Detecting Deceptive Patterns in Phishing Emails · PDF file 2014. 7. 31. ·...
Embed Size (px)
Transcript of Detecting Deceptive Patterns in Phishing Emails · PDF file 2014. 7. 31. ·...
Detecting Deceptive Patterns in Phishing Emails Matthew Barba-Rodriguez
Advisers: Lauren M. Stuart, Drs. Julia M. Taylor and Victor Raskin Problem Statement
Identify cues for/patterns of deception within phishing emails to help users detect deceptive requests
This material is based upon work supported by the National Science Foundation under grant #1062970. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
Motivation • Email users become more
aware of phishing emails • Prevents private data from
being accessed by unauthorized users
• Saves individuals and corporations a lot of money
During the 1st quarter of 2014 the Anti-Phishing Work Group reported an increase of 6,941 unique phishing email reports from January to March.
What Has Been Done?
Named Entity Recognition
Normalization of Words to Lower Case
Stop Word Removal
Age of Linked-to Domain
Number of Links
Number of Dots
January February March Number of unique phishing websites detected
42,828 38,175 44,212
Number of unique phishing e- mail (campaigns) received by APWG from consumers
53,984 56,883 60,925
Number of brands targeted by phishing campaigns
384 355 362
Country hosting the most phishing websites
USA USA USA
PhishNet-NLP PLIFER Tools
Assurance “We have the best security systems”
Unable to Process
Information “Error in your
False Information “We have your
credit card info.”
No Reason Given
Repetition of Statements
Irregularities in Account
“1 or more attempts to login”
Dear valued PayPalï ¿ 1\/2 member : PayPalï ¿ 1\/2 is committed to maintaining a safe environment for its community of buyers and sellers . To protect the security of your account , PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity . Recently , our Account Review Team identified some unusual activity in your account . In accordance with PayPal 's User Agreement and to ensure that your account has not been compromised , access to your account was limited . Your account access will remain limited until this issue has been resolved . This is a fraud prevention measure meant to ensure that your account is not compromised . In order to secure your account and quickly restore full access , we may require some specific information from you for the following reason : We would like to ensure that your account was not accessed by an unauthorized third party . Because protecting the security of your account is our primary concern , we have limited access to sensitive PayPal account features .
Anti Phishing 1st Quarter Report for 2014
Part of Sample of a Phishing Email
Slide Number 1