Who is more susceptible to phishing emails? : a Saudi Arabian study

Phishing emails cause enormous losses to both users and organisations. The goal of this study is to determine which individuals are more vulnerable to phishing emails. To gain this information an experiment has been developed which involves sending phishing email to users and collecting information about users. The detection deception model has been applied to identify users’ detection behaviour. We find that users who have less email experience and high levels of submissiveness have increased susceptibility. Among those, users who have high susceptibility levels and high openness and extraversion are more likely to carry on the harmful action embedded in phishing emails.

The impact of users' characteristics on their ability to detect phishing emails

We investigate how email users' characteristics influence their response to phishing emails. A user generally goes through three stages of behaviour upon receiving a phishing email: suspicion of the legitimacy of the email, confirmation of its legitimacy and response by either performing the action requested in the phishing email or not. Using a mixed method approach combining experiments, surveys and semi-structured interviews, we found that a user's behaviour at each stage varies with their personal characteristics such as personality traits and ability to perceive information in an email beyond its content. We found, for example, that users who are submissive, extraverted or open tend to be less suspicious of phishing emails while users who can identify cues such as inconsistent IP address, can avoid falling victim to phishing emails. Our findings enable us to draw practical implications for educating and potentially reducing the incidence of phishing emails victimisation.

Typology of phishing email victims based on their behavioural response

A victim of phishing emails could be subjected to money loss and identity theft. This paper investigates the different types of phishing email victims, with the goal of increasing such victims' defences. To obtain this kind of information, an experiment which involves sending a phishing email to participants is conducted. Quantitative and qualitative methods are also used to collect users' information. A model for detecting deception has been employed to understand victims' behaviour. This paper reports the qualitative results. The findings suggest that victims of phishing emails do not always exhibit the same vulnerability. The cause of being a victim is a result of three weaknesses in the detection process: (1) lack of knowledge; (2) weak confirmation channel, and; (3) victims' high propensity towards risk-taking. Therefore, it is suggested that users be provided with suitable confirmation channels and be more risk averse in their behaviour so that they would not fall victim to phishing emails.

Socio-technological phishing prevention

Phishing is deceptive collection of personal information leading to embezzlement, identity theft, and so on. Preventive and combative measures have been taken by banking institutions, software vendors, and network authorities to fight phishing. At the forefront of this resilience are consortiums such as APWG (Anti-Phishing Working Group) and PhishTank, the latter being a collaborative platform where everyone can submit potentially phishing web-pages and classify web-pages as either phish or genuine. PhishTank also has an API that the browsers use to notify users when she tries to load a phishing page. There are some organizations and individuals who are very active and highly accurate in classifying web-pages on PhishTank. In this paper, we propose a defense model that uses these experts to fight phishing.

Winning the phishing war : a strategy for Australia

Phishing, a form of on-line identity theft, is a major problem worldwide, accounting for more than $7.5 Billion in losses in the US alone between 2005 and 2008. Australia was the first country to be targeted by Internet bank phishing in 2003 and continues to have a significant problem in this area. The major cyber crime groups responsible for phishing are based in Eastern Europe. They operate with a large degree of freedom due to the inherent difficulties in cross border law enforcement and the current situation in Eastern Europe, particularly in Russia and the Ukraine. They employ highly sophisticated and efficient technical tools to compromise victims and subvert bank authentication systems. However because it is difficult for them to repatriate the fraudulently obtained funds directly they employ Internet money mules in Australia to transfer the money via Western Union or Money gram. It is proposed a strategy, which firstly places more focus by Australian law enforcement upon transactions via Western Union and Money gram to detect this money laundering, would significantly impact the success of the Phishing attack model. This combined with a technical monitoring of Trojan technology and education of potential Internet money mules to avoid being duped would provide a winning strategy for the war on phishing for Australia.

Reflections of professional practice: using electronic discourse analysis networks (EDANs) to examine embedded business emails

Emails have become a central genre in business communication, reflecting both how people communicate and how they go about their professional practices. This chapter examines embedded business emails as reflections of the professional practices of the regulatory and policy department of a multinational based in London, UK. It argues that the nature of online communication in international organisations, with its high levels of intertextuality and interdiscursivity, requires multidimensional analytical approaches that are capable of capturing its complexity and dynamics. To this end, the chapter introduces electronic discourse analysis networks (EDANs) as one example of such approaches. It begins with a brief review of the literature that has informed the study reported on here before it discusses EDANs as its analytical framework. Using a group of embedded emails and a number of networked data sets, the chapter shows how EDANs can be used to further our understanding of professional online communication.

Sending and receiving emails

For students - to improve email management

Using the Euclidean Distance as a Mechanism Distance between Signatures to the Detect Spam and Phishing Scams

Spams and Phishing Scams are some of the abuse forms on the Internet that have grown up now. These abuses influence in user's routine of electronic mail and in the infrastructure of Internet communication. So, this paper proposes a new model messages filter based in Euclidian distance, beyond show the containment's methodologies currently more used. A new model messages filter, based in frequency's distribution of character present in your content and in signature generation is described. An architecture to combat Phishing Scam and spam is proposed in order to contribute to the containment of attempted fraud by mail.

Cryptolocker, trick or threat: phishing e malware alla ricerca dell'anello debole

Il Cryptolocker è un malware diffuso su scala globale appartenente alla categoria ransomware. La mia analisi consiste nel ripercorrere le origini dei software maligni alla ricerca di rappresentanti del genere con caratteristiche simili al virus che senza tregua persevera a partire dal 2013: il Cryptolocker. Per imparare di più sul comportamento di questa minaccia vengono esposte delle analisi del malware, quella statica e quella dinamica, eseguite sul Cryptolocker (2013), CryptoWall (2014) e TeslaCrypt (2015). In breve viene descritta la parte operativa per la concezione e la configurazione di un laboratorio virtuale per la successiva raccolta di tracce lasciate dal malware sul sistema e in rete. In seguito all’analisi pratica e alla concentrazione sui punti deboli di queste minacce, oltre che sugli aspetti tecnici alla base del funzionamento dei crypto, vengono presi in considerazione gli aspetti sociali e psicologici che caratterizzano un complesso background da cui il virus prolifica. Vengono confrontate fonti autorevoli e testimonianze per chiarire i dubbi rimasti dopo i test. Saranno questi ultimi a confermare la veridicità dei dati emersi dai miei esperimenti, ma anche a formare un quadro più completo sottolineando quanto la morfologia del malware sia in simbiosi con la tipologia di utente che va a colpire. Capito il funzionamento generale del crypto sono proprio le sue funzionalità e le sue particolarità a permettermi di stilare, anche con l’aiuto di fonti esterne al mio operato, una lista esauriente di mezzi e comportamenti difensivi per contrastarlo ed attenuare il rischio d’infezione. Vengono citati anche le possibili procedure di recupero per i dati compromessi, per i casi “fortunati”, in quanto il recupero non è sempre materialmente possibile. La mia relazione si conclude con una considerazione da parte mia inaspettata: il potenziale dei crypto, in tutte le loro forme, risiede per la maggior parte nel social engineering, senza il quale (se non per certe categorie del ransomware) l’infezione avrebbe percentuali di fallimento decisamente più elevate.

A corpus-based investigation of junk emails

Almost everyone who has an email account receives from time to time unwanted emails. These emails can be jokes from friends or commercial product offers from unknown people. In this paper we focus on these unwanted messages which try to promote a product or service, or to offer some “hot” business opportunities. These messages are called junk emails. Several methods to filter junk emails were proposed, but none considers the linguistic characteristics of junk emails. In this paper, we investigate the linguistic features of a corpus of junk emails, and try to decide if they constitute a distinct genre. Our corpus of junk emails was build from the messages received by the authors over a period of time. Initially, the corpus consisted of 1563, but after eliminating the duplications automatically we kept only 673 files, totalising just over 373,000 tokens. In order to decide if the junk emails constitute a different genre, a comparison with a corpus of leaflets extracted from BNC and with the whole BNC corpus is carried out. Several characteristics at the lexical and grammatical levels were identified.

Spam campaign detection, analysis, and formalization

Les courriels Spams (courriels indésirables ou pourriels) imposent des coûts annuels extrêmement lourds en termes de temps, d’espace de stockage et d’argent aux utilisateurs privés et aux entreprises. Afin de lutter efficacement contre le problème des spams, il ne suffit pas d’arrêter les messages de spam qui sont livrés à la boîte de réception de l’utilisateur. Il est obligatoire, soit d’essayer de trouver et de persécuter les spammeurs qui, généralement, se cachent derrière des réseaux complexes de dispositifs infectés, ou d’analyser le comportement des spammeurs afin de trouver des stratégies de défense appropriées. Cependant, une telle tâche est difficile en raison des techniques de camouflage, ce qui nécessite une analyse manuelle des spams corrélés pour trouver les spammeurs. Pour faciliter une telle analyse, qui doit être effectuée sur de grandes quantités des courriels non classés, nous proposons une méthodologie de regroupement catégorique, nommé CCTree, permettant de diviser un grand volume de spams en des campagnes, et ce, en se basant sur leur similarité structurale. Nous montrons l’efficacité et l’efficience de notre algorithme de clustering proposé par plusieurs expériences. Ensuite, une approche d’auto-apprentissage est proposée pour étiqueter les campagnes de spam en se basant sur le but des spammeur, par exemple, phishing. Les campagnes de spam marquées sont utilisées afin de former un classificateur, qui peut être appliqué dans la classification des nouveaux courriels de spam. En outre, les campagnes marquées, avec un ensemble de quatre autres critères de classement, sont ordonnées selon les priorités des enquêteurs. Finalement, une structure basée sur le semiring est proposée pour la représentation abstraite de CCTree. Le schéma abstrait de CCTree, nommé CCTree terme, est appliqué pour formaliser la parallélisation du CCTree. Grâce à un certain nombre d’analyses mathématiques et de résultats expérimentaux, nous montrons l’efficience et l’efficacité du cadre proposé.