week 7.3 semantic attacks - spear phishing
TRANSCRIPT
![Page 1: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/1.jpg)
PrivacyandSecurityinOnlineSocialMedia
CourseonNPTELNOC-CS07Week7.3
PonnurangamKumaraguru(“PK”)AssociateProfessor
ACMDistinguishedSpeakerfb/ponnurangam.kumaraguru,@ponguru
![Page 2: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/2.jpg)
SemanticAttacks
� “Targetthewaywe,ashumans,assignmeaningtocontent.”
� Systemandmentalmodel
http://groups.csail.mit.edu/uid/projects/phishing/proposal.pdf
![Page 3: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/3.jpg)
Security attacks
Physical Semantic Syntactic
Phishing Mules Nigerian
Verification Security alertUpdate info
PaypalAmazon eBay BOA
Mortgage
Semanticattacks
![Page 4: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/4.jpg)
Subject: eBay: Urgent Notification From Billing Department
Features in the email
![Page 5: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/5.jpg)
Features in the email
We regret to inform you that you eBay account could be suspended if you don’t update your account information.
![Page 6: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/6.jpg)
https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&sid=verify&co_partnerid=2&sidteid=0
Features in the email
![Page 7: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/7.jpg)
Website to collect information
http://www.kusi.org/hcr/eBay/ws23/eBayISAPI.htm
![Page 8: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/8.jpg)
Phishing Cost
36
![Page 9: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/9.jpg)
Types of Phishing Attacks
⚫Phishing
⚫Context-aware phishing / spear phishing
⚫Whaling
⚫Vishing
⚫Smsishing
⚫Social Phishing?
37
![Page 10: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/10.jpg)
Until now, work that we have seen?
⚫Using voters database
⚫Using Medical health database
⚫Using Pictures from FB
38
![Page 11: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/11.jpg)
Goal
⚫To see how phishing attacks can be performed by collecting personal information from social networks -How easily or effectively can phisher use this
information?
39
![Page 12: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/12.jpg)
40
![Page 13: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/13.jpg)
Methodology
⚫Collected publicly available personal information using simple tools like Perl LWP library
⚫Correlated this data with IU’s address book database
⚫Launched in April 2005
⚫Age between 18 – 24
41
![Page 14: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/14.jpg)
42
![Page 15: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/15.jpg)
Control Vs. Experiment
⚫Control: The email from IU email ID, but, from an unknown person
⚫Experiment: From a friend in IU
43
![Page 16: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/16.jpg)
Methodology
⚫ Blogging, social network, and other public data is harvested
⚫ Data is correlated and stored in a relational database
⚫ Heuristics are used to craft spoofed email message by Eve “as Alice” to Bob (a friend)
⚫Message is sent to Bob
⚫ Bob follows the link contained within the email message and is sent to an unchecked redirect
⚫ Bob is sent to attacker whuffo.com site
⚫ Bob is prompted for his University credentials
⚫ Bob’s credentials are verified with the University authenticator
⚫ a. Bob is successfully phishedb. Bob is not phished in this session; he could try again.
44
![Page 17: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/17.jpg)
Victims
⚫Control group high – sender email ID was IU
⚫Experimental condition consistent with other studies
45
![Page 18: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/18.jpg)
Success rate
46
⚫70% authentications in first 12 hrs
⚫Takedown has to be successful
![Page 19: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/19.jpg)
Repeated authentications
47
⚫ Subject tried multiple times
⚫ Tried again because “overload” message was shown
⚫ Lower bound of users to fall, continued to be deceived
⚫ Some tried 80 times
![Page 20: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/20.jpg)
Gender
48
⚫18,294 Ms and 19,527 Fs
⚫Overall F more victims
⚫More successful if it came from opposite gender
⚫F to M (13%) was more effect than M to F (2%)
![Page 21: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/21.jpg)
49
⚫Younger targets more vulnerable
![Page 22: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/22.jpg)
50
⚫All majors significant difference between control and experimental
⚫Max difference in Science
⚫Technology lowest #satisfying ☺
![Page 23: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/23.jpg)
Reactions
⚫Anger -Unethical, inappropriate, illegal, fraudulent -Researchers fired -Psychological cost
⚫Denial -Nobody accepted that they fell for it -Admitting our vulnerability is hard
⚫Misunderstanding over spoofing emails ⚫Underestimation of publicly available
information
51
![Page 24: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/24.jpg)
Conclusions
⚫Extensive educational campaigns
⚫Browser solutions
⚫Digitally signed emails
⚫OSM provides lot more information for making the attack successful
52
![Page 25: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/25.jpg)
References
⚫http://markus-jakobsson.com/papers/jakobsson-commacm07.pdf
54
![Page 26: Week 7.3 Semantic Attacks - Spear Phishing](https://reader030.vdocuments.net/reader030/viewer/2022020214/58abbefe1a28ab04618b64f1/html5/thumbnails/26.jpg)
References
⚫http://www.mpi-sws.org/~farshad/TwitterLinkfarming.pdf
⚫www.isical.ac.in/~acmsc/TMW2014/N_ganguly.ppt
55