Detecting Deceptive Patterns in Phishing Emails · PDF file 2014. 7. 31. ·...

Click here to load reader

  • date post

    05-Feb-2021
  • Category

    Documents

  • view

    0
  • download

    0

Embed Size (px)

Transcript of Detecting Deceptive Patterns in Phishing Emails · PDF file 2014. 7. 31. ·...

  • Detecting Deceptive Patterns in Phishing Emails Matthew Barba-Rodriguez

    Advisers: Lauren M. Stuart, Drs. Julia M. Taylor and Victor Raskin Problem Statement

    Identify cues for/patterns of deception within phishing emails to help users detect deceptive requests

    This material is based upon work supported by the National Science Foundation under grant #1062970. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

    Threatening

    Account Irregularities

    Assurance

    Spelling Errors

    Phishing

    Valid

    Motivation • Email users become more

    aware of phishing emails • Prevents private data from

    being accessed by unauthorized users

    • Saves individuals and corporations a lot of money

    During the 1st quarter of 2014 the Anti-Phishing Work Group reported an increase of 6,941 unique phishing email reports from January to March.

    What Has Been Done?

    Lexical Analysis

    Part-of-Speech Tagging

    Named Entity Recognition

    Normalization of Words to Lower Case

    Stemming

    Stop Word Removal

    TF-IDF

    Header Analysis

    Text Analysis

    IP-Based URLs

    Age of Linked-to Domain

    HTML Email

    Number of Links

    Number of Dots

    Redirecting Site

    January February March Number of unique phishing websites detected

    42,828 38,175 44,212

    Number of unique phishing e- mail (campaigns) received by APWG from consumers

    53,984 56,883 60,925

    Number of brands targeted by phishing campaigns

    384 355 362

    Country hosting the most phishing websites

    USA USA USA

    PhishNet-NLP PLIFER Tools

    Start

    Assurance “We have the best security systems”

    Unable to Process

    Information “Error in your

    billing information”

    False Information “We have your

    credit card info.”

    No Reason Given

    Threatening “Account

    Suspension”

    Assurance End

    Repetition of Statements

    Irregularities in Account

    “1 or more attempts to login”

    Dear valued PayPalï ¿ 1\/2 member : PayPalï ¿ 1\/2 is committed to maintaining a safe environment for its community of buyers and sellers . To protect the security of your account , PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity . Recently , our Account Review Team identified some unusual activity in your account . In accordance with PayPal 's User Agreement and to ensure that your account has not been compromised , access to your account was limited . Your account access will remain limited until this issue has been resolved . This is a fraud prevention measure meant to ensure that your account is not compromised . In order to secure your account and quickly restore full access , we may require some specific information from you for the following reason : We would like to ensure that your account was not accessed by an unauthorized third party . Because protecting the security of your account is our primary concern , we have limited access to sensitive PayPal account features .

    Pattern Organization

    Anti Phishing 1st Quarter Report for 2014

    Part of Sample of a Phishing Email

    Slide Number 1