To see the other types of publications on this topic, follow the link: Phising email.
Dissertations / Theses on the topic 'Phising email'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 26 dissertations / theses for your research on the topic 'Phising email.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Utakrit, Nattakant. "Security awareness by online banking users in Western Australian of phishing attacks." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2012. https://ro.ecu.edu.au/theses/503.
Full textAbstract:
Phishing involves sending e-mails pretending to be from the legitimate financial institutions to recipients and asking for personal information such as username and password. It also redirects network traffic to malicious sites, deny network traffic to web services, and modify protection mechanisms in the targeted computer systems. Consequences of successful attacks can include identity and financial losses, and unauthorised information disclosure.
The purpose of this study was to investigate the experiences of Western Australian bank users in using online banking. The study considered the relationship between the background of the Western Australian bank users and their experience in using online banking security. The research analysed phishing through case studies that highlighted some of the experiences of phishing attacks and how to deal with the problems. Emphasis was placed on knowledge of phishing and threats and how they were actually implemented, or may be used, in undermining the security of users’ online banking services. The preferences and perspectives of Western Australian bank users about the deployment of online banking security protection and about future online banking services, in order to safeguard themselves against phishing attacks, are presented. The aim was to assist such Australian bank users through exploring potential solutions and making recommendations arising from this study.
Research respondents had positive attitudes towards using online banking. Overall, they were satisfied with the security protection offered by their banks. However, although they believed that they had adequate knowledge of phishing and other online banking threats, their awareness of phishing attacks was not sufficient to protect themselves. Essentially, the respondents who had experienced a phishing attack believed it was due to weak security offered by their banks, rather than understanding that they needed more knowledge about security protection of their personal computers.
Further education is required if users are to become fully aware of the need for security within their personal online banking.
2
Rozentals, Emils. "Email load and stress impact on susceptibility to phishing and scam emails." Thesis, Luleå tekniska universitet, Digitala tjänster och system, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-85403.
Full textAbstract:
How does the email load and stress affect the susceptibility to phishing and scam emails? The study was conducted with a Qualitative research approach. Semi-structured interviews were selected for the data gathering. Thematic Analysis was used to analyze Empirical data. This research studied if a high email load affects the likelihood of falling victim to phishing and scam attacks. Research was studied through a theoretical lens of stress, since high email load is subjective for each individual and stress rate can show better how people are perceiving their email load. Findings suggest that high email load for the majority of people in this study, does increase the susceptibility towards phishing and scam emails. Furthermore, those people with higher email load who are processing their emails heuristically evaluated their stress rates higher than those with high email load who are processing their emails systematically. Therefore, the results indicate that there is a relation between high email load, stress and susceptibility to phishing and scam emails. In this study, it was found that majority of respondents described high stress as a factor that played a role in their susceptibility of falling victim to phishing and scam emails.
3
Mustonen, B. (Benjamin). "Phishing in email and instant messaging." Bachelor's thesis, University of Oulu, 2019. http://jultika.oulu.fi/Record/nbnfioulu-201905181856.
Full textAbstract:
Abstract. Phishing is a constantly evolving threat in the world of information security that affects everyone, no matter if you’re a retail worker or the head of IT in a large organisation. Because of this, this thesis aims to give the reader a good overview of what phishing is, and due to its prevalence in email and instant messaging, focuses on educating the reader on common signs and techniques used in phishing in the aforementioned forms of communication. The chosen research method is literature review, as it is the ideal choice for presenting an overview of a larger subject. As a result of the research, many common phishing signs and techniques in both email and instant messaging are presented. Some of these signs include strange senders, fake domain names and spellings mistakes. With this thesis, anyone looking to improve their understanding about phishing can do so in a way that is easy to understand. Some suggestions for future research are also presented based on this thesis’ shortcomings, namely the lack of studies on phishing in instant messaging.
4
Slack, Andrew A. "Digital authentication for offical bulk email." Monterey, Calif. : Naval Postgraduate School, 2009. http://edocs.nps.edu/npspubs/scholarly/theses/2009/Mar/09Mar%5FSlack.pdf.
Full textAbstract:
Thesis (M.S. in Computer Science)--Naval Postgraduate School, March 2009.Thesis Advisor(s): Garfinkel, Simson L. "March 2009." Description based on title screen as viewed on April 24, 2009. Author(s) subject terms: Digital Authentication, S/MIME, Official bulk email, phishing. Includes bibliographical references (p. 55-57). Also available in print.
5
Mei, Yuanxun. "Anti-phishing system : Detecting phishing e-mail." Thesis, Växjö University, School of Mathematics and Systems Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-2089.
Full textAbstract:
Because of the development of the Internet and the rapid increase of the electronic commercial, the incidents on stealing the consumers' personal identify data and financial account credentials are becoming more and more common. This phenomenon is called phishing. Now phishing is so popular that web sites such as papal , eBay, MSN, Best Buy, and America Online are frequently spoofed by phishers. What’s more, the amount of the phishing sites is increasing at a high rate.
The aim of the report is to analyze different phishing phenomenon and help the readers to identify phishing attempts. Another goal is to design an anti-phishing system which can detect the phishing e-mails and then perform some operations to protect the users. Since this is a big project, I will focus on the mail detecting part that is to analyze the detected phishing emails and extract details from these mails.
A list of the most important information of this phishing mail is extracted, which contains “mail subject”, “ mail received date”, “targeted user”, “the links”, and “expiration and creation date of the domain”. The system can presently extract this information from 40% of analyzed e-mails.
6
Vitek, Viktor, and Shah Taqui Syed. "Implementing a Nudge to Prevent Email Phishing." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-259403.
Full textAbstract:
Phishing is a reoccurring issue, which uses social engineering as an attack strategy. The prevention of these attacks is often content-based filters. These solutions are however not always perfect, and phishing emails can still be able to get through the filters. We suggest a new strategy to combat phishing. The strategy is a technical platform which uses the psychology concept nudge. Nudge is a concept that can be used to change a certain behaviour, in this case to make people more cautious when reading their emails.The objective of this thesis is to suggest a nudge using a technical platform regarding possible desensitization. The nudge aims to change email related behaviours to more healthy ones. To get indications if the nudge has benefits, a qualitative survey was made. When using a psychology-based solution, one must address the possibility of desensitization. To minimize possible desensitization, a quantitative analysis was made where different ways to minimize desensitization were assessed. Data for this analysis was gathered by a simulation modeling, where the simulation aimed to replicate a user performing email related events.The conclusion of the simulation results showed that a whitelist approach was the most appropriate for our nudge. The approach minimized the chance of possible desensitization while having a low risk of not performing a nudge when needed. The conclusion of the survey results was that there was an indication of behavioural change and that there existed a risk of possible desensitization.Nätfiske är ett återkommande problem, som använder sig av social manipulation som attackstrategi. Försvar mot dessa attacker är ofta innehållsbaserade filter. Dessa lösningar är inte alltid perfekta, då nätfiske kan ibland gå förbi filterna. Vi föreslår en ny strategi för att bekämpa nätfiske. Strategin är en teknisk plattform som använder det psykologiska konceptet nudge. Nudge är ett koncept som kan användas för att ändra ett visst beteende, i detta fall för att göra människor mer försiktiga när de läser sina emails.Syftet med detta arbete är att föreslå en nudge i en teknisk plattform där man tar hänsyn till eventuell desensibilisering. Nudgens mål är att ändra emailrelaterade beteenden så att beteendena blir säkrare. En kvalitativ undersökning gjordes för att få indikationer om nudgen har möjliga fördelar. När man använder en psykologibaserad lösning så måste man ta itu med möjligheten av desensibilisering. En kvantitativ analys gjordes där olika sätt att minimera desensibilisering bedömdes, för att sedan kunna minimera desensibiliseringen. Data för denna analys samlades in genom en simuleringsmodellering, där simuleringens syfte var att replikera en användare som utför email-relaterade händelser.Slutsatsen av simuleringsresultaten visade att en whitelist-metod var den mest lämpliga för vår nudge. Metoden minimerade risken för möjlig desensibilisering, samtidigt som den hade en låg risk att inte utföra en nudge när det behövdes. Slutsatsen av undersökningsresultatet från enkäten var att det fanns en indikation för beteendeförändringar och att det fanns en risk för eventuell desensibilisering av nudgen.
7
Ghani, Hajra. "Phishing : En innehållsanalys av phishing på webben." Thesis, Mittuniversitetet, Avdelningen för informations- och kommunikationssystem, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-29012.
Full textAbstract:
The goal with this research has been to answer questions related to social engineeringbased phishing attacks: email phishing and website phishing. This study answers questions like why these attacks occur, which type of internet users easily get tricked by phishers, Moreover this study consist of different defense mechanisms that exist against the attacks, weaknesses in them, examples to improve them and other technical solutions against them. Often the attacks consist of a combination of both email phishing and website phishing. A link can be sent to a user via email that leads to a phishing site where the user get tricked into submitting personal information.These attacks aims to steal personal information and money from users. There are anti-phishing tools in web browsers and mailsystems to protect the user. There are special phishingfilters and features that can protect users from phishing mails and detect them. Users who get attacked by phishers are those who lack knowledge about them. But since high educated people and security experts also fall for phishing beacuse phishers develop new techniques and strategies to attack users, more advanced techniques in web browsers and mail systems are needed. This study was done through a systematic litterture review where 10 articles where chosen. These articles where studied and summarised through a content analysis.Målet med denna undersökning har varit att besvara frågor relaterat till social engineeringbaserade phishngattacker: email phishing och website phishing. Den här studien tar upp varför dessa attacker utförs, vilka användare som mest blir drabbade av de. Vidare handlar studien om olika skyddsmekanismer som existerar mot attackerna, vilka bristerna det finns i de, eventuella förbättringsförslag och förslag på andra tekniska lösningar. Oftast sker attackerna genom en kombination av email phishing och website phishing. En skadlig länk kan skickas till en användare via mail som leder till en phishingsida där användaren blir lurad till att fylla i privata uppgifter om sig själv. Dessa attacker sker främst för att stjäla personuppgifter och leder oftast till att en användare blir drabbad finansiellt. Det finns olika anti-phishing verktyg i webbläsare och mailsystem för att skydda användare. Mot email phishing finns speciella phishingfilter och olika kännetecken som hjälper till att skydda mot skadliga mail och upptäcka de. De flesta som blir drabbade av phishing är just användare som ej är medvetna om vad phishing är. Men eftersom det visat sig att även högutbildade människor och säkerhetsexperter faller för phishing då phisher utvecklar nya tekniker och strategier att utföra attacker, krävs det mer avancerade tekniska lösningar i webbläsare och mailsystem. Studien har genomförts med hjälp av en systematisk litteraturstudie, där 10 artiklar valdes ut. Dessa artiklar bearbetades och sammanfattades genom en innehållsanalys.
8
Lingaas, Türk Jakob. "Comparing the relative efficacy of phishing emails." Thesis, Högskolan i Halmstad, Akademin för informationsteknologi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-42392.
Full textAbstract:
This study aimed to examine if there was a difference in how likely a victim is to click on a phishing email’s links based on the content of the email, the tone and language used and the structure of the code. This likelihood also includes the email’s ability to bypass spam filters. Method: The method used to examine this was a simulated phishing attack. Six different phishing templates were created and sent out via the Gophish framework to target groups of students (from Halmstad University), from a randomized pool of 20.000 users. The phishing emails contained a link to a landing page (hosted via a virtual machine) which tracked user status. The templates were: Covid19 Pre-Attempt, Spotify Friendly CSS, Spotify Friendly Button, Spotify Aggressive CSS, Spotify Aggressive Button, Student Union. Results: Covid19 Pre-Attempt: 72.6% initial spam filter evasion, 45.8% spam filter evasion, 4% emails opened and 100% links clicked. Spotify Friendly CSS: 50% initial spam filter evasion, 38% spam filter evasion, 26.3% emails opened and 0% links clicked. Spotify Friendly Button: 59% initial spam filter evasion, 28.8% spam filter evasion, 5.8% emails opened and 0 %links clicked. Spotify Aggressive CSS: 50% initial spam filter evasion, 38% spam filter evasion, 10.5% emails opened, and 100% links clicked. Spotify Aggressive Button: 16% initial spam filter evasion, 25% spam filter evasion, 0% emails opened and 0% emails clicked. Student Union: 40% initial spam filter evasion, 75% spam filter evasion, 33.3% emails opened and 100% links clicked. Conclusion: Differently structured emails have different capabilities for bypassing spam filters and for deceiving users. Language and tone appears to affect phishing email efficacy; the results suggest that an aggressive and authoritative tone heightens a phishing email’s ability to deceive users, but seems to not affect its ability to bypass spam filters to a similar degree. Authenticity appears to affect email efficacy; the results showed a difference in deception efficacy if an email was structured like that of a genuine sender. Appealing to emotions such as stress and fear appears to increase the phishing email’s efficacy in deceiving a user.Syftet med denna studie var att undersöka om det fanns en skillnad i hur troligt det är att ett offer klickar på länkarna till ett phishing-e-postmeddelande, baserat på innehållet i e-postmeddelandet, tonen och språket som används och kodens struktur. Denna sannolikhet inkluderar även e-postens förmåga att kringgå skräppostfilter. Metod: Metoden som användes var en simulerad phishing-attack. Sex olika phishing-mallar skapades och skickades ut via Gophish-ramverket till målgruppen bestående av studenter (från Halmstads universitet), från en slumpmässig pool med 20 000 användare. Phishing-e-postmeddelandena innehöll en länk till en målsida (hostad via en virtuell maskin) som spårade användarstatus. Mallarna var: Covid19 Pre-Attempt, Spotify Friendly CSS, Spotify Friendly Button, Spotify Aggressive CSS, Spotify Aggressive Button, Student Union. Resultat: Covid19 förförsök: 72,6% kringgick det primära spamfiltret, 45,8% kringgick det sekundära spamfiltret, 4% e-postmeddelanden öppnade och 100% länkar klickade Spotify Friendly CSS: 50% kringgick det primära spamfiltret, 38% kringgick det sekundära spamfiltret, 26,3% e-postmeddelanden öppnade och 0% länkar klickade. Spotify Friendly Button: 59% kringgick det primära spamfiltret, 28,8% kringgick det sekundära spamfiltret, 5.8% e-postmeddelanden öppnade och 0% länkar klickade. Spotify Aggressive CSS: 50% kringgick det primära spamfiltret, 38% kringgick det sekundära spamfiltret, 10,5% e-post öppnade och 100% länkar klickade. Spotify Aggressive Button: 16% kringgick det primära spamfiltret, 25% kringgick det sekundära spamfiltret, 0% e-postmeddelanden öppnade och 0% e-postmeddelanden klickade. Studentkåren: 40% kringgick det primära spamfiltret, 75% kringgick det sekundära spamfiltret, 33,3% e-postmeddelanden öppnade och 100% länkar klickade. Slutsats: Olika strukturerade e-postmeddelanden har olika funktioner för att kringgå skräppostfilter och för att lura användare. Språk och ton tycks påverka effektiviteten för epost-phishing. Resultaten tyder på att en aggressiv och auktoritär ton ökar phishing-epostmeddelandets förmåga att lura användare, men verkar inte påverka dess förmåga att kringgå skräppostfilter i motsvarande grad. Autenticitet verkar påverka e-postens effektivitet, då resultaten visade en skillnad i effektivitet om ett e-postmeddelande var strukturerat som en äkta avsändare. Att adressera känslor som stress och rädsla verkar öka phishing-e-postens effektivitet när det gäller att lura en användare.
9
Trevino, Alberto. "Improving Filtering of Email Phishing Attacks by Using Three-Way Text Classifiers." BYU ScholarsArchive, 2012. https://scholarsarchive.byu.edu/etd/3103.
Full textAbstract:
The Internet has been plagued with endless spam for over 15 years. However, in the last five years spam has morphed from an annoying advertising tool to a social engineering attack vector. Much of today's unwanted email tries to deceive users into replying with passwords, bank account information, or to visit malicious sites which steal login credentials and spread malware. These email-based attacks are known as phishing attacks. Much has been published about these attacks which try to appear real not only to users and subsequently, spam filters. Several sources indicate traditional content filters have a hard time detecting phishing attacks because the emails lack the traditional features and characteristics of spam messages. This thesis tests the hypothesis that by separating the messages into three categories (ham, spam and phish) content filters will yield better filtering performance. Even though experimentation showed three-way classification did not improve performance, several additional premises were tested, including the validity of the claim that phishing emails are too much like legitimate emails and the ability of Naive Bayes classifiers to properly classify emails.
10
Alseadoon, Ibrahim Mohammed A. "The impact of users' characteristics on their ability to detect phishing emails." Thesis, Queensland University of Technology, 2014. https://eprints.qut.edu.au/72873/1/Ibrahim%20Mohammed%20A_Alseadoon_Thesis.pdf.
Full textAbstract:
We investigate how email users' characteristics influence their response to phishing emails. A user generally goes through three stages of behaviour upon receiving a phishing email: suspicion of the legitimacy of the email, confirmation of its legitimacy and response by either performing the action requested in the phishing email or not. Using a mixed method approach combining experiments, surveys and semi-structured interviews, we found that a user's behaviour at each stage varies with their personal characteristics such as personality traits and ability to perceive information in an email beyond its content. We found, for example, that users who are submissive, extraverted or open tend to be less suspicious of phishing emails while users who can identify cues such as inconsistent IP address, can avoid falling victim to phishing emails. Our findings enable us to draw practical implications for educating and potentially reducing the incidence of phishing emails victimisation.
11
Smadi, Sami. "Detection of online phishing email using dynamic evolving neural network based on reinforcement learning." Thesis, Northumbria University, 2017. http://nrl.northumbria.ac.uk/36119/.
Full textAbstract:
Phishing has been the most frequent cybercrime activity over the last 15 years and has caused billions of dollars to be stolen. This happens due to the fact that phishing attackers always use new (zero-day) and sophisticated techniques to deceive online customers. The most common way to initiate a phishing attack is by using email. In this thesis, a novel framework is proposed that combines a neural network with reinforcement learning for detecting online phishing attacks. This thesis addresses the effectiveness of phishing email detection, and it makes the following contributions. Firstly, a novel pre-processing system has been designed to gather and extract the features and patterns of phishing email. To cover all behaviour that phishers use to deceive online customers, fifty features were selected. Pre-processing is divided into three layers, based on the main types of email content. Secondly, a novel algorithm has been proposed for the exploration of new phishing behaviour. The proposed algorithm has the ability to select the effective list of features from the list of features extracted in the pre-processing phase. Thirdly, this thesis proposed a novel Dynamic Evolving Neural Network using Reinforcement Learning (DENNuRL) algorithm, which can be used to generate the best neural network for classification problem based on reinforcement learning idea. Finally, a novel framework for Phishing Email Detection System (PEDS) has been proposed. The PEDS has the ability to adapt itself to generate a new PEDS that reflects changes in behaviour. Therefore, reinforcement learning is adopted in the proposed framework combined with neural network to enhance the system dynamically over time in the online mode. The proposed technique can effectively handle zero-day phishing attacks. The proposed phishing email detection model was trained, tested and validated in the online mode using an approved dataset. The promising results showed that the DENNuRL can provide an effective means of phishing detection. The proposed model successfully classified and identified approximately 98.6% of phishing emails selected from the test dataset, with low false positive rates of 1.8%. A comparison with other similar techniques using the same dataset shows that the proposed technique outperforms the existing methods.
12
Gajdošík, Andreas. "Open Call." Master's thesis, Vysoké učení technické v Brně. Fakulta výtvarných umění, 2018. http://www.nusl.cz/ntk/nusl-377167.
Full textAbstract:
In diploma thesis Open Call I focus on unequal position of artists in current art world in which, despite the transparent practices like open calls, still persists the cult of name, the power of networking and personal recommendation. This topic I artistically process in form of practical artistic intervention, which is close to the tactics of 1:1 scale of Arte Útil - specifically by creation of software tool called Nomin. Its purpose is to support weakened or marginalized groups of artists. Nomin uses properties of email protocol SMTP to allow its users-spectators to send fake self-recommending emails - from email addresses of famous curators to the inboxes various galleries or other art institutions. During development of program Nomin and its technical background (software documentation, web page etc.) I followed the paradigm of free, libre, open source software (FLOSS) and also the methodology of agile software development in order to provide in this gesamtsoftwerk the users-spectators with fully functional, user-friendly software and give them possibility to influence further development of Nomin or directly participate on it. Created artwork is thus not a single artefact but rather a set of interconnected objects and practices grounded in the network of social bonds and behaviours which balances on the edge of institutional critique, useful art, participatory art and collective performance.
13
Hu, Hang. "Characterizing and Detecting Online Deception via Data-Driven Methods." Diss., Virginia Tech, 2020. http://hdl.handle.net/10919/98575.
Full textAbstract:
In recent years, online deception has become a major threat to information security. Online deception that caused significant consequences is usually spear phishing. Spear-phishing emails come in a very small volume, target a small number of audiences, sometimes impersonate a trusted entity and use very specific content to redirect targets to a phishing website, where the attacker tricks targets sharing their credentials.
In this thesis, we aim at measuring the entire process. Starting from phishing emails, we examine anti-spoofing protocols, analyze email services' policies and warnings towards spoofing emails, and measure the email tracking ecosystem. With phishing websites, we implement a powerful tool to detect domain name impersonation and detect phishing pages using dynamic and static analysis. We also analyze credential sharing on phishing websites, and measure what happens after victims share their credentials. Finally, we discuss potential phishing and privacy concerns on new platforms such as Alexa and Google Assistant.
In the first part of this thesis (Chapter 3), we focus on measuring how email providers detect and handle forged emails. We also try to understand how forged emails can reach user inboxes by deliberately composing emails. Finally, we check how email providers warn users about forged emails. In the second part (Chapter 4), we measure the adoption of anti-spoofing protocols and seek to understand the reasons behind the low adoption rates. In the third part of this thesis (Chapter 5), we observe that a lot of phishing emails use email tracking techniques to track targets. We collect a large dataset of email messages using disposable email services and measure the landscape of email tracking. In the fourth part of this thesis (Chapter 6), we move on to phishing websites. We implement a powerful tool to detect squatting domains and train a machine learning model to classify phishing websites. In the fifth part (Chapter 7), we focus on the credential leaks. More specifically, we measure what happens after the targets' credentials are leaked. We monitor and measure the potential post-phishing exploiting activities. Finally, with new voice platforms such as Alexa becoming more and more popular, we wonder if new phishing and privacy concerns emerge with new platforms. In this part (Chapter 8), we systematically assess the attack surfaces by measuring sensitive applications on voice assistant systems.
My thesis measures important parts of the complete process of online deception. With deeper understandings of phishing attacks, more complete and effective defense mechanisms can be developed to mitigate attacks in various dimensions.Doctor of Philosophy
In recent years, online deception becomes a major threat to information security. The most common form of online deception starts with a phishing email, then redirects targets to a phishing website where the attacker tricks targets sharing their credentials. General phishing emails are relatively easy to recognize from both the target's and the defender's perspective. They are usually from strange addresses, the content is usually very general and they come in a large volume. However, Online deception that caused significant consequences is usually spear phishing. Spear-phishing emails come in a very small volume, target a small number of audiences, sometimes impersonate a trusted entity and use very specific content to redirect targets to a phishing website, where the attacker tricks targets sharing their credentials. Sometimes, attackers use domain impersonation techniques to make the phishing website even more convincing. In this thesis, we measure the entire process. Starting from phishing emails, we examine anti-spoofing protocols, analyze email services' policies and warnings towards spoofing emails, and measure the email tracking ecosystem. With phishing websites, we implement a tool to detect domain name impersonation and detect phishing pages using dynamic and static analysis. We also studied credential sharing on phishing websites. We measure what happens after targets share their credentials. Finally, we analyze potential phishing and privacy concerns on new platforms such as Alexa and Google Assistant.
14
Palla, Srikanth. "A Multi-Variate Analysis of SMTP Paths and Relays to Restrict Spam and Phishing Attacks in Emails." Thesis, University of North Texas, 2006. https://digital.library.unt.edu/ark:/67531/metadc5402/.
Full textAbstract:
The classifier discussed in this thesis considers the path traversed by an email (instead of its content) and reputation of the relays, features inaccessible to spammers. Groups of spammers and individual behaviors of a spammer in a given domain were analyzed to yield association patterns, which were then used to identify similar spammers. Unsolicited and phishing emails were successfully isolated from legitimate emails, using analysis results. Spammers and phishers are also categorized into serial spammers/phishers, recent spammers/phishers, prospective spammers/phishers, and suspects. Legitimate emails and trusted domains are classified into socially close (family members, friends), socially distinct (strangers etc), and opt-outs (resolved false positives and false negatives). Overall this classifier resulted in far less false positives when compared to current filters like SpamAssassin, achieving a 98.65% precision, which is well comparable to the precisions achieved by SPF, DNSRBL blacklists.
15
Bax, Samantha L. K. "The influence of expected benefits and perceived costs on the performance of protective behaviours against email phishing threats." Thesis, Bax, Samantha L.K. (2018) The influence of expected benefits and perceived costs on the performance of protective behaviours against email phishing threats. PhD thesis, Murdoch University, 2018. https://researchrepository.murdoch.edu.au/id/eprint/42410/.
Full textAbstract:
Email phishing is the use of email communications to deceive individuals into providing their personal information to fraudulent versions of legitimate websites. These details can be used for identity theft, and often result in financial loss to the victim of email phishing. This research aims to investigate the reasons why individuals do not perform protective behaviours against email phishing threats. The reasons proposed in this study for not undertaking these behaviours relate to the benefits expected to be gained from not performing these behaviours, and the perceived costs for the actual performance of these behaviours. This research predicts that the benefits expected to be gained from a phishing email would encourage an individual to respond to it and thus, omit to perform the recommended protective behaviours. Furthermore, this research study predicts that the costs perceived to be incurred for the performance of protective behaviours against email phishing threats will discourage an individual from taking these actions. A research model based upon Protection Motivation Theory (PMT) (Rogers, 1983; Rogers & Prentice-Dunn, 1997) was proposed to support this study.
In order to achieve the objectives of this study, a mixed-methods research approach was used involving two phases. The first, qualitative, phase consisted of interviews with participants who could potentially be recipients of phishing emails. This phase aimed to gain a greater understanding of the roles played by the expected benefits and the perceived costs in relation to performing recommended email phishing protective behaviours. The findings of this phase indicated that, consistent with the literature, benefit-related factors including need and greed, compliance with authority, altruism, satisfaction of curiosity and diminishing concerns could potentially encourage individuals to respond to phishing emails. Two additional factors were also identified: automatic behaviour and fear of missing out (FoMO). Consistent with the response costs literature, potential costs in effort, costs in time and financial costs were identified as potentially influencing individuals to not perform protective behaviours against email phishing threats. Two other factors were also identified: costs of mis-identified phish, and loss of trust. The findings from the first phase of the research study were used to inform the development of the questionnaire used in the second phase.
The second phase of the research study tested the proposed research model. A questionnaire data collection method was used, and PLS-SEM was the technique used for data analysis. Of the eight hypotheses proposed, seven were supported. The hypothesis relating to perceived costs negatively influencing the intention to perform protective behaviours against email phishing threats was supported. However, the hypothesis relating to expected benefits negatively influencing the intention to perform protective behaviours against email phishing threats was not supported. Post hoc analysis suggested that expected benefits were instead associated with maladaptive behaviours. More research is required to further explore the relationship between expected benefits and the intentions to perform protective behaviours against email phishing. Furthermore, the relationship between maladaptive behaviours and the intentions to perform protective behaviours may also provide some insight into the undertaking of information security behaviours when there are potential maladaptive rewards available.
This research has contributed to knowledge relating to the mitigation of information security threats, and in particular email phishing. It has identified factors that may encourage individuals to not perform protective behaviours against email phishing threats, and factors that may discourage them from performing these protective behaviours. The outcomes of this research study provide important implications for both research and practice.
16
Tout, Hicham Refaat. "Measuring the Impact of email Headers on the Predictive Accuracy of Machine Learning Techniques." NSUWorks, 2013. http://nsuworks.nova.edu/gscis_etd/325.
Full textAbstract:
The majority of documented phishing attacks have been carried by email, yet few studies have measured the impact of email headers on the predictive accuracy of machine learning techniques in detecting email phishing attacks. Research has shown that the inclusion of a limited subset of email headers as features in training machine learning algorithms to detect phishing attack did increase the predictive accuracy of these learning algorithms. The same research also recommended further investigation of the impact of including an expanded set of email headers on the predictive accuracy of machine learning algorithms.
In addition, research has shown that the cost of misclassifying legitimate emails as phishing attacks--false positives--was far higher than that of misclassifying phishing emails as legitimate--false negatives, while the opposite was true in the case of fraud detection. Consequently, they recommended that cost sensitive measures be taken in order to further improve the weighted predictive accuracy of machine learning algorithms.
Motivated by the potentially high impact of the inclusion of email headers on the predictive accuracy of machines learning algorithms and the significance of enabling cost-sensitive measures as part of the learning process, the goal of this research was to quantify the impact of including an extended set of email headers and to investigate the impact of imposing penalty as part of the learning process on the number of false positives. It was believed that if email headers were included and cost-sensitive measures were taken as part of the learning process, than the overall weighted, predictive accuracy of the machine learning algorithm would be improved. The results showed that adding email headers as features did improve the overall predictive accuracy of machine learning algorithms and that cost-sensitive measure taken as part of the learning process did result in lower false positives.
17
Salem, Omran S. A. "An Integrated Intelligent Approach to Enhance the Security Control of IT Systems. A Proactive Approach to Security Control Using Artificial Fuzzy Logic to Strengthen the Authentication Process and Reduce the Risk of Phishing." Thesis, University of Bradford, 2012. http://hdl.handle.net/10454/14863.
Full textAbstract:
Hacking information systems is continuously on the increase. Social engineering attacks is performed by manipulating the weakest link in the security chain; people. Consequently, this type of attack has gained a higher rate of success than a technical attack. Based in Expert Systems, this study proposes a proactive and integrated Intelligent Social Engineering Security Model to mitigate the human risk and reduce the impact of social engineering attacks. Many computer users do not have enough security knowledge to be able to select a strong password for their authentication. The author has attempted to implement a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is being developed to evaluate password strength and measures the password strength based on dictionary attack, time crack and shoulder surfing attack (social engineering). A comparative study of existing tools used by major companies such as Microsoft, Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and tool. A comprehensive literature survey and analytical study performed on phishing emails representing social engineering attacks that are directly related to financial fraud are presented and compared with other security threats. This research proposes a novel approach that successfully addresses social engineering attacks. Another intelligent tool is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source code and providing an in-line awareness security feedback.
18
Gonzalez, Campos Hector. "A study of phishing emails and their ability to mislead recipients depending on age and education level." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-302416.
Full textAbstract:
Today, virtually every individual with access to an Internet connection also has a personal email address. This has made it easier for companies, for example, to market their products to customers. Company employees also often have access to work emails, where information about upcoming meetings, new tasks, etc. is posted. Up to 45% of today’s email traffic is made up of fraudulent emails that try to trick the recipient into providing personal data or clicking on a web link that then installs malicious software on the computer or mobile phone. This thesis examines how the recipient’s age group and level of education affect their ability to identify fraudulent emails. The results show that this ability decreases significantly with increasing age. In contrast, level of education was not a significant factor affecting this ability.Idag har i princip varje individ med tillgång till en internetuppkoppling även en personlig email adress. Detta har förenklat för exempelvis företag att marknadsföra sina produkter till kunder. Arbetare på företag har ofta även tillgång till jobbmejl där information om kommande möten, nya arbetsuppgifter et cetera. Hela 45% av mejltrafiken idag utgörs av bluffmejl som försöker vilseleda mottagaren till att ge ut personliga uppgifter eller klicka på en webblänk som sedan installerar skadlig mjukvara på dator eller mobiltelefon. Denna avhandling undersöker om en mottagares åldersgrupp och utbildningsnivå påverkar förmågan att identifiera bluffmejl. Resultaten visar att denna förmåga minskar avsevärt när åldern ökar. Utbildningsnivå var däremot inte en särskilt stor faktor i hur förmågan påverkades.
19
Olivo, Cleber Kiel. "Avaliação de características para detecção de phishing de email / Cleber Kiel Olivo ; orientador, Altair Olivo Santin ; co-orientador Luiz Ediardo S. Oliveira." reponame:Biblioteca Digital de Teses e Dissertações da PUC_PR, 2010. http://www.biblioteca.pucpr.br/tede/tde_busca/arquivo.php?codArquivo=1837.
Full textAbstract:
Dissertação (mestrado) - Pontifícia Universidade Católica do Paraná, Curitiba, 2010Bibliografia: p.62-65
Os trabalhos da literatura técnica para detecção de phishing se baseiam somente na taxa de acerto do classificador para justificar a sua eficácia. Aspectos como a confiança dos resultados (verificada pela taxa de falsos positivos), custo computacional par
The proposals of the technical literature for detecting phishing are based only on the success rate of the classifier to justify its effectiveness. Aspects such as reliance of the results (evaluated by the false positive rate), computational effort to ext
20
Pires, Marcos da Silva Neto Abranches. "Development of intelligent tool for phising email detection." Master's thesis, 2017. http://hdl.handle.net/10773/25890.
Full textAbstract:
Emails de Phishing são um tipo de ataque comum na internet que resultam no roubo de informação confidencial de utilizadores como contas bancárias, dados privados, logins pessoais ou de identidade. O objetivo desta tese de mestrado passou por desenvolver uma ferramenta inteligente baseada em abordagens com aprendizagem automática para filtrar este tipo de emails malignos. O projeto foi feito em cooperação com a E-goi, empresa de automação de marketing multicanal. A primeira etapa do projeto foi a de selecionar aspectos característicos dos emails de modo a poder diferenciar entre emails de phishing e normais. O conjunto final destas características foi escolhido depois
de um estudo minucioso da literatura e das necessidades da empresa. O passo seguinte foi a escolha de um algoritmo eficiente para a deteção de emails de phishing. Como a tarefa foi considerada um problema de classificação, vários algoritmos de aprendizagem automática foram testados (SVM, DT, Random Forest, Boosted Trees). Um grande desafio que foi deparado durante o desenvolvimento foi o da falta de dados categorizados, mais especificamente do tipo de phishing. Para tentar contornar o problema, o sistema
de detação de phishing foi construído com ajuda de dados (emails) publicamente disponíveis. De modo a facilitar a implementação de um protótipo na empresa E-goi, foi desenvolvida uma ferramenta web para categorizar a colecionar emails. Este sistema permite a pessoal autorizado da empresa a fazer a categorização on-line de emails adquiridos.Phishing emails are a very common attack on the web, that results in the theft of confidential user information such as bank accounts, private data, personal logins or of identity. The goal of this master thesis was to develop intelligent tools to filter out the emails with such malign intent, based on machine learning approaches. The work was done in close collaboration with a multichannel marketing automation company of name E-goi. The first stage of the project was to select appropriate features able to discriminate between ordinary and phishing emails. The final feature set was chosen after a comprehensive study of the literature and the particular needs of the involved company. The next step was to choose an efficient algorithm for phishing emails detection. Since this task was considered as a classification problem, a number of machine learning classifiers were tested (SVM, DT, Random Forest). A major challenge during development was the lack of sufficient labeled data, particularly regarding the class of phishing emails. To get around this, the phishing detection system was built based on a collection of samples (emails) from different publicly available data sets. In order to facilitate the implementation of the phishing detection prototype in the company E-goi, a web tool was developed to create a home-made labeled data set of emails. This system allows authorized company personnel to label on-line each obtained email.
Mestrado em Engenharia de Computadores e Telemática
21
Tanvir, Tazin. "The Relationship Between Social Persuasion Strategies, Phishing Features and Email Exposure Time on Phishing Susceptibility." Thesis, 2020. http://hdl.handle.net/2440/131305.
Full textAbstract:
This item is only available electronically.A ‘phishing email’ aims to persuade an unsuspecting individual to reveal personal credentials and sensitive information. Currently, the global costs to businesses and individuals associated with phishing related attacks are reported in the hundreds of millions of dollars. While technological interventions capture a proportion of these phishing emails, ultimately, the human user is the last line of defence in determining the legitimacy of the email. ‘Phishers’ aim to exploit human weaknesses through the use of various persuasion strategies that create a sense of urgency and time pressure to respond to emails. Typically, individuals must also rely on subtle phishing features in an email to determine if the email is genuine or an attempted phish. Furthermore, phishers take advantage of the assumption that users determine the legitimacy of emails in a short amount of time. The present study aims to examine the impact of these email characteristics of persuasion strategies, the number of phishing features, and exposure time on phishing detection and susceptibility. Using an online survey platform, participants (N= 136) completed an email sorting task where they were required to review and sort 60 incoming emails from the inbox of ‘Professor Alex Jones’. Several significant results were obtained supporting the hypotheses. It demonstrated that individuals are better able to detect a phishing email when it utilises common persuasion strategies (authority and scarcity), and contain a greater number of phishing features. It also revealed that with increased email exposure time, individuals had a better phishing detection rate. However, the effect of identifying phishing emails with common persuasion strategies was not greater during shorter exposure time, providing a non-significant result. A greater understanding of these email factors associated with phishing susceptibility could lead to more tailored awareness campaigns and/or training programs to increase phishing detection and reduce susceptibility.
Thesis (B.PsychSc(Hons)) -- University of Adelaide, School of Psychology, 2020
22
Tu, Ching-Ming, and 涂慶銘. "Analysis of Phishing Email Title Formula using Latent Semantic Model." Thesis, 2016. http://ndltd.ncl.edu.tw/handle/9hq3fu.
Full textAbstract:
碩士國立高雄應用科技大學
資訊管理系碩士在職專班
104
In this study, we are using Latent Semantic Analysis (LSA) to analyze Phishing email title formulaand apply the results to prevent the Phishing event occurrence. As previous studies have noted, the Phishing email is an information security issue that cannot be ignored. To guard against related attacks, email user’s psychological and educational level must be studied. These users need to be trained and their awareness of possible security risks must be strengthened in order to ensure that organizations or individuals will not be victimized by social engineering. Therefore, this study employs LSA to classify phishing emails, providing email users with information about Phishing attack idiomatic patterns. Email users in the defense forces must be aware of the cyberwarfare battle front and take the appropriate preventive measures. The study found that, using manual classification and LSA results alignment, five of seven categories of Phishing emails shared 60% the same semantic meaning and similar language. Once an individual receives an email, via intuitive judgment of the gist of the message category and this analysis, an email can be identified as a Phishing email instantaneously.
23
Falkenberg, Annastasia. "The Role of Cue Utilisation and Anxiety on Phishing Email Susceptibility." Thesis, 2019. http://hdl.handle.net/2440/128841.
Full textAbstract:
This item is only available electronically.A ‘phishing email’ is an attempt to solicit personal or sensitive information from an unsuspecting user. Phishing emails currently represent a major threat to cybersecurity, and as such, researchers have begun to recognise the importance of identifying various individual differences that might predict phishing email susceptibility. The current study aimed to further understand individual differences and examine the relationship between an individual’s capacity for cue utilisation and levels of state/trait anxiety with phishing email susceptibility. Thirty-two participants completed a lab-based study where they were presented with a series of emails (phishing and genuine) and rated the extent to which they felt it was ‘okay’ to click on a link embedded within the email. Participants were then classified into typologies of cue utilisation and state/trait anxiety. While it was hypothesised that those categorised as having higher cue utilisation would be better able to discriminate between phishing and genuine emails, analyses did not support this prediction. However, it was found that those categorised as having higher levels of trait anxiety were less able to discriminate between phishing and genuine emails compared to their less anxious counterparts. The theoretical findings of the present study could help inform phishing education, training and awareness programs.
Thesis (B.PsychSc(Hons)) -- University of Adelaide, School of Psychology, 2019
24
Gomes, Vanessa Alexandra Nunes. "A engenharia social e os perigos do phishing." Master's thesis, 2019. http://hdl.handle.net/10071/20286.
Full textAbstract:
A Engenharia Social e a técnica do phishing são temas que têm evoluído cada mais ao longo dos anos, principalmente através do email, uma das ferramentas mais utilizadas no mundo. Os emails de phishing normalmente estão relacionadas com Engenharia Social e podem-se propagar através de links e/ou anexos contidos neste tipo de email. O utilizador quando faz download de um anexo, pode estar automaticamente a descarregar software malicioso e dar ao atacante (hacker), o controlo total do computador, sem que se aperceba. Através dos links, o utilizador pode divulgar as suas credenciais ou outro tipo de informação pessoal/confidencial, uma vez que pode não perceber que está a ser redirecionado para um remetente malicioso.
Diversos estudos já realizados indicam que existem cada vez mais ataques deste tipo e cada vez com mais impacto na população. Por seu lado, a população não está ciente dos perigos que poderá encontrar ao carregar neste tipo de emails ou noutra forma de propagação de phishing.
A presente dissertação aborda o tema do phishing através do email e pretende definir métodos de prevenção para este tipo de crime informático. Numa primeira fase foram realizadas entrevistas a profissionais da área de Segurança Informática, com intuito de perceber mais sobre este tema. Posteriormente, realizou-se um questionário online, de forma a averiguar o conhecimento dos inquiridos em relação a este tema e identificar medidas que são usadas por eles antes e após um ataque informático. No final serão feitas as conclusões de forma a atingir os objetivos desta investigação.Social Engineering and phishing technique are subjects that have been evolving as the years pass, mainly through email, which is one of the most used communication tools in the world. Phishing emails are usually related to Social Engineering and can be propagated through links and/or attachments contained in this type of email. When downloading an attachment, the user can automatically activate the malicious software and allow the attacker (hacker), the complete control of the computer, without being aware of it. Through the links, you may disclose your credentials or other personal/confidential information, as you may not notice that you are being redirected to a malicious sender. Several studies already carried out indicate that there are more and more attacks of this kind and with increasing impact on the population. On the other hand, the population is not aware of the dangers they may encounter when uploading this type of emails or other form of phishing propagation. The present dissertation addresses the theme of phishing through email and aims to define prevention methods for this type of computer crime. Initially, interviews were conducted professionals in the area of Computer Security, in order to understand more about this topic. Subsequently, an online questionnaire was conducted to ascertain the respondents' knowledge of this topic and to identify measures that are used by them before and after a computer attack. In the end the conclusions will be made in order to reach the objectives of this investigation.
25
Plate, Oliver. "The Role of Time Pressure, Cue Utilisation, and Information Security Awareness on Phishing Email Susceptibility." Thesis, 2020. http://hdl.handle.net/2440/131226.
Full textAbstract:
This item is only available electronically.Phishing emails are emails which attempt to solicit sensitive information from unsuspecting users. Phishing represents a major threat to information security. To develop interventions aimed at reducing phishing susceptibility, an understanding of how emails are evaluated to determine their legitimacy, and individual differences that may predict phishing email susceptibility is required. The current study aims to examine the relationship between phishing susceptibility and time pressure, along with individual differences in cue utilisation and information security awareness (ISA). In an online study, 127 participants were randomly assigned to either a 7-second or 15-second time condition and were presented with 60 emails (40 genuine and 20 phishing). Emails were presented one at a time for the duration corresponding with each participant’s time condition. Participants were required to sort each email into one of ten categories. The ‘phishing’ category was considered a hit when chosen following a phishing email, and a false alarm when following a genuine email. Participants also completed an assessment of cue utilisation in the domain of phishing, and the Human Aspects of Information Security Questionnaire (HAIS-Q). Statistical analyses revealed that a higher level of cue utilisation, a shorter email exposure duration and higher ISA resulted in reduced ability to differentiate between phishing and genuine emails. Furthermore, a positive correlation was found between cue utilisation and ISA, however, there was no interaction between time pressure and cue utilisation on phishing susceptibility. This study’s outcomes may aid in the development of training and education programs aimed at reducing phishing susceptibility.
Thesis (B.PsychSc(Hons)) -- University of Adelaide, School of Psychology, 2020
26
LEE, KANG, and 李綱. "A Study of the Effectiveness of the Social Engineering Prevention Based on Phishing Emails." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/4e88e9.
Full textAbstract:
碩士國防大學
網路安全碩士班
107
In 2016, the ATM stealing case of First Bank shocked the society. This financial crime has changed a lot. It is no longer by force, but by the use of the Internet. There are many kinds of cyber attacks. Social Engineering attacks are the lowest threshold. They mainly use interpersonal relationships, human weaknesses, and no need for professional techniques. Social Engineering attacks are divided into multiple ways. This study focuses on the analysis of the attack effectiveness of phishing emails to corporate employees. We hope that through social engineering exercises and a series of protective actions, the number of times that users open the Phishing Emails by mistake can be reduced. As a result, we can achieve the purpose of protecting corporate safety, preventing the leakage of capital information and reducing operational risks. This study conducted four Social Engineering exercises through employee questionnaires, Phishing Email design, data analysis, security education propaganda, and enhanced email warnings. The research results showed the risk degree of corporate employees being attacked and the high and low risk types of Phishing Emails. The effect of prevention and control under administrative means and technical means are also presented in this work. Keywords: Social Engineering, Phishing Emails, Email Warnings