detecting deceptive patterns in phishing emails - … · detecting deceptive patterns in phishing...
TRANSCRIPT
Detecting Deceptive Patterns in Phishing Emails Matthew Barba-Rodriguez
Advisers: Lauren M. Stuart, Drs. Julia M. Taylor and Victor Raskin Problem Statement
Identify cues for/patterns of deception within phishing emails to help users detect deceptive requests
This material is based upon work supported by the National Science Foundation under grant #1062970. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
Threatening
Account Irregularities
Assurance
Spelling Errors
Phishing
Valid
Motivation • Email users become more
aware of phishing emails • Prevents private data from
being accessed by unauthorized users
• Saves individuals and corporations a lot of money
During the 1st quarter of 2014 the Anti-Phishing Work Group reported an increase of 6,941 unique phishing email reports from January to March.
What Has Been Done?
Lexical Analysis
Part-of-Speech Tagging
Named Entity Recognition
Normalization of Words to Lower Case
Stemming
Stop Word Removal
TF-IDF
Header Analysis
Text Analysis
IP-Based URLs
Age of Linked-to Domain
HTML Email
Number of Links
Number of Dots
Redirecting Site
January February March Number of unique phishing websites detected
42,828 38,175 44,212
Number of unique phishing e-mail (campaigns) received by APWG from consumers
53,984 56,883 60,925
Number of brands targeted by phishing campaigns
384 355 362
Country hosting the most phishing websites
USA USA USA
PhishNet-NLP PLIFER Tools
Start
Assurance “We have the best security systems”
Unable to Process
Information “Error in your
billing information”
False Information “We have your
credit card info.”
No Reason Given
Threatening “Account
Suspension”
Assurance End
Repetition of Statements
Irregularities in Account
“1 or more attempts to login”
Dear valued PayPalï ¿ 1\/2 member : PayPalï ¿ 1\/2 is committed to maintaining a safe environment for its community of buyers and sellers . To protect the security of your account , PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity . Recently , our Account Review Team identified some unusual activity in your account . In accordance with PayPal 's User Agreement and to ensure that your account has not been compromised , access to your account was limited . Your account access will remain limited until this issue has been resolved . This is a fraud prevention measure meant to ensure that your account is not compromised . In order to secure your account and quickly restore full access , we may require some specific information from you for the following reason : We would like to ensure that your account was not accessed by an unauthorized third party . Because protecting the security of your account is our primary concern , we have limited access to sensitive PayPal account features .
Pattern Organization
Anti Phishing 1st Quarter Report for 2014
Part of Sample of a Phishing Email