Detecting Deceptive Patterns in Phishing Emails - · PDF fileDetecting Deceptive Patterns in...

Click here to load reader

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of Detecting Deceptive Patterns in Phishing Emails - · PDF fileDetecting Deceptive Patterns in...

  • Detecting Deceptive Patterns in Phishing Emails Matthew Barba-Rodriguez

    Advisers: Lauren M. Stuart, Drs. Julia M. Taylor and Victor Raskin Problem Statement

    Identify cues for/patterns of deception within phishing emails to help users detect deceptive requests

    This material is based upon work supported by the National Science Foundation under grant #1062970. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.


    Account Irregularities


    Spelling Errors



    Motivation Email users become more

    aware of phishing emails Prevents private data from

    being accessed by unauthorized users

    Saves individuals and corporations a lot of money

    During the 1st quarter of 2014 the Anti-Phishing Work Group reported an increase of 6,941 unique phishing email reports from January to March.

    What Has Been Done?

    Lexical Analysis

    Part-of-Speech Tagging

    Named Entity Recognition

    Normalization of Words to Lower Case


    Stop Word Removal


    Header Analysis

    Text Analysis

    IP-Based URLs

    Age of Linked-to Domain

    HTML Email

    Number of Links

    Number of Dots

    Redirecting Site

    January February March Number of unique phishing websites detected

    42,828 38,175 44,212

    Number of unique phishing e-mail (campaigns) received by APWG from consumers

    53,984 56,883 60,925

    Number of brands targeted by phishing campaigns

    384 355 362

    Country hosting the most phishing websites


    PhishNet-NLP PLIFER Tools


    Assurance We have the best security systems

    Unable to Process

    Information Error in your

    billing information

    False Information We have your

    credit card info.

    No Reason Given

    Threatening Account


    Assurance End

    Repetition of Statements

    Irregularities in Account

    1 or more attempts to login

    Dear valued PayPal 1\/2 member : PayPal 1\/2 is committed to maintaining a safe environment for its community of buyers and sellers . To protect the security of your account , PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity . Recently , our Account Review Team identified some unusual activity in your account . In accordance with PayPal 's User Agreement and to ensure that your account has not been compromised , access to your account was limited . Your account access will remain limited until this issue has been resolved . This is a fraud prevention measure meant to ensure that your account is not compromised . In order to secure your account and quickly restore full access , we may require some specific information from you for the following reason : We would like to ensure that your account was not accessed by an unauthorized third party . Because protecting the security of your account is our primary concern , we have limited access to sensitive PayPal account features .

    Pattern Organization

    Anti Phishing 1st Quarter Report for 2014

    Part of Sample of a Phishing Email

    Slide Number 1