av simuleringsresultaten visade att en whitelist-metod var den mest lämpliga för vår nudge. Metoden minimerade risken för möjlig desensibilisering, samtidigt som den hade en låg risk att inte utföra en nudge när det behövdes. Slutsatsen av undersökningsresultatet från enkäten var att det fanns en indikation för beteendeförändringar och att det fanns en risk för eventuell desensibilisering av nudgen.

The goal with this research has been to answer questions related to social engineeringbased phishing attacks: email phishing and website phishing. This study answers questions like why these attacks occur, which type of internet users easily get tricked by phishers, Moreover this study consist of different defense mechanisms that exist against the attacks, weaknesses in them, examples to improve them and other technical solutions against them. Often the attacks consist of a combination of both email phishing and website phishing. A link can be sent to a user via email that leads to a phishing site where the user get tricked into submitting personal information.These attacks aims to steal personal information and money from users. There are anti-phishing tools in web browsers and mailsystems to protect the user. There are special phishingfilters and features that can protect users from phishing mails and detect them. Users who get attacked by phishers are those who lack knowledge about them. But since high educated people and security experts also fall for phishing beacuse phishers develop new techniques and strategies to attack users, more advanced techniques in web browsers and mail systems are needed. This study was done through a systematic litterture review where 10 articles where chosen. These articles where studied and summarised through a content analysis.
Målet med denna undersökning har varit att besvara frågor relaterat till social engineeringbaserade phishngattacker: email phishing och website phishing. Den här studien tar upp varför dessa attacker utförs, vilka användare som mest blir drabbade av de. Vidare handlar studien om olika skyddsmekanismer som existerar mot attackerna, vilka bristerna det finns i de, eventuella förbättringsförslag och förslag på andra tekniska lösningar. Oftast sker attackerna genom en kombination av email phishing och website phishing. En skadlig länk kan skickas till en användare via mail som leder till en phishingsida där användaren blir lurad till att fylla i privata uppgifter om sig själv. Dessa attacker sker främst för att stjäla personuppgifter och leder oftast till att en användare blir drabbad finansiellt. Det finns olika anti-phishing verktyg i webbläsare och mailsystem för att skydda användare. Mot email phishing finns speciella phishingfilter och olika kännetecken som hjälper till att skydda mot skadliga mail och upptäcka de. De flesta som blir drabbade av phishing är just användare som ej är medvetna om vad phishing är. Men eftersom det visat sig att även högutbildade människor och säkerhetsexperter faller för phishing då phisher utvecklar nya tekniker och strategier att utföra attacker, krävs det mer avancerade tekniska lösningar i webbläsare och mailsystem. Studien har genomförts med hjälp av en systematisk litteraturstudie, där 10 artiklar valdes ut. Dessa artiklar bearbetades och sammanfattades genom en innehållsanalys.

The Internet has been plagued with endless spam for over 15 years. However, in the last five years spam has morphed from an annoying advertising tool to a social engineering attack vector. Much of today's unwanted email tries to deceive users into replying with passwords, bank account information, or to visit malicious sites which steal login credentials and spread malware. These email-based attacks are known as phishing attacks. Much has been published about these attacks which try to appear real not only to users and subsequently, spam filters. Several sources indicate traditional content filters have a hard time detecting phishing attacks because the emails lack the traditional features and characteristics of spam messages. This thesis tests the hypothesis that by separating the messages into three categories (ham, spam and phish) content filters will yield better filtering performance. Even though experimentation showed three-way classification did not improve performance, several additional premises were tested, including the validity of the claim that phishing emails are too much like legitimate emails and the ability of Naive Bayes classifiers to properly classify emails.

Phishing has been the most frequent cybercrime activity over the last 15 years and has caused billions of dollars to be stolen. This happens due to the fact that phishing attackers always use new (zero-day) and sophisticated techniques to deceive online customers. The most common way to initiate a phishing attack is by using email. In this thesis, a novel framework is proposed that combines a neural network with reinforcement learning for detecting online phishing attacks. This thesis addresses the effectiveness of phishing email detection, and it makes the following contributions. Firstly, a novel pre-processing system has been designed to gather and extract the features and patterns of phishing email. To cover all behaviour that phishers use to deceive online customers, fifty features were selected. Pre-processing is divided into three layers, based on the main types of email content. Secondly, a novel algorithm has been proposed for the exploration of new phishing behaviour. The proposed algorithm has the ability to select the effective list of features from the list of features extracted in the pre-processing phase. Thirdly, this thesis proposed a novel Dynamic Evolving Neural Network using Reinforcement Learning (DENNuRL) algorithm, which can be used to generate the best neural network for classification problem based on reinforcement learning idea. Finally, a novel framework for Phishing Email Detection System (PEDS) has been proposed. The PEDS has the ability to adapt itself to generate a new PEDS that reflects changes in behaviour. Therefore, reinforcement learning is adopted in the proposed framework combined with neural network to enhance the system dynamically over time in the online mode. The proposed technique can effectively handle zero-day phishing attacks. The proposed phishing email detection model was trained, tested and validated in the online mode using an approved dataset. The promising results showed that the DENNuRL can provide an effective means of phishing detection. The proposed model successfully classified and identified approximately 98.6% of phishing emails selected from the test dataset, with low false positive rates of 1.8%. A comparison with other similar techniques using the same dataset shows that the proposed technique outperforms the existing methods.

In recent years, online deception has become a major threat to information security. Online deception that caused significant consequences is usually spear phishing. Spear-phishing emails come in a very small volume, target a small number of audiences, sometimes impersonate a trusted entity and use very specific content to redirect targets to a phishing website, where the attacker tricks targets sharing their credentials. In this thesis, we aim at measuring the entire process. Starting from phishing emails, we examine anti-spoofing protocols, analyze email services' policies and warnings towards spoofing emails, and measure the email tracking ecosystem. With phishing websites, we implement a powerful tool to detect domain name impersonation and detect phishing pages using dynamic and static analysis. We also analyze credential sharing on phishing websites, and measure what happens after victims share their credentials. Finally, we discuss potential phishing and privacy concerns on new platforms such as Alexa and Google Assistant. In the first part of this thesis (Chapter 3), we focus on measuring how email providers detect and handle forged emails. We also try to understand how forged emails can reach user inboxes by deliberately composing emails. Finally, we check how email providers warn users about forged emails. In the second part (Chapter 4), we measure the adoption of anti-spoofing protocols and seek to understand the reasons behind the low adoption rates. In the third part of this thesis (Chapter 5), we observe that a lot of phishing emails use email tracking techniques to track targets. We collect a large dataset of email messages using disposable email services and measure the landscape of email tracking. In the fourth part of this thesis (Chapter 6), we move on to phishing websites. We implement a powerful tool to detect squatting domains and train a machine learning model to classify phishing websites. In the fifth part (Chapter 7), we focus on the credential leaks. More specifically, we measure what happens after the targets' credentials are leaked. We monitor and measure the potential post-phishing exploiting activities. Finally, with new voice platforms such as Alexa becoming more and more popular, we wonder if new phishing and privacy concerns emerge with new platforms. In this part (Chapter 8), we systematically assess the attack surfaces by measuring sensitive applications on voice assistant systems. My thesis measures important parts of the complete process of online deception. With deeper understandings of phishing attacks, more complete and effective defense mechanisms can be developed to mitigate attacks in various dimensions.
Doctor of Philosophy
In recent years, online deception becomes a major threat to information security. The most common form of online deception starts with a phishing email, then redirects targets to a phishing website where the attacker tricks targets sharing their credentials. General phishing emails are relatively easy to recognize from both the target's and the defender's perspective. They are usually from strange addresses, the content is usually very general and they come in a large volume. However, Online deception that caused significant consequences is usually spear phishing. Spear-phishing emails come in a very small volume, target a small number of audiences, sometimes impersonate a trusted entity and use very specific content to redirect targets to a phishing website, where the attacker tricks targets sharing their credentials. Sometimes, attackers use domain impersonation techniques to make the phishing website even more convincing. In this thesis, we measure the entire process. Starting from phishing emails, we examine anti-spoofing protocols, analyze email services' policies and warnings towards spoofing emails, and measure the email tracking ecosystem. With phishing websites, we implement a tool to detect domain name impersonation and detect phishing pages using dynamic and static analysis. We also studied credential sharing on phishing websites. We measure what happens after targets share their credentials. Finally, we analyze potential phishing and privacy concerns on new platforms such as Alexa and Google Assistant.

The majority of documented phishing attacks have been carried by email, yet few studies have measured the impact of email headers on the predictive accuracy of machine learning techniques in detecting email phishing attacks. Research has shown that the inclusion of a limited subset of email headers as features in training machine learning algorithms to detect phishing attack did increase the predictive accuracy of these learning algorithms. The same research also recommended further investigation of the impact of including an expanded set of email headers on the predictive accuracy of machine learning algorithms. In addition, research has shown that the cost of misclassifying legitimate emails as phishing attacks--false positives--was far higher than that of misclassifying phishing emails as legitimate--false negatives, while the opposite was true in the case of fraud detection. Consequently, they recommended that cost sensitive measures be taken in order to further improve the weighted predictive accuracy of machine learning algorithms. Motivated by the potentially high impact of the inclusion of email headers on the predictive accuracy of machines learning algorithms and the significance of enabling cost-sensitive measures as part of the learning process, the goal of this research was to quantify the impact of including an extended set of email headers and to investigate the impact of imposing penalty as part of the learning process on the number of false positives. It was believed that if email headers were included and cost-sensitive measures were taken as part of the learning process, than the overall weighted, predictive accuracy of the machine learning algorithm would be improved. The results showed that adding email headers as features did improve the overall predictive accuracy of machine learning algorithms and that cost-sensitive measure taken as part of the learning process did result in lower false positives.

Hacking information systems is continuously on the increase. Social engineering attacks is performed by manipulating the weakest link in the security chain; people. Consequently, this type of attack has gained a higher rate of success than a technical attack. Based in Expert Systems, this study proposes a proactive and integrated Intelligent Social Engineering Security Model to mitigate the human risk and reduce the impact of social engineering attacks. Many computer users do not have enough security knowledge to be able to select a strong password for their authentication. The author has attempted to implement a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is being developed to evaluate password strength and measures the password strength based on dictionary attack, time crack and shoulder surfing attack (social engineering). A comparative study of existing tools used by major companies such as Microsoft, Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and tool. A comprehensive literature survey and analytical study performed on phishing emails representing social engineering attacks that are directly related to financial fraud are presented and compared with other security threats. This research proposes a novel approach that successfully addresses social engineering attacks. Another intelligent tool is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source code and providing an in-line awareness security feedback.

Dissertação (mestrado) - Pontifícia Universidade Católica do Paraná, Curitiba, 2010
Bibliografia: p.62-65
Os trabalhos da literatura técnica para detecção de phishing se baseiam somente na taxa de acerto do classificador para justificar a sua eficácia. Aspectos como a confiança dos resultados (verificada pela taxa de falsos positivos), custo computacional par
The proposals of the technical literature for detecting phishing are based only on the success rate of the classifier to justify its effectiveness. Aspects such as reliance of the results (evaluated by the false positive rate), computational effort to ext

This study aimed to examine if there was a difference in how likely a victim is to click on a phishing email’s links based on the content of the email, the tone and language used and the structure of the code. This likelihood also includes the email’s ability to bypass spam filters.  Method: The method used to examine this was a simulated phishing attack. Six different phishing templates were created and sent out via the Gophish framework to target groups of students (from Halmstad University), from a randomized pool of 20.000 users. The phishing emails contained a link to a landing page (hosted via a virtual machine) which tracked user status. The templates were: Covid19 Pre-Attempt, Spotify Friendly CSS, Spotify Friendly Button, Spotify Aggressive CSS, Spotify Aggressive Button, Student Union. Results: Covid19 Pre-Attempt: 72.6% initial spam filter evasion, 45.8% spam filter evasion, 4% emails opened and 100% links clicked. Spotify Friendly CSS: 50% initial spam filter evasion, 38% spam filter evasion, 26.3% emails opened and 0% links clicked. Spotify Friendly Button: 59% initial spam filter evasion, 28.8% spam filter evasion, 5.8% emails opened and 0 %links clicked. Spotify Aggressive CSS: 50% initial spam filter evasion, 38% spam filter evasion, 10.5% emails opened, and 100% links clicked. Spotify Aggressive Button: 16% initial spam filter evasion, 25% spam filter evasion, 0% emails opened and 0% emails clicked. Student Union: 40% initial spam filter evasion, 75% spam filter evasion, 33.3% emails opened and 100% links clicked. Conclusion: Differently structured emails have different capabilities for bypassing spam filters and for deceiving users. Language and tone appears to affect phishing email efficacy; the results suggest that an aggressive and authoritative tone heightens a phishing email’s ability to deceive users, but seems to not affect its ability to bypass spam filters to a similar degree. Authenticity appears to affect email efficacy; the results showed a difference in deception efficacy if an email was structured like that of a genuine sender. Appealing to emotions such as stress and fear appears to increase the phishing email’s efficacy in deceiving a user.
Syftet med denna studie var att undersöka om det fanns en skillnad i hur troligt det är att ett offer klickar på länkarna till ett phishing-e-postmeddelande, baserat på innehållet i e-postmeddelandet, tonen och språket som används och kodens struktur. Denna sannolikhet inkluderar även e-postens förmåga att kringgå skräppostfilter. Metod: Metoden som användes var en simulerad phishing-attack. Sex olika phishing-mallar skapades och skickades ut via Gophish-ramverket till målgruppen bestående av studenter (från Halmstads universitet), från en slumpmässig pool med 20 000 användare. Phishing-e-postmeddelandena innehöll en länk till en målsida (hostad via en virtuell maskin) som spårade användarstatus. Mallarna var: Covid19 Pre-Attempt, Spotify Friendly CSS, Spotify Friendly Button, Spotify Aggressive CSS, Spotify Aggressive Button, Student Union. Resultat: Covid19 förförsök: 72,6% kringgick det primära spamfiltret, 45,8% kringgick det sekundära spamfiltret, 4% e-postmeddelanden öppnade och 100% länkar klickade Spotify Friendly CSS: 50% kringgick det primära spamfiltret, 38% kringgick det sekundära spamfiltret, 26,3% e-postmeddelanden öppnade och 0% länkar klickade. Spotify Friendly Button: 59% kringgick det primära spamfiltret, 28,8% kringgick det sekundära spamfiltret, 5.8% e-postmeddelanden öppnade och 0% länkar klickade. Spotify Aggressive CSS: 50% kringgick det primära spamfiltret, 38% kringgick det sekundära spamfiltret, 10,5% e-post öppnade och 100% länkar klickade. Spotify Aggressive Button: 16% kringgick det primära spamfiltret, 25% kringgick det sekundära spamfiltret, 0% e-postmeddelanden öppnade och 0% e-postmeddelanden klickade. Studentkåren: 40% kringgick det primära spamfiltret, 75% kringgick det sekundära spamfiltret, 33,3% e-postmeddelanden öppnade och 100% länkar klickade. Slutsats: Olika strukturerade e-postmeddelanden har olika funktioner för att kringgå skräppostfilter och för att lura användare. Språk och ton tycks påverka effektiviteten för epost-phishing. Resultaten tyder på att en aggressiv och auktoritär ton ökar phishing-epostmeddelandets förmåga att lura användare, men verkar inte påverka dess förmåga att kringgå skräppostfilter i motsvarande grad. Autenticitet verkar påverka e-postens effektivitet, då resultaten visade en skillnad i effektivitet om ett e-postmeddelande var strukturerat som en äkta avsändare. Att adressera känslor som stress och rädsla verkar öka phishing-e-postens effektivitet när det gäller att lura en användare.

The classifier discussed in this thesis considers the path traversed by an email (instead of its content) and reputation of the relays, features inaccessible to spammers. Groups of spammers and individual behaviors of a spammer in a given domain were analyzed to yield association patterns, which were then used to identify similar spammers. Unsolicited and phishing emails were successfully isolated from legitimate emails, using analysis results. Spammers and phishers are also categorized into serial spammers/phishers, recent spammers/phishers, prospective spammers/phishers, and suspects. Legitimate emails and trusted domains are classified into socially close (family members, friends), socially distinct (strangers etc), and opt-outs (resolved false positives and false negatives). Overall this classifier resulted in far less false positives when compared to current filters like SpamAssassin, achieving a 98.65% precision, which is well comparable to the precisions achieved by SPF, DNSRBL blacklists.

Today, virtually every individual with access to an Internet connection also has a personal email address. This has made it easier for companies, for example, to market their products to customers. Company employees also often have access to work emails, where information about upcoming meetings, new tasks, etc. is posted. Up to 45% of today’s email traffic is made up of fraudulent emails that try to trick the recipient into providing personal data or clicking on a web link that then installs malicious software on the computer or mobile phone. This thesis examines how the recipient’s age group and level of education affect their ability to identify fraudulent emails. The results show that this ability decreases significantly with increasing age. In contrast, level of education was not a significant factor affecting this ability.
Idag har i princip varje individ med tillgång till en internetuppkoppling även en personlig email adress. Detta har förenklat för exempelvis företag att marknadsföra sina produkter till kunder. Arbetare på företag har ofta även tillgång till jobbmejl där information om kommande möten, nya arbetsuppgifter et cetera. Hela 45% av mejltrafiken idag utgörs av bluffmejl som försöker vilseleda mottagaren till att ge ut personliga uppgifter eller klicka på en webblänk som sedan installerar skadlig mjukvara på dator eller mobiltelefon. Denna avhandling undersöker om en mottagares åldersgrupp och utbildningsnivå påverkar förmågan att identifiera bluffmejl. Resultaten visar att denna förmåga minskar avsevärt när åldern ökar. Utbildningsnivå var däremot inte en särskilt stor faktor i hur förmågan påverkades.

碩士
國立高雄應用科技大學
資訊管理系碩士在職專班
104
In this study, we are using Latent Semantic Analysis (LSA) to analyze Phishing email title formulaand apply the results to prevent the Phishing event occurrence. As previous studies have noted, the Phishing email is an information security issue that cannot be ignored. To guard against related attacks, email user’s psychological and educational level must be studied. These users need to be trained and their awareness of possible security risks must be strengthened in order to ensure that organizations or individuals will not be victimized by social engineering. Therefore, this study employs LSA to classify phishing emails, providing email users with information about Phishing attack idiomatic patterns. Email users in the defense forces must be aware of the cyberwarfare battle front and take the appropriate preventive measures. The study found that, using manual classification and LSA results alignment, five of seven categories of Phishing emails shared 60％ the same semantic meaning and similar language. Once an individual receives an email, via intuitive judgment of the gist of the message category and this analysis, an email can be identified as a Phishing email instantaneously.

Emails de Phishing são um tipo de ataque comum na internet que resultam no roubo de informação confidencial de utilizadores como contas bancárias, dados privados, logins pessoais ou de identidade. O objetivo desta tese de mestrado passou por desenvolver uma ferramenta inteligente baseada em abordagens com aprendizagem automática para filtrar este tipo de emails malignos. O projeto foi feito em cooperação com a E-goi, empresa de automação de marketing multicanal. A primeira etapa do projeto foi a de selecionar aspectos característicos dos emails de modo a poder diferenciar entre emails de phishing e normais. O conjunto final destas características foi escolhido depois de um estudo minucioso da literatura e das necessidades da empresa. O passo seguinte foi a escolha de um algoritmo eficiente para a deteção de emails de phishing. Como a tarefa foi considerada um problema de classificação, vários algoritmos de aprendizagem automática foram testados (SVM, DT, Random Forest, Boosted Trees). Um grande desafio que foi deparado durante o desenvolvimento foi o da falta de dados categorizados, mais especificamente do tipo de phishing. Para tentar contornar o problema, o sistema de detação de phishing foi construído com ajuda de dados (emails) publicamente disponíveis. De modo a facilitar a implementação de um protótipo na empresa E-goi, foi desenvolvida uma ferramenta web para categorizar a colecionar emails. Este sistema permite a pessoal autorizado da empresa a fazer a categorização on-line de emails adquiridos.
Phishing emails are a very common attack on the web, that results in the theft of confidential user information such as bank accounts, private data, personal logins or of identity. The goal of this master thesis was to develop intelligent tools to filter out the emails with such malign intent, based on machine learning approaches. The work was done in close collaboration with a multichannel marketing automation company of name E-goi. The first stage of the project was to select appropriate features able to discriminate between ordinary and phishing emails. The final feature set was chosen after a comprehensive study of the literature and the particular needs of the involved company. The next step was to choose an efficient algorithm for phishing emails detection. Since this task was considered as a classification problem, a number of machine learning classifiers were tested (SVM, DT, Random Forest). A major challenge during development was the lack of sufficient labeled data, particularly regarding the class of phishing emails. To get around this, the phishing detection system was built based on a collection of samples (emails) from different publicly available data sets. In order to facilitate the implementation of the phishing detection prototype in the company E-goi, a web tool was developed to create a home-made labeled data set of emails. This system allows authorized company personnel to label on-line each obtained email.
Mestrado em Engenharia de Computadores e Telemática

A Engenharia Social e a técnica do phishing são temas que têm evoluído cada mais ao longo dos anos, principalmente através do email, uma das ferramentas mais utilizadas no mundo. Os emails de phishing normalmente estão relacionadas com Engenharia Social e podem-se propagar através de links e/ou anexos contidos neste tipo de email. O utilizador quando faz download de um anexo, pode estar automaticamente a descarregar software malicioso e dar ao atacante (hacker), o controlo total do computador, sem que se aperceba. Através dos links, o utilizador pode divulgar as suas credenciais ou outro tipo de informação pessoal/confidencial, uma vez que pode não perceber que está a ser redirecionado para um remetente malicioso. Diversos estudos já realizados indicam que existem cada vez mais ataques deste tipo e cada vez com mais impacto na população. Por seu lado, a população não está ciente dos perigos que poderá encontrar ao carregar neste tipo de emails ou noutra forma de propagação de phishing. A presente dissertação aborda o tema do phishing através do email e pretende definir métodos de prevenção para este tipo de crime informático. Numa primeira fase foram realizadas entrevistas a profissionais da área de Segurança Informática, com intuito de perceber mais sobre este tema. Posteriormente, realizou-se um questionário online, de forma a averiguar o conhecimento dos inquiridos em relação a este tema e identificar medidas que são usadas por eles antes e após um ataque informático. No final serão feitas as conclusões de forma a atingir os objetivos desta investigação.
Social Engineering and phishing technique are subjects that have been evolving as the years pass, mainly through email, which is one of the most used communication tools in the world. Phishing emails are usually related to Social Engineering and can be propagated through links and/or attachments contained in this type of email. When downloading an attachment, the user can automatically activate the malicious software and allow the attacker (hacker), the complete control of the computer, without being aware of it. Through the links, you may disclose your credentials or other personal/confidential information, as you may not notice that you are being redirected to a malicious sender. Several studies already carried out indicate that there are more and more attacks of this kind and with increasing impact on the population. On the other hand, the population is not aware of the dangers they may encounter when uploading this type of emails or other form of phishing propagation. The present dissertation addresses the theme of phishing through email and aims to define prevention methods for this type of computer crime. Initially, interviews were conducted professionals in the area of Computer Security, in order to understand more about this topic. Subsequently, an online questionnaire was conducted to ascertain the respondents' knowledge of this topic and to identify measures that are used by them before and after a computer attack. In the end the conclusions will be made in order to reach the objectives of this investigation.

碩士
國防大學
網路安全碩士班
107
In 2016, the ATM stealing case of First Bank shocked the society. This financial crime has changed a lot. It is no longer by force, but by the use of the Internet. There are many kinds of cyber attacks. Social Engineering attacks are the lowest threshold. They mainly use interpersonal relationships, human weaknesses, and no need for professional techniques. Social Engineering attacks are divided into multiple ways. This study focuses on the analysis of the attack effectiveness of phishing emails to corporate employees. We hope that through social engineering exercises and a series of protective actions, the number of times that users open the Phishing Emails by mistake can be reduced. As a result, we can achieve the purpose of protecting corporate safety, preventing the leakage of capital information and reducing operational risks. This study conducted four Social Engineering exercises through employee questionnaires, Phishing Email design, data analysis, security education propaganda, and enhanced email warnings. The research results showed the risk degree of corporate employees being attacked and the high and low risk types of Phishing Emails. The effect of prevention and control under administrative means and technical means are also presented in this work. Keywords: Social Engineering, Phishing Emails, Email Warnings