To see the other types of publications on this topic, follow the link: Phising email.
Journal articles on the topic 'Phising email'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Phising email.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Putra Y, Vikran Fasyadhiyaksa. "Modus Operandi Tindak Pidana Phising Menurut UU ITE." Jurist-Diction 4, no. 6 (November 5, 2021): 2525. http://dx.doi.org/10.20473/jd.v4i6.31857.
Full textAbstract:
AbstractPhishing is an act to commit fraud by tricking the target with the intention of stealing the target's account, by spreading broadcasts which are often carried out through fake emails with fake information that directs the target to a fake page to trap the target so that the perpetrator gets access to the victim's account. Phishing still has some obscurity, especially in the modus operandi of the perpetrator. Therefore, this research aims to analyze and explain the modus operandi of the criminal act of phishing according to the ITE Law. This research is a normative legal research. Because the writing of this research in seeking the truth in order to answer legal issues raised by the author uses secondary data to find legal rules, legal principles, and legal doctrines, and tends to image law as a perspective discipline, which means that only see the law from the point of view of the norms only, which of course is prescriptive. This approach uses a statute approach, a conceptual approach and a case approach.Keywords: Phishing Crime; Cyber; Operandi Mode.AbstrakPhising adalah suatu perbuatan untuk melakukan penipuan dengan mengelabui target dengan maksud untuk mencuri akun target, dengan cara menyebarkan broadcast yang seringkali dilakukan melalui email palsu dengan muatan informasi palsu yang mengarahkan target ke halaman palsu untuk menjebak target sehingga pelaku mendapatkan akses terhadap akun korban, Secara ringkas Perbuatan phising masih memiliki beberapa kekaburan terutama pada modus operandi pelaku. Oleh karena itulah penelitian ini bertujuan untuk menganalisis dan menjelaskan terkait modus operandi Tindak pidana Phising menurut UU ITE. Penelitian ini merupakan penelitian hukum normatif. Karena penelitian ini dalam mencari kebenaran guna menjawab isu hukum yang diangkat penulis menggunakan data sekunder untuk menemukan suatu aturan-aturan hukum, prinsip-prinsip hukum, maupun doktrin-doktrin hukum, dan cenderung mencitrakan hukum sebagai disiplin prespektif, yang berarti hanya melihat hukum dari sudut pandang norma-normanya saja, yang tentunya bersifat preskriptif. Pendekatan ini menggunakan pendekatan undang-undang (statute approach), pendekatan konseptual (conceptual approach) dan pendekatan kasus (case approach). Kata Kunci: Tindak Pidana Phising; Siber; Modus Operandi.
2
Irawan, Dedi. "MENCURI INFORMASI PENTING DENGAN MENGAMBIL ALIH AKUN FACEBOOK DENGAN METODE PHISING." JIKI (Jurnal llmu Komputer & lnformatika) 1, no. 1 (July 6, 2020): 43–46. http://dx.doi.org/10.24127/jiki.v1i1.671.
Full textAbstract:
Phising bisa dikatakan mencuri informasi penting dengan mengambil alih akun korban untuk maksudtertentu. Kata lain dari Phising adalah Password Harvesting yang artinya sebuah tindakan kejahatanuntuk memancing mengumpulkan password. Tindakan Phising ini adalah mengarahkan penggunauntuk memasukkan data akun seperti username dan password di sebuah website palsu (fake webpage).Hebatnya lagi website Phising akan didesain dengan tampilan serta nuansa yang menyerupai situsaslinya (spoofed webpage). Misal seperti logo, alamat domain dan seterusnya. Sehingga jika tidakcermat mengamati, mereka yang menjadi target penjahat siber akan memberikan informasi merekaseperti username, password dan informasi penting lainnya secara sukarela. Salah satu metode palingumum yang digunakan untuk mendapatkan informasi terkait akun adalah metode "phising". Metodeini digunakan untuk menipu pengguna agar menyerahkan data mereka secara suka rela. Fake Webpagememang masih digunakan untuk mendapatkan akun social media seperti facebook. Hal tersebut karenapembuatan nya yang sangat mudah dan tingkat keberhasilan nya yang masih tinggi. Cara kerjanyaadalah dengan mengirimkan tautan (link) phising facebook di media social atau langsungmengirimkan link tersebut ke target. Bagi pengguna awam, mengira bahwa itu adalah situs webfacebook yang asli sehingga memasukkan username dan password, situs web sedang mengirimkaninformasi yang diterima dari pengguna seperti user name dan pasword ini ke pelaku, yaitu hacker.Setelah pelaku mendapatkan user name, email dan password korban maka akun korban akandigunakan untuk hal yang tidak baik.
3
Aminudin, Aminudin, and Eko Budi Cahyono. "KORELASI TIME TO LIVE TERHADAP QUERY TIDAK NORMAL PADA DNS MENGGUNAKAN BINARY LOGISTIC REGRESSION." JURTEKSI (Jurnal Teknologi dan Sistem Informasi) 7, no. 2 (April 1, 2021): 143–50. http://dx.doi.org/10.33330/jurteksi.v7i2.924.
Full textAbstract:
Abstract: DNS plays a vital role in the operation of services on the internet. Almost all services on the internet are under DNS control, such as email, FTP, web apps, etc. So, it is not surprising that various malicious activities involve DNS services such as financial fraud, phishing, malware, and malicious activity, etc. Fortunately, in DNS there is a record with the name time to live which can be used to detect a query or the address accessed from the user is a normal query or an abnormal query. Therefore, the purpose of this study is to determine the correlation value between time to live and abnormal queries on passive DNS data using the Binary Logistic Regression model. The results showed that the Binary Logistic Regression method could model the correlation between TTL, elapsed, and bytes which have an optimal model F1 Score of 0.9997 and also have a condition close to the ideal state by using the Precision-Recall Curve (PRC) graph plot. Keywords: Binary Logistic Regression; DNS Passive; Precision-Recall Curve (PRC); Query Abnormal Abstrak: DNS memegang peranan yang vital di dalam berjalanya service di internet. Hampir seluruh layanan di internet berada di bawah kendali DNS seperti email, ftp, app web dll. Jadi, tidak mengherankan bahwa berbagai kegiatan jahat melibatkan layanan DNS seperti financial fraud, phising, malware dan aktivitas malicious dll. Untungnya, di dalam DNS tersimpan sebuah record dengan nama time to live yang dapat digunakan untuk mendeteksi sebuah query atau alamat yang diakses dari user tersebut bersifat query normal atau query tidak normal. Oleh karena itu, tujuan penelitian ini adalah untuk mengetahui nilai korelasi antara time to live dengan query tidak normal pada data passive DNS dengan menggunakan model Binary Logistic Regression. Hasil penelitian menunjukkan bahwa metode Binary Logistic Regression dapat memodelkan korelasi antara TTL, elapsed dan bytes yang memiliki model optimal F1 Score sebesar 0.9997 dan juga memiliki kondisi hampir mendekati keadaan ideal dengan menggunakan plot grafik Precision Recall Curve (PRC). Kata kunci: Binary Logistic Regression; DNS Passive; Precision-Recall Curve (PRC); Query Abnormal
4
Singh, Kuldeep, Palvi Aggarwal, Prashanth Rajivan, and Cleotilde Gonzalez. "What makes phishing emails hard for humans to detect?" Proceedings of the Human Factors and Ergonomics Society Annual Meeting 64, no. 1 (December 2020): 431–35. http://dx.doi.org/10.1177/1071181320641097.
Full textAbstract:
This research investigates the email features that make a phishing email difficult to detect by humans. We use an existing data set of phishing and ham emails and expand that data set by collecting annotations of the features that make the emails phishing. Using the new, annotated data set, we perform cluster analyses to identify the categories of emails and their attributes. We then analyze the accuracy of detection in each category. Our results indicate that the similarity of the features of phishing emails to benign emails, play a critical role in the accuracy of detection. The phishing emails that are most similar to ham emails had the lowest accuracy while the phishing emails that were most dissimilar to the ham emails were detected more accurately. Regression models reveal the contribution of phishing email’s features to phishing detection accuracy. We discuss the implications of these results to theory and practice.
5
Yustitiana, Rhesita. "Pelaksanaan Pengaturan Hukum Tindak Kejahatan “Fraud Phising” Transaksi Elektronik sebagai Bagian dari Upaya Penegakan Hukum di Indonesia Dikaitkan dengan Teori Efektivitas Hukum [Implementation of the Criminal Act of Fraud Phising of Electronic Transaction as Part of the Law Enforcement Effort in Indonesia in Regard to the Effectiveness of Law Theory]." Jurnal Hukum Visio Justisia 1, no. 1 (July 31, 2021): 98. http://dx.doi.org/10.19166/vj.v1i1.3802.
Full textAbstract:
<p><em>Fraud phishing is a criminal act of electronic fraud that is conducted through false email addresses or websites with the intention to obtain private data of targets which leads to material or immaterial damages, not only felt by the targets but also by institutions related to criminal act fraud phishing on electronic transaction. Basically, Indonesia has proposed regulations related to the criminal act fraud phishing in electronic transaction. But, these regulations are not yet sufficient to decrease the number of Fraud Phishing cases in electronic transactions. Based on these problems, the Author argue that there is still a need to assess the legal arrangements for the crime of fraud phishing in electronic transactions, as well as the implementation of legal arrangements for electronic transactions fraud phishing as part of law enforcement efforts based on the theory of the effectiveness of law. This research uses two methods of legal research, which are normative and empirical legal research. The result of this research shows that Indonesia have 4 regulations about fraud phishing in electronic transactions, namely Law Number 11 of Year 2008 on Information and Electronic Transactions amended by Law Number 19 of Year 2016, Law Number 82 of Year 2012 on Electronic System and Transaction Electronic, the Indonesian Penal Code and Law Number 7 of Year 1992 on Banking amended by Law Number 10 of Year 1998, and the implementation of the regulations is still not effective if assessed using the theory of the effectiveness of law.</em></p><p><strong>Bahasa Indonesia Abstrak: </strong><em>Fraud Phishing</em> adalah tindak kejahatan penipuan elektronik yang dilakukan melalui perantara email atau website palsu dengan tujuan untuk mendapatkan data pribadi calon korban, hal ini berdampak pada kerugian material atau immateril yang tidak hanya dirasakan oleh korban melainkan juga oleh lembaga yang terkait dengan tindak kejahatan <em>fraud phis</em><em>h</em><em>ing</em> transaksi elektronik tersebut. Indonesia pada dasarnya telah menjajaki untuk memiliki peraturan terkait dengan penyelesaian tindak kejahatan <em>fraud phis</em><em>h</em><em>ing</em> transaksi elektronik. Namun, ketentuan yang ada tersebut dirasa belum cukup untuk mengurangi jumlah kasus <em>fraud phishing</em> dalam transaksi elektronik. Berdasarkan permasalahan tersebut Penulis berpendapat bahwa masih perlu pengkajian kembali terhadap pengaturan hukum tindak kejahatan<em> fraud phis</em><em>h</em><em>ing </em>transaksi elektronik, serta pelaksanaan pengaturan hukum tindak kejahatan <em>fraud phis</em><em>h</em><em>ing</em> transaksi elektronik sebagai bagian dari upaya penegakan hukum berdasarkan teori efektivitas hukum. Penelitian ini menggunakan metode penelitian hukum yaitu penelitian hukum yuridis normatif yang dibantu dengan pendekatan data empiris. Hasil penelitian ini menunjukkan bahwa Indonesia telah memiliki 4 pengaturan hukum terkait <em>fraud phis</em><em>h</em><em>ing</em> transaksi elektronik yaitu Undang-Undang Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik diubah dengan Undang-Undang Nomor 19 Tahun 2016, Peraturan Pemerintah Nomor Peraturan Pemerintah Nomor 82 Tahun 2012 tentang Penyelenggaraan Sistem dan Transaksi Elektronik, KUHP Indonesia dan Undang-Undang Nomor 7 Tahun 1992 tentang Perbankan diubah dengan Undang-Undang Nomor 10 Tahun 1998, serta dalam pelaksanaan pengaturan hukum tersebut masih dinilai belum efektif jika dikaji dengan menggunakan teori efektivitas hukum </p>
6
Bullee, Jan-Willem, Lorena Montoya, Marianne Junger, and Pieter Hartel. "Spear phishing in organisations explained." Information & Computer Security 25, no. 5 (November 13, 2017): 593–613. http://dx.doi.org/10.1108/ics-03-2017-0009.
Full textAbstract:
Purpose The purpose of this study is to explore how the opening phrase of a phishing email influences the action taken by the recipient. Design/methodology/approach Two types of phishing emails were sent to 593 employees, who were asked to provide personally identifiable information (PII). A personalised spear phishing email opening was randomly used in half of the emails. Findings Nineteen per cent of the employees provided their PII in a general phishing email, compared to 29 per cent in the spear phishing condition. Employees having a high power distance cultural background were more likely to provide their PII, compared to those with a low one. There was no effect of age on providing the PII requested when the recipient’s years of service within the organisation is taken into account. Practical implications This research shows that success is higher when the opening sentence of a phishing email is personalised. The resulting model explains victimisation by phishing emails well, and it would allow practitioners to focus awareness campaigns to maximise their effect. Originality/value The innovative aspect relates to explaining spear phishing using four socio-demographic variables.
7
Nmachi, Wosah Peace, and Thomas Win. "Phishing Mitigation Techniques: A Literature Survey." International Journal of Network Security & Its Applications 13, no. 2 (March 31, 2021): 63–72. http://dx.doi.org/10.5121/ijnsa.2021.13205.
Full textAbstract:
Email is a channel of communication which isconsideredto be a confidential medium of communication for exchange of information among individuals and organisations. The confidentiality consideration about email is no longer the case as attackers send malicious emails to users to deceive them into disclosing their private personal information such as username, password, and bank card details, etc. In search of a solution to combat phishing cybercrime attacks, different approaches have been developed. However, the traditional exiting solutions have beenlimited in assisting email users to identify phishing emails from legitimate ones. This paper reveals the different email and website phishing solutions in phishing attack detection. It first provides a literature analysis of different existing phishing mitigation approaches. It then provides a discussion on the limitations of the techniques, before concluding with anexplorationintohow phishing detection can be improved.
8
Burita, Ladislav, Ivo Klaban, and Tomas Racil. "Education and Training Against Threat of Phishing Emails." International Conference on Cyber Warfare and Security 17, no. 1 (March 2, 2022): 7–18. http://dx.doi.org/10.34190/iccws.17.1.28.
Full textAbstract:
The research results published in this article are oriented toward two areas: phishing email analysis and education for defense against the threats of phishing emails. The first topic builds on previous research primarily by analyzing changes in captured phishing emails over an interval of 4 weeks, half a year after the previous experiment. In this section, a statistical survey of phishing emails from both experiments is carried out and emails are segmented into categories focused on business, charity, asset transfer, and fund offers. The results of both experiments are then compared and validated. Based on this comparison and validation, a conclusion is made on trends and development in the phishing email domain in the last half a year. The second focus of our research is analysis of the existing education and testing systems for phishing emails. Based on the results of the analysis, a suitable system for university education and training against phishing and other malicious email threats will be designed. There is also an analysis of existing systems for improving and testing users' ability to recognize and react to phishing emails. Based on our findings about these systems, our own system is proposed. An experiment is prepared on "self-service" testing of phishing email detection skills performed by students with their colleagues. Some activists were employed to assist with this experiment; they will operate and prepare the environment according to the processed scenario. All experiments must be completely safe and effective at the same time. The experiments will be evaluated and the experience used to develop the education and training system at the university.
9
Rastenis, Justinas, Simona Ramanauskaitė, Ivan Suzdalev, Kornelija Tunaitytė, Justinas Janulevičius, and Antanas Čenys. "Multi-Language Spam/Phishing Classification by Email Body Text: Toward Automated Security Incident Investigation." Electronics 10, no. 6 (March 12, 2021): 668. http://dx.doi.org/10.3390/electronics10060668.
Full textAbstract:
Spamming and phishing are two types of emailing that are annoying and unwanted, differing by the potential threat and impact to the user. Automated classification of these categories can increase the users’ awareness as well as to be used for incident investigation prioritization or automated fact gathering. However, currently there are no scientific papers focusing on email classification concerning these two categories of spam and phishing emails. Therefore this paper presents a solution, based on email message body text automated classification into spam and phishing emails. We apply the proposed solution for email classification, written in three languages: English, Russian, and Lithuanian. As most public email datasets almost exclusively collect English emails, we investigate the suitability of automated dataset translation to adapt it to email classification, written in other languages. Experiments on public dataset usage limitations for a specific organization are executed in this paper to evaluate the need of dataset updates for more accurate classification results.
10
Welk, Allaire K., Kyung Wha Hong, Olga A. Zielinska, Rucha Tembe, Emerson Murphy-Hill, and Christopher B. Mayhorn. "Will the “Phisher-Men” Reel You In?" International Journal of Cyber Behavior, Psychology and Learning 5, no. 4 (October 2015): 1–17. http://dx.doi.org/10.4018/ijcbpl.2015100101.
Full textAbstract:
Phishing is an act of technology-based deception that targets individuals to obtain information. To minimize the number of phishing attacks, factors that influence the ability to identify phishing attempts must be examined. The present study aimed to determine how individual differences relate to performance on a phishing task. Undergraduate students completed a questionnaire designed to assess impulsivity, trust, personality characteristics, and Internet/security habits. Participants performed an email task where they had to discriminate between legitimate emails and phishing attempts. Researchers assessed performance in terms of correctly identifying all email types (overall accuracy) as well as accuracy in identifying phishing emails (phishing accuracy). Results indicated that overall and phishing accuracy each possessed unique trust, personality, and impulsivity predictors, but shared one significant behavioral predictor. These results present distinct predictors of phishing susceptibility that should be incorporated in the development of anti-phishing technology and training.
11
Verma, Priyanka, Anjali Goyal, and Yogita Gigras. "Email phishing: text classification using natural language processing." Computer Science and Information Technologies 1, no. 1 (May 1, 2020): 1–12. http://dx.doi.org/10.11591/csit.v1i1.p1-12.
Full textAbstract:
Phishing is networked theft in which the main motive of phishers is to steal any person’s private information, its financial details like account number, credit card details, login information, payment mode information by creating and developing a fake page or a fake web site, which look completely authentic and genuine. Nowadays email phishing has become a big threat to all, and is increasing day by day. Moreover detection of phishing emails have been considered an important research issue as phishing emails have been increasing day by day. Various techniques have been introduced and applied to deal with such a big issue. The major objective of this research paper is giving a detailed description on the classification of phishing emails using the natural language processing concepts. NLP (natural language processing) concepts have been applied for the classification of emails, along with that accuracy rate of various classifiers have been calculated. The paper is presented in four sections. An introduction about phishing its types, its history, statistics, life cycle, motivation for phishers and working of email phishing have been discussed in the first section. The second section covers various technologies of phishing- email phishing and also description of evaluation metrics. An overview of the various proposed solutions and work done by researchers in this field in form of literature review has been presented in the third section. The solution approach and the obtained results have been defined in the fourth section giving a detailed description about NLP concepts and working procedure.
12
Cooper, Molly, Yair Levy, Ling Wang, and Laurie Dringus. "Subject matter experts’ feedback on a prototype development of an audio, visual, and haptic phishing email alert system." Online Journal of Applied Knowledge Management 8, no. 2 (December 29, 2020): 107–21. http://dx.doi.org/10.36965/ojakm.2020.8(2)107-121.
Full textAbstract:
Phishing emails, also defined as email spam messages, present a threat to both personal and organizational data loss. About 93% of cybersecurity incidents are due to phishing and/or social engineering. Users are continuing to click on phishing links in emails even after phishing awareness training. Thus, it appears that there is a strong need for creative ways to alert and warn users to signs of phishing in emails. ‘System 2 Thinking Mode’ (S2) describes an individual in a more aware state of mind when making important decisions. Ways to trigger S2 include audio alerts, visual alerts, and haptic/vibrations. Assisting the user in noticing signs of phishing in emails could possibly be studied through the delivery of audio, visual, and haptic (vibration) alerts and warnings. This study outlines the empirical results from 32 Subject Matter Experts (SMEs) on an initial prototype design and development of an email phishing alert and warning system. The prototype will be developed to alert and warn users to the signs of phishing in emails in an attempt to switch them to an S2 state of mind. The preliminary results of the SMEs indicated that several features for a phishing alert and warning system could be assembled, resulting in a mobile phishing alert and warning prototype. Visual icons were chosen for each sign of phishing used in the prototype, as well as voice over warnings and haptic vibrations. The preliminary results also determined task measurements, ‘ability to notice’, and ‘time to notice’ signs of phishing in emails.
13
Tornblad, McKenna K., Miriam E. Armstrong, Keith S. Jones, and Akbar Siami Namin. "Unrealistic Promises and Urgent Wording Differently Affect Suspicion of Phishing and Legitimate Emails." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 65, no. 1 (September 2021): 363–67. http://dx.doi.org/10.1177/1071181321651277.
Full textAbstract:
Phishing emails have certain characteristics, including wording related to urgency and unrealistic promises (i.e., “too good to be true”), that attempt to lure victims. To test whether these characteristics affected users’ suspiciousness of emails, users participated in a phishing judgment task in which we manipulated 1) email type (legitimate, phishing), 2) consequence amount (small, medium, large), 3) consequence type (gain, loss), and 4) urgency (present, absent). We predicted users would be most suspicious of phishing emails that were urgent and offered large gains. Results supporting the hypotheses indicate that users were more suspicious of phishing emails with a gain consequence type or large consequence amount. However, urgency was not a significant predictor of suspiciousness for phishing emails, but was for legitimate emails. These results have important cybersecurity-related implications for penetration testing and user training.
14
R, Gokul, and Felix M. Philip. "Phishing Detection." YMER Digital 21, no. 06 (June 15, 2022): 405–12. http://dx.doi.org/10.37896/ymer21.06/39.
Full textAbstract:
The phishing email is one of the significant threats in the world today and has caused tremendous financial losses. Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. Although the methods of confrontation are continually being updated, the results of those methods are not very satisfactory at present. Moreover, phishing emails are growing at an alarming rate in recent years. Therefore, more effective phishing detection technology is needed to curb the threat of phishing emails. So There are many ways to detect these phishing mails nowadays using Machine Learning. so using the phishing mail detector where these links could be tested and then predicted and to detect whether it is a spam or not. Keywords: Phishing mail, Social engineering, Machine learning
15
Mhaske-Dhamdhere, Vidya, and Sandeep Vanjale. "A novel approach for phishing emails real time classifica-tion using k-means algorithm." International Journal of Engineering & Technology 7, no. 1.2 (December 28, 2017): 96. http://dx.doi.org/10.14419/ijet.v7i1.2.9018.
Full textAbstract:
The dangers phishing becomes considerably bigger problem in online networking, for example, Facebook, twitter and Google+. The phishing is normally completed by email mocking or texting and it frequently guides client to enter points of interest at a phony sites whose look and feel are practically indistinguishable to the honest to goodness. Non-technical user resists learning of anti-phishing technic. Also not permanently remember phishing learning. Software solutions such as authentication and security warnings are still depending on end user action.In this paper we are mainly focus on a novel approach of real time phishing email classification using K-means algorithm. For this we uses 160 emails of last year computer engineering students. we get True positive of legitimate and phishing as 67% and 80% and true negative is 30 % and 20%.,which is very high so we ask same users reasons which I mainly categories into three categories ,look and feel of email, email technical parameters, and email structure.
16
Kavitha, T., G. Vaishnavi, M. Ramyashree, and Charanjeet Kaur. "Phishing Email Detection Using Improved RCNN with Multilevel Vectors and Attention Mechanism." International Journal for Research in Applied Science and Engineering Technology 10, no. 9 (September 30, 2022): 1301–4. http://dx.doi.org/10.22214/ijraset.2022.46812.
Full textAbstract:
Abstract: The Phishing emails are the common threats in the present world which leads to the financial losses and stealing the sensitive information like credit card details, username and password etc. Due to increase in the rate of phishing emails there is a need to introduce the effective phishing detection technology. In order to detect the phishing emails many methods, techniques and technologies are introduced .Improved RCNN with multilevel vectors and attention mechanism is one such technology. Firstly, the email structure is analyzed and then by using RCNN model with multilevel vectors ,attention mechanism phishing content is detected .we introduce noise to test the effectiveness.
17
Lawson, Patrick, Olga Zielinska, Carl Pearson, and Christopher B. Mayhorn. "Interaction of Personality and Persuasion Tactics in Email Phishing Attacks." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 61, no. 1 (September 2017): 1331–33. http://dx.doi.org/10.1177/1541931213601815.
Full textAbstract:
Phishing is a social engineering tactic where a malicious actor impersonates a trustworthy third party with the intention of tricking the user into divulging sensitive information. Previous social engineering research has shown an interaction between personality and the persuasion principle used. This study was conducted to investigate whether this interaction is present in the realm of email phishing. To investigate this, we used a personality inventory and an email identification task (phishing or legitimate). The emails used in the identification task utilize four of Cialdini’s persuasion principles. Our data confirms previous findings that high extroversion is predictive of increased susceptibility to phishing attacks. In addition, we identify multiple interactions between personality and specific persuasion principles. We also report the overarching efficacy of various persuasion principles on phishing email identification accuracy.
18
Vishwanath, Arun, Brynne Harrison, and Yu Jie Ng. "Suspicion, Cognition, and Automaticity Model of Phishing Susceptibility." Communication Research 45, no. 8 (February 10, 2016): 1146–66. http://dx.doi.org/10.1177/0093650215627483.
Full textAbstract:
Social-psychological research on phishing has implicated ineffective cognitive processing as the key reason for individual victimization. Interventions have consequently focused on training individuals to better detect deceptive emails. Evidence, however, points to individuals sinking into patterns of email usage that within a short period of time results in an attenuation of the training effects. Thus, individual email habits appear to be another predictor of their phishing susceptibility. To comprehensively account for all these influences, we built a model that accounts for the cognitive, preconscious, and automatic processes that potentially leads to phishing-based deception. The resultant suspicion, cognition, and automaticity model (SCAM) was tested using two experimental studies in which participants were subjected to different types of email-based phishing attacks.
19
Naswir, Ahmad Fadhil, and Lailatul Qadri Zakaria. "THE EFFECTIVENESS OF URL FEATURES ON PHISHING EMAILS CLASSIFICATION USING MACHINE LEARNING APPROACH." Asia-Pacific Journal of Information Technology and Multimedia 11, no. 02 (December 2022): 49–58. http://dx.doi.org/10.17576/apjitm-2022-1102-04.
Full textAbstract:
Phishing email classification requires features so that the performance obtained produces good accuracy. One of the reasons for the lack of development of models for detecting phishing emails is the complexity of the feature selection. Feature selection is one of the essential parts of getting a good classification result, commonly used features are header, body, and Uniform Resource Locator (URL). Besides the email body text content, the URL is one of the leading indicators that the phishing attack successfully happened. The URL is commonly located on the body of the phishing email to get the victim's attention. It will redirect the victim to a fake website to obtain personal information from the victim. There is a lack of information about how the URL features affect the phishing email classification results. Therefore, this work focuses on using URL features to determine whether an email is phishing or legitimate using machine learning approaches. Two public datasets used in this work are the Online Phishing Corpus and Enron Corpus. The URL features are extracted using the Beautiful Soup library. Two machine learning classifiers used in this work are Support Vector Machine (SVM) and Artificial Neural Network (ANN). The experiments were divided into two based on features used in the classifiers. The first experiment used raw email data with URL features, while the second only used raw email data. The first experiment shows higher accuracy in both classifiers, SVM and ANN. Hence, this research proves that the impact of selecting URL features will increase the performance of the classification.
20
Akinyelu, Andronicus A., and Aderemi O. Adewumi. "Classification of Phishing Email Using Random Forest Machine Learning Technique." Journal of Applied Mathematics 2014 (2014): 1–6. http://dx.doi.org/10.1155/2014/425731.
Full textAbstract:
Phishing is one of the major challenges faced by the world of e-commerce today. Thanks to phishing attacks, billions of dollars have been lost by many companies and individuals. In 2012, an online report put the loss due to phishing attack at about $1.5 billion. This global impact of phishing attacks will continue to be on the increase and thus requires more efficient phishing detection techniques to curb the menace. This paper investigates and reports the use of random forest machine learning algorithm in classification of phishing attacks, with the major objective of developing an improved phishing email classifier with better prediction accuracy and fewer numbers of features. From a dataset consisting of 2000 phishing and ham emails, a set of prominent phishing email features (identified from the literature) were extracted and used by the machine learning algorithm with a resulting classification accuracy of 99.7% and low false negative (FN) and false positive (FP) rates.
21
Anandpara, Rahul. "Secured Mail Transformation System Using Machine Learnin." International Journal for Research in Applied Science and Engineering Technology 9, no. VII (July 20, 2021): 1880–86. http://dx.doi.org/10.22214/ijraset.2021.36764.
Full textAbstract:
Today, Email Spam has become a major problem, with Rapid increament of internet users, Email spams is also increasing. People are using email spam for illegal and unethical conducts, phishing and fraud. Sending malicious link through spam emails which can damage the system and can also seek in into your system. Spammer creates a fake profile and email account which is easier for them. These spammers target those peoples who are not aware about frauds. So there is a need to identify the fraud in terms of spam emails. In this paper we will identify the spam by using machine learning algorithms.
22
Iswanto, Hery, Erni Seniwati, Yuli Astuti, and Dina Maulina. "Comparison of Algorithms on Machine Learning For Spam Email Classification." IJISTECH (International Journal of Information System and Technology) 5, no. 4 (December 30, 2021): 446. http://dx.doi.org/10.30645/ijistech.v5i4.164.
Full textAbstract:
The rapid development of email use and the convenience provided make email as the most frequently used means of communication. Along with its development, many parties are abusing the use of email as a means of advertising promotion, phishing and sending other unimportant emails. This information is called spam email. One of the efforts in overcoming the problem of spam emails is by filtering techniques based on the content of the email. In the first study related to the classification of spam emails, the Naïve Bayes method is the most commonly used method. Therefore, in this study researchers will add Random Forest and K-Nearest Neighbor (KNN) methods to make comparisons in order to find which methods have better accuracy in classifying spam emails. Based on the results of the trial, the application of Naïve bayes classification algorithm in the classification of spam emails resulted in accuracy of 83.5%, Random Forest 83.5% and KNN 82.75%
23
Priestman, Ward, Tony Anstis, Isabel G. Sebire, Shankar Sridharan, and Neil J. Sebire. "Phishing in healthcare organisations: threats, mitigation and approaches." BMJ Health & Care Informatics 26, no. 1 (September 2019): e100031. http://dx.doi.org/10.1136/bmjhci-2019-100031.
Full textAbstract:
IntroductionHealthcare data have significant value as a potential target for hackers. Phishing is a method of exploitation for malicious reasons using targeted communications (email/messaging). This study reports on an internal evaluation targeting hospital staff and summarises peer-reviewed literature regarding phishing and healthcare.MethodsAn assessment was performed as part of cybersecurity activity during a designated test period using multiple credential harvesting approaches through staff email. We also searched the medical-related literature to identify relevant phishing-related publications.ResultsDuring the 1-month testing period, the organisation received 858 200 emails: 139 400 (16%) marketing, 18 871 (2%) identified as potential threats. Of 143 million internet transactions, around 5 million (3%) were suspected threats. 468 employee email addresses were identified from public data and targeted through phishing using a range of payloads including attachments and malicious links; however, no credentials were recovered or malicious files downloaded. Several hospital employees were, however, identified on social media profiles, including some tricked into accepting false friend requests.DiscussionHealthcare organisations are increasingly moving to digital systems, but healthcare professionals have limited awareness of threats. Increasing emphasis on ‘cyberhygiene’ and information governance through mandatory training increases understanding of these risks. While no credentials were harvested in this study, since up to 5% of emails/internet traffic are suspicious, the need for robust firewalls, cybersecurity infrastructure, IT policies and, most importantly of all, staff training, is emphasised.ConclusionHospitals receive a significant volume of potentially malicious emails. While many staff appear to be aware of phishing and respond appropriately, ongoing education is required across the spectrum of cybersecurity, with specific emphasis around ‘leakage’ of information on social media.
24
Dixon, Matt, James Nicholson, Dawn Branley-Bell, Pam Briggs, and Lynne Coventry. "Holding Your Hand on the Danger Button." Proceedings of the ACM on Human-Computer Interaction 6, MHCI (September 19, 2022): 1–22. http://dx.doi.org/10.1145/3546730.
Full textAbstract:
Phishing emails continue to be a major cause of cybersecurity breaches despite the development of technical measures designed to thwart these attacks. Most phishing studies have investigated desktop email platforms, but the use of mobile devices for email exchanges has soared in recent years, especially amongst young adults. In this paper, we explore how the digital platform (desktop vs. mobile) influences users' phish detection strategies. Twenty-one young adults (18-25 years) were asked to rate the legitimacy of emails using a live inbox test while using a think-aloud protocol on both platforms. Our results suggest that a lack of knowledge about key defence information on the mobile platform results in weak phish detection. We discuss the implications of these findings and offer design recommendations to support effective phish detection by smartphone users.
25
Kikerpill, Kristjan, and Andra Siibak. "Living in a Spamster's Paradise: Deceit and Threats in Phishing Emails." Masaryk University Journal of Law and Technology 13, no. 1 (June 30, 2019): 45–66. http://dx.doi.org/10.5817/mujlt2019-1-3.
Full textAbstract:
The prevalence of using email as a communication tool for personal and professional purposes makes it a significant attack vector for cybercriminals. Consensus exists that phishing, i.e. use of socially engineered messages to convince recipients into performing actions that benefit the sender, is widespread as a negative phenomenon. However, little is known about its true extent from a criminal law perspective. Similar to how the treatment of phishing in a generic manner does not adequately inform the relevant law, a case-by-case legal analysis of seemingly independent offences would not reveal the true scale and extent of phishing as a social phenomenon. The current research addresses this significant gap in the literature. To study this issue, a qualitative text analysis was performed on (N=42) emails collected over a 30-day period from two email accounts. Secondly, the phishing emails were analysed from an Estonian criminal law perspective. The legal analysis shows that in the period of only one month, the accounts received what amounts to 3 instances of extortion, 29 fraud attempts and 10 cases of personal data processing related misdemeanour offences.
26
Raj S, Jeevan, Raghav K Sejpal, Priya N, and Dr Mir Aadil. "SUSPICIOUS E-MAIL DETECTION USING VARIOUS TECHNIQUES." International Journal of Engineering Applied Sciences and Technology 6, no. 10 (February 1, 2022): 212–16. http://dx.doi.org/10.33564/ijeast.2022.v06i10.028.
Full textAbstract:
In today's world, email spam has become a serious concern, since the number of internet users has grown rapidly. Illegal and unethical practices, such as phishing and fraud, are taking advantage of the diverse classes of users that use different web services. Users that send unsolicited emails with the intention of disrupting or attracting legitimate customers are known as "spammers" by infecting the user system by sending malicious links in a spam email. Spammers prey on those who are unaware of their deceptions by posing as real people in their unsolicited emails and setting up bogus social media profiles and email accounts. These fraudulent spam emails must be identified. The work is an attempt to analyze different machine learning approaches to serve the purpose. This article uses Deep Learning methods for the identification of spam emails with high precision and accuracy.
27
B, Manoj, and Fancy C. "Checksec Email Phishi Trasher Tool." International Journal of Engineering & Technology 7, no. 4.6 (September 25, 2018): 363. http://dx.doi.org/10.14419/ijet.v7i4.6.28442.
Full textAbstract:
In this faster networking world, Phishing has become the most popular practice among the criminals of the web. Various phishing types are deceptive, spear phishing, Email phishing, malware-based phishing, key loggers, session hijacking, man in middle, Trojan, DNS poisoning, cross-site scripting attacks. There is a need for automated tools to solve the problem by the victim side. Existing methods are regularly too tedious to be utilized in reality as far as recognition and relief session. Hence it is decided to propose a model which focuses on detecting and preventing the email phishing attack. In this paper, we present PhishiTrasher, another discovery and relief approach, where we initially propose another system for Deep Packet Inspection afterward use in phishing exercises through email and electronic correspondence. The proposed packet inspection approach comprises parts, vulnerable mark arrangement then continuous DPI. With the help of the phishing assault marks, outline the continuous DPI with the goal that PhishiTrasher can adapt to address the elements of phishing assaults in reality. PhishiTrasher gives better system movement administration to containing phishing assaults since it has the worldwide perspective of a system. Moreover, we assess PhishiTrasher utilizing a true test bed condition and databases comprising of genuine email with installed joins. Our broad test contemplate demonstrates that PhishiTrasher gives a powerful and effective answer for prevent phishing attacks through email. Results demonstrate that profiling should be possible with very high genuine.
28
Zielinska, Olga A., Allaire K. Welk, Christopher B. Mayhorn, and Emerson Murphy-Hill. "A Temporal Analysis of Persuasion Principles in Phishing Emails." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 60, no. 1 (September 2016): 765–69. http://dx.doi.org/10.1177/1541931213601175.
Full textAbstract:
Eight hundred eighty-seven phishing emails from Arizona State University, Brown University, and Cornell University were assessed by two reviewers for Cialdini’s six principles of persuasion: authority, social proof, liking/similarity, commitment/consistency, scarcity, and reciprocation. A correlational analysis of email characteristics by year revealed that the persuasion principles of commitment/consistency and scarcity have increased over time, while the principles of reciprocation and social proof have decreased over time. Authority and liking/similarity revealed mixed results with certain characteristics increasing and others decreasing. Results from this study can inform user training of phishing emails and help cybersecurity software to become more effective.
29
Morovati, Kamran. "Detection of Phishing Emails with Email Forensic Analysis and Machine Learning Techniques." International Journal of Cyber-Security and Digital Forensics 8, no. 2 (2019): 98–107. http://dx.doi.org/10.17781/p002568.
Full text
30
Greitzer, Frank L., Wanru Li, Kathryn B. Laskey, James Lee, and Justin Purl. "Experimental Investigation of Technical and Human Factors Related to Phishing Susceptibility." ACM Transactions on Social Computing 4, no. 2 (June 26, 2021): 1–48. http://dx.doi.org/10.1145/3461672.
Full textAbstract:
This article reports on a simulated phishing experiment targeting 6,938 faculty and staff at George Mason University. The three-week phishing campaign employed three types of phishing exploits and examined demographic, linked workstation/network monitoring audit data, and a variety of behavioral and psychological factors measured via pre- and post-campaign surveys. While earlier research studies have reported disparate effects of gender and age, the present results suggest that these effects are not significant or are of limited strength and that other underlying factors may be more important. Specifically, significant differences in phishing susceptibility were obtained for different email contexts and based on whether individuals have been successfully phished before (these people were more likely to succumb to subsequent phishing emails in our study). Further, participants who responded to phishing exploits scored higher on impulsivity than the non-clickers. Also, participants whose survey responses indicated that they had more appropriate online “security hygiene habits,” such as checking the legitimacy of links, were less likely to be successfully phished in our campaign. Participants whose post-campaign survey responses indicated that they were suspicious of a phishing email message in our campaign were far less likely to click on the phishing link than those who were not suspicious. Similar results were obtained for judgments of pertinence of the email. Participants who indicated that they thought about the negative consequences of clicking the link were less likely to do so than participants who did not think about the negative consequences. Implications for effective training and awareness are discussed.
31
Dadvandipour, Samad, and Aadil Gani Ganie. "Analyzing and predicting spear-phishing using machine learning methods." Multidiszciplináris tudományok 10, no. 4 (2020): 262–73. http://dx.doi.org/10.35925/j.multi.2020.4.30.
Full textAbstract:
Phishing implies misdirecting the client by masking himself/herself as a reliable individual, to take the Critical material, for example, bank account number, credit card numbers, and so on; one of the noticeably utilized Phishing these days is spear phishing, and it is one of the effective phishing assaults given its social, mental boundaries. In this paper, we will mitigate the impact of spear phishing by utilizing the multi-layer approach. The multi-layer approach is the best method of managing the web interruption, as the intruder needs to experience shift levels. Practically all the scientists are dealing with the content of the email; however, this paper picks a novel method to counter the phishing messages by utilizing both the attachment and content of an email. We applied sentimental analysis on emails, including both content of the email and the attachment, to check whether they are spam or not using SVM classifier and Randomforest Classifier; the former showed 96 percent accuracy while, as later offers 97.66 percent accuracy. SVM showed false-positive 0 percent and false-negative 4 percent, while RandomForest showed 0 percent false-positive and 2.33 percent false-negative ratios. We also performed topic modeling using LDA(Latent Dirichlet Allocation)) from Gensim package to get the dominant topics in our dataset. We visualized the results of our topic model using pyLDvis. The perplexity and coherence score of our topic model is -12.897670565510511 and 0.44700287476452394, respectively.
32
Islam, Muhammad Nazrul, Tarannum Zaki, Md Sami Uddin, and Md Mahedi Hasan. "Security Threats for Big Data." International Journal of Information Communication Technologies and Human Development 10, no. 4 (October 2018): 1–18. http://dx.doi.org/10.4018/ijicthd.2018100101.
Full textAbstract:
With the advancement of modern science and technology, data emerging from different fields are escalating gradually. Recently, with this huge amount of data, Big Data has become a source of immense opportunities for large scale organizations related to various business sectors as well as to information technology (IT) professionals. Hence, one of the biggest challenges of this context is the security of this big set of data in different ICT based organizations. The fundamental objective of this article is to explore how big data may create security challenges in email communication. As an outcome, this article first shows that big data analysis helps to understand the behavior or interest of email users, which in turn can help phishers to create the phishing sites or emails that result in IT security threat; second, the article finds that phishing e-mail generation based on the (email) users' behavior can break an organization's IT security; and finally, a framework was proposed that would help to enhance the security of email communication.
33
Mohammed, Mazin Abed, Dheyaa Ahmed Ibrahim, and Akbal Omran Salman. "Adaptive intelligent learning approach based on visual anti-spam email model for multi-natural language." Journal of Intelligent Systems 30, no. 1 (January 1, 2021): 774–92. http://dx.doi.org/10.1515/jisys-2021-0045.
Full textAbstract:
Abstract Spam electronic mails (emails) refer to harmful and unwanted commercial emails sent to corporate bodies or individuals to cause harm. Even though such mails are often used for advertising services and products, they sometimes contain links to malware or phishing hosting websites through which private information can be stolen. This study shows how the adaptive intelligent learning approach, based on the visual anti-spam model for multi-natural language, can be used to detect abnormal situations effectively. The application of this approach is for spam filtering. With adaptive intelligent learning, high performance is achieved alongside a low false detection rate. There are three main phases through which the approach functions intelligently to ascertain if an email is legitimate based on the knowledge that has been gathered previously during the course of training. The proposed approach includes two models to identify the phishing emails. The first model has proposed to identify the type of the language. New trainable model based on Naive Bayes classifier has also been proposed. The proposed model is trained on three types of languages (Arabic, English and Chinese) and the trained model has used to identify the language type and use the label for the next model. The second model has been built by using two classes (phishing and normal email for each language) as a training data. The second trained model (Naive Bayes classifier) has been applied to identify the phishing emails as a final decision for the proposed approach. The proposed strategy is implemented using the Java environments and JADE agent platform. The testing of the performance of the AIA learning model involved the use of a dataset that is made up of 2,000 emails, and the results proved the efficiency of the model in accurately detecting and filtering a wide range of spam emails. The results of our study suggest that the Naive Bayes classifier performed ideally when tested on a database that has the biggest estimate (having a general accuracy of 98.4%, false positive rate of 0.08%, and false negative rate of 2.90%). This indicates that our Naive Bayes classifier algorithm will work viably on the off chance, connected to a real-world database, which is more common but not the largest.
34
Revathi, G., K. Nageswara Rao, and G. Sita Ratnam. "Email Spam Detection using Naïve Bayes Algorithm." International Journal for Research in Applied Science and Engineering Technology 10, no. 9 (September 30, 2022): 653–55. http://dx.doi.org/10.22214/ijraset.2022.46654.
Full textAbstract:
Abstract: Email Spam has become a vital issue currently, with high-speed growth of internet users. Some people are using them for illegal conducts, phishing and fraud. Sending malicious link through spam emails which can harm our system and may also they will seek into our system. The need of email spam detection is to prevent spam messages from lagging into user’s inbox so it’ll improve user experience. This project will identify those spam emails by using machine learning approach. Machine learning is one amongst the applications of Artificial Intelligence that allow systems to read and improve from experience without being specific programmed. This paper will discuss the machine learning algorithm which is Naïve Bayes. It is a probabilistic classifier, which means it predicts on the idea of the probability of an object and it is selected for the email spam detection having best precision and accuracy.
35
Singh, Kuldeep, Palvi Aggarwal, Prashanth Rajivan, and Cleotilde Gonzalez. "Training to Detect Phishing Emails: Effects of the Frequency of Experienced Phishing Emails." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 63, no. 1 (November 2019): 453–57. http://dx.doi.org/10.1177/1071181319631355.
Full textAbstract:
We studied people’s success on the detection of phishing emails after they were trained under one of three phishing frequency conditions, where the proportion of the phishing emails during training varied as: low frequency (25% phishing emails), medium frequency (50% phishing emails) and high frequency (75% phishing emails). Individual base susceptibility to phishing emails was measured in a pre-training phase in which 20% of the emails were phishing; this performance was then compared to a post-training phase in which participants aimed at detecting new rare phishing emails (20% were phishing emails). The Hit rates, False Alarm rates, sensitivities and response criterion were analyzed. Results revealed that participants receiving higher frequency of phishing emails had a higher hit rate but also higher false alarm rate at detecting phishing emails at post-training compared to participants encountering lower frequency levels during training. These results have implications for designing new training protocols for improving detection of phishing emails.
36
Wang, Jingguo, Yuan Li, and H. Raghav Rao. "Overconfidence in Phishing Email Detection." Journal of the Association for Information Systems 17, no. 11 (November 2016): 759–83. http://dx.doi.org/10.17705/1jais.00442.
Full text
37
Rizzoni, Fabio, Sabina Magalini, Alessandra Casaroli, Pasquale Mari, Matt Dixon, and Lynne Coventry. "Phishing simulation exercise in a large hospital: A case study." DIGITAL HEALTH 8 (January 2022): 205520762210817. http://dx.doi.org/10.1177/20552076221081716.
Full textAbstract:
Background Phishing is a major threat to the data and infrastructure of healthcare organizations and many cyberattacks utilize this socially engineered pathway. Phishing simulation is used to identify weaknesses and risks in the human defences of organizations. There are many factors influencing the difficulty of detecting a phishing email including fatigue and the nature of the deceptive message. Method A major Italian Hospital with over 6000 healthcare staff performed a phishing simulation as part of its annual training and risk assessment. Three campaigns were launched at approx. 4-month intervals, to compare staff reaction to a general phishing email and a customized one. Results The results show that customization of phishing emails makes them much more likely to be acted on. In the first campaign, 64% of staff did not open the general phish, significantly more than the 38% that did not open the custom phish. A significant difference was also found for the click rate, with significantly more staff clicking on the custom phish. However, the campaigns could not be run as intended, due to issues raised within the organization. Conclusions Phishing simulation is useful but not without its limitations. It requires contextual knowledge, skill and experience to ensure that it is effective. The exercise raised many issues within the Hospital. Successful, ethical phishing simulations require coordination across the organization, precise timing and lack of staff awareness. This can be complex to coordinate. Misleading messages containing false threats or promises can cause a backlash from staff and unions. The effectiveness of the message is dependent on the personalization of the message to current, local events. The lessons learned can be useful for other hospitals.
38
Lötter, André, and Lynn Futcher. "A framework to assist email users in the identification of phishing attacks." Information & Computer Security 23, no. 4 (October 12, 2015): 370–81. http://dx.doi.org/10.1108/ics-10-2014-0070.
Full textAbstract:
Purpose – The purpose of this paper is to propose a framework to address the problem that email users are not well-informed or assisted by their email clients in identifying possible phishing attacks, thereby putting their personal information at risk. This paper therefore addresses the human weakness (i.e. the user’s lack of knowledge of phishing attacks which causes them to fall victim to such attacks) as well as the software related issue of email clients not visually assisting and guiding the users through the user interface. Design/methodology/approach – A literature study was conducted in the main field of information security with a specific focus on understanding phishing attacks and a modelling technique was used to represent the proposed framework. This paper argues that the framework can be suitably implemented for email clients to raise awareness about phishing attacks. To validate the framework as a plausible mechanism, it was reviewed by a focus group within the School of Information and Communication Technology (ICT) at the Nelson Mandela Metropolitan University (NMMU). The focus group consisted of academics and research students in the field of information security. Findings – This paper argues that email clients should make use of feedback mechanisms to present security related aspects to their users, so as to make them aware of the characteristics pertaining to phishing attacks. To support this argument, it presents a framework to assist email users in the identification of phishing attacks. Research limitations/implications – Future research would yield interesting results if the proposed framework were implemented into an existing email client to determine the effect of the framework on the user’s level of awareness of phishing attacks. Furthermore, the list of characteristics could be expanded to include all phishing types (such as clone phishing, smishing, vishing and pharming). This would make the framework more dynamic in that it could then address all forms of phishing attacks. Practical implications – The proposed framework could enable email clients to provide assistance through the user interface. Visibly relaying the security level to the users of the email client, and providing short descriptions as to why a certain email is considered suspicious, could result in raising the awareness of the average email user with regard to phishing attacks. Originality/value – This research presents a framework that email clients can use to identify common forms of normal and spear phishing attacks. The proposed framework addresses the problem that the average Internet user lacks a baseline level of online security awareness. It argues that the email client is the ideal place to raise the awareness of users regarding phishing attacks.
39
Molinaro, Kylie A., and Matthew L. Bolton. "Using the Lens Model and Cognitive Continuum Theory to Understand the Effects of Cognition on Phishing Victimization." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 63, no. 1 (November 2019): 173–77. http://dx.doi.org/10.1177/1071181319631044.
Full textAbstract:
With the growing threat of phishing emails and the limited effectiveness of current mitigation approaches, there is an urgent need to better understand what leads to phishing victimization. There is a limited body of phishing research that identified cognitive automaticity as a potential factor, but more research on the relationship between user cognition and victimization is needed. Additionally, the current phishing research has not considered the characteristics of the environment in which phishing judgments are made. To fill these gaps, this work used the analysis capabilities afforded by the double system lens model (a judgment analysis technique) and the cognitive continuum theory, specifically the task continuum index and the cognitive continuum index. By calculating a task continuum index score, the cognition best suited for the email sorting task was identified. This calculation resulted in a value which indicated that more analytical cognition was most effective. The cognitive continuum index score evaluated the participants’s cognition level while making judgments. The relationships between these measures and achievement were evaluated. Results indicated that more analytical cognition was associated with lower rates of phishing victimization. This work provides a deeper insight into the phishing problem and has implications for combating phishing.
40
Sarno, Dawn M., Joanna E. Lewis, Corey J. Bohil, and Mark B. Neider. "Which Phish Is on the Hook? Phishing Vulnerability for Older Versus Younger Adults." Human Factors: The Journal of the Human Factors and Ergonomics Society 62, no. 5 (June 25, 2019): 704–17. http://dx.doi.org/10.1177/0018720819855570.
Full textAbstract:
ObjectiveTo determine if there are age-related differences in phishing vulnerability and if those differences exist under various task conditions (e.g., framing and time pressure).BackgroundPrevious research suggests that older adults may be a vulnerable population to phishing attacks. Most research exploring age differences has used limiting designs, including retrospective self-report measures and restricted email sets.MethodThe present studies explored how older and younger adults classify a diverse sample of 100 legitimate and phishing emails. In Experiment 1, participants rated the emails as either spam or not spam. Experiment 2 explored how framing would alter the results when participants rated emails as safe or not safe. In Experiment 3, participants performed the same task as Experiment 1, but were put under time pressure.ResultsNo age differences were observed in overall classification accuracy across the three experiments, rather all participants exhibited poor performance (20%–30% errors). Older adults took significantly longer to make classifications and were more liberal in classifying emails as spam or not safe. Time pressure seemed to remove this bias but did not influence overall accuracy.ConclusionOlder adults appear to be more cautious when classifying emails. However, being extra careful may come at the cost of classification speed and does not seem to improve accuracy.ApplicationAge demographics should be considered in the implementation of a cyber-training methodology. Younger adults may be less vigilant against cyber threats than initially predicted; older adults might be less prone to deception when given unlimited time to respond.
41
Harrison, Brynne, Elena Svetieva, and Arun Vishwanath. "Individual processing of phishing emails." Online Information Review 40, no. 2 (April 11, 2016): 265–81. http://dx.doi.org/10.1108/oir-04-2015-0106.
Full textAbstract:
Purpose – The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the characteristics of the e-mail message, users’ knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails. Design/methodology/approach – A field experiment was conducted where 194 subjects were exposed to a real phishing attack. The experimenters manipulated the contents of the message and measures of user traits and user processing were obtained after the phishing attack. Findings – Of the original list of targets, 47 percent divulged their private information to a bogus form page. Phishing susceptibility was predicted by a particular combination of both low attention to the e-mail elements and high elaboration of the phishing message. The presence of a threat or reward-based phishing message did not affect these processes, nor did it affect subsequent phishing susceptibility. Finally, individual factors such as knowledge and experience with e-mail increased resilience to the phishing attack. Research limitations/implications – The findings are generalizable to students who are a particularly vulnerable target of phishing attacks. Practical implications – The results presented in this study provide pragmatic recommendations for developing user-centered interventions to thwart phishing attacks. Lastly the authors suggest more effective educational efforts to protect individuals from such online fraud. Originality/value – This study provides novel insight into why phishing is successful, the human factor in susceptibility to online deception as well the role of information processing in effective decision making in this context. Based on the findings, the authors dispel common misconceptions about phishing and discuss more effective educational efforts to protect individuals from such online fraud.
42
Fatima, Rubia, Affan Yasin, Lin Liu, and Jianmin Wang. "How persuasive is a phishing email? A phishing game for phishing awareness." Journal of Computer Security 27, no. 6 (October 11, 2019): 581–612. http://dx.doi.org/10.3233/jcs-181253.
Full text
43
Bergholz, André, Jan De Beer, Sebastian Glahn, Marie-Francine Moens, Gerhard Paaß, and Siehyun Strobel. "New filtering approaches for phishing email." Journal of Computer Security 18, no. 1 (January 1, 2010): 7–35. http://dx.doi.org/10.3233/jcs-2010-0371.
Full text
44
Rohini, P., and K. Ramya. "Phishing Email Filtering Techniques A Survey." International Journal of Computer Trends and Technology 17, no. 1 (November 25, 2014): 18–21. http://dx.doi.org/10.14445/22312803/ijctt-v17p105.
Full text
45
Adewumi, Oluyinka Aderemi, and Ayobami Andronicus Akinyelu. "A hybrid firefly and support vector machine classifier for phishing email detection." Kybernetes 45, no. 6 (June 6, 2016): 977–94. http://dx.doi.org/10.1108/k-07-2014-0129.
Full textAbstract:
Purpose – Phishing is one of the major challenges faced by the world of e-commerce today. Thanks to phishing attacks, billions of dollars has been lost by many companies and individuals. The global impact of phishing attacks will continue to be on the increase and thus a more efficient phishing detection technique is required. The purpose of this paper is to investigate and report the use of a nature inspired based-machine learning (ML) approach in classification of phishing e-mails. Design/methodology/approach – ML-based techniques have been shown to be efficient in detecting phishing attacks. In this paper, firefly algorithm (FFA) was integrated with support vector machine (SVM) with the primary aim of developing an improved phishing e-mail classifier (known as FFA_SVM), capable of accurately detecting new phishing patterns as they occur. From a data set consisting of 4,000 phishing and ham e-mails, a set of features, suitable for phishing e-mail detection, was extracted and used to construct the hybrid classifier. Findings – The FFA_SVM was applied to a data set consisting of up to 4,000 phishing and ham e-mails. Simulation experiments were performed to evaluate and compared the performance of the classifier. The tests yielded a classification accuracy of 99.94 percent, false positive rate of 0.06 percent and false negative rate of 0.04 percent. Originality/value – The hybrid algorithm has not been earlier apply, as in this work, to the classification and detection of phishing e-mail, to the best of the authors’ knowledge.
46
Broadhurst, Roderic, Katie Skinner, Nicholas Sifniotis, Bryan Matamoros-Macias, and Yuguang Ipsen. "Phishing and Cybercrime Risks in a University Student Community." International Journal of Cybersecurity Intelligence and Cybercrime 2, no. 1 (February 1, 2019): 4–23. http://dx.doi.org/10.52306/02010219rzex445.
Full textAbstract:
In an exploratory quasi-experimental observational study, 138 participants recruited during a university orientation week were exposed to social engineering directives in the form of fake email or phishing attacks over several months in 2017. These email attacks attempted to elicit personal information from participants or entice them into clicking links which may have been compromised in a real-world setting. The study aimed to determine the risks of cybercrime for students by observing their responses to social engineering and exploring attitudes to cybercrime risks before and after the phishing phase. Three types of scam emails were distributed that varied in the degree of individualization: generic, tailored, and targeted or ‘spear.’ To differentiate participants on the basis of cybercrime awareness, participants in a ‘Hunter’ condition were primed throughout the study to remain vigilant to all scams, while participants in a ‘Passive’ condition received no such instruction. The study explored the influence of scam type, cybercrime awareness, gender, IT competence, and perceived Internet safety on susceptibility to email scams. Contrary to the hypotheses, none of these factors were associated with scam susceptibility. Although, tailored and individually crafted email scams were more likely to induce engagement than generic scams. Analysis of all the variables showed that international students and first year students were deceived by significantly more scams than domestic students and later year students. A Generalized Linear Model (GLM) analysis was undertaken to further explore the role of all the variables of interest and the results were consistent with the descriptive findings showing that student status (domestic compared to international) and year of study (first year student compared to students in second, third and later years of study) had a higher association to the risk of scam deception. Implications and future research directions are discussed.
47
Weaver, Bradley W., Adam M. Braly, and David M. Lane. "Training Users to Identify Phishing Emails." Journal of Educational Computing Research 59, no. 6 (February 11, 2021): 1169–83. http://dx.doi.org/10.1177/0735633121992516.
Full textAbstract:
Phishing emails pose a serious threat to individuals and organizations. Users’ ability to identify phishing emails is critical to avoid becoming victims of these attacks. The current study examined the effectiveness of a short online phishing training program designed to help users identify phishing emails. Half of the participants were in the training group and the other half worked on a control filler task. The training group’s sensitivity ( d′) at correctly classifying emails as legitimate or phishing increased by 1.14 whereas the control group’s sensitivity increased by only 0.48. This difference in d' changes was significant, t(38) = 2.05, p = .048. This improvement in performance was likely due to users learning how to check reliable cues and interpret them. Despite a sizeable improvement in detecting phishing emails, the training group correctly classified only about two-thirds of phishing emails. Accordingly, a short training program appears beneficial, but a more comprehensive training program would be needed to reduce vulnerability to an acceptable level.
48
Mishler, Scott, Cody Jeffcoat, and Jing Chen. "Effects of Anthropomorphic Phishing Detection Aids, Transparency Information, and Feedback on User Trust, Performance, and Aid Retention." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 63, no. 1 (November 2019): 183. http://dx.doi.org/10.1177/1071181319631351.
Full textAbstract:
Phishing email attacks are a prevalent threat to internet users. Users often ignore or otherwise disregard automated aids, even when the aids’ reliability is high. The current study sought to fill a gap in the literature by examining the effects of anthropomorphism, feedback, and transparency information on user trust and performance within the domain of phishing email detection. Based upon previous studies in anthropomorphic automated systems, this study incorporated three levels of anthropomorphism (AI, human, text), two levels of aid gender (male, female), transparency information (present, absent), and feedback (present, absent). The 465 participants were recruited online through Amazon Mechanical Turk (MTurk) and performed the study on Qualtrics. Phishing was explained and instructions told the participants to judge whether the following emails are legitimate or phishing in three separate blocks of five emails. The first block was without any automated aid as a baseline of participants’ performance. The second block showed participants their respective aid and had them complete five more emails with the aid. The final block allowed participants to choose if they wanted to keep the aid or classify the emails alone. Afterwards, participants were asked how much they trusted the aid to help detect phishing threats using a trust in automation scale based on Jian, Bisantz, and Drury's (2000) study. Our results revealed improved performance on the phishing detection task for participants with an aid over participants without an aid. In addition, feedback was shown to be helpful for improving judgement accuracy as well as increase trust. Transparency also improved judgement accuracy for the human aid but was less helpful for the AI aid. This study compliments past research indicating improvements in performance with automated aids (Chen et al., 2018; Röttger, Bali, & Manzey, 2009; Wiegmann, Rich, & Zhang, 2001). Performance in blocks 2 and 3 was better than block 1. A significant positive correlation between trust and performance reinforces that high trust in a highly reliable aid begets good performance. Subsequently, if participants did not retain the aid for block 3, their performance was worse than those who retained the aid. Designers of automated aid systems should prioritize users interacting with and using the aid so that performance stays high. Feedback also helped improve judgement accuracy. By allowing participants to understand the reliability of the aid, they could learn to trust it more and rely on the suggestions of the aid. Feedback information should be offered to users if possible because it helps improve trust and performance, which is the goal of any automated aid system. Human aids with transparency information helped improve performance compared to human aids without transparency information. But this effect was not found for AI aids and nearly reversed. Transparency was expected to improve trust and performance (Hoff & Bashir, 2015), but it showed no differences in trust and only improved performance for human aids. This new finding demonstrates that there could be differences in the perception of human and AI aids, although further experiments would need to be conducted to further examine these findings.
49
Burita, Ladislav, Petr Matoulek, Kamil Halouzka, and Pavel Kozak. "Analysis of phishing emails." AIMS Electronics and Electrical Engineering 5, no. 1 (2021): 93–116. http://dx.doi.org/10.3934/electreng.2021006.
Full text
50
Atlam, Hany F., and Olayonu Oluwatimilehin. "Business Email Compromise Phishing Detection Based on Machine Learning: A Systematic Literature Review." Electronics 12, no. 1 (December 22, 2022): 42. http://dx.doi.org/10.3390/electronics12010042.
Full textAbstract:
The risk of cyberattacks against businesses has risen considerably, with Business Email Compromise (BEC) schemes taking the lead as one of the most common phishing attack methods. The daily evolution of this assault mechanism’s attack methods has shown a very high level of proficiency against organisations. Since the majority of BEC emails lack a payloader, they have become challenging for organisations to identify or detect using typical spam filtering and static feature extraction techniques. Hence, an efficient and effective BEC phishing detection approach is required to provide an effective solution to various organisations to protect against such attacks. This paper provides a systematic review and examination of the state of the art of BEC phishing detection techniques to provide a detailed understanding of the topic to allow researchers to identify the main principles of BEC phishing detection, the common Machine Learning (ML) algorithms used, the features used to detect BEC phishing, and the common datasets used. Based on the selected search strategy, 38 articles (of 950 articles) were chosen for closer examination. Out of these articles, the contributions of the selected articles were discussed and summarised to highlight their contributions as well as their limitations. In addition, the features of BEC phishing used for detection were provided, as well as the ML algorithms and datasets that were used in BEC phishing detection models were discussed. In the end, open issues and future research directions of BEC phishing detection based on ML were discussed.