Article

Behind phishing: an examination of phisher modi operandi

Authors:

D. Kevin McGrath,

Minaxi GuptaAuthors Info & Claims

LEET'08: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats

Article No.: 4, Pages 1 - 8

Published: 15 April 2008 Publication History

Abstract

Phishing costs Internet users billions of dollars a year. Using various data sets collected in real-time, this paper analyzes various aspects of phisher modi operandi. We examine the anatomy of phishing URLs and domains, registration of phishing domains and time to activation, and the machines used to host the phishing sites. Our findings can be used as heuristics in filtering phishing-related emails and in identifying suspicious domain registrations.

References

[1]

Greg Aaron, Dmitri Alperovitch, and Laura Mather. The relationship of phishing and domain tasting. White Paper, September 2007.

[2]

David S. Anderson, Chris Fleizach, Stefan Savage, and Geoffrey M. Voelker. Spamscatter: Characterizing internet scam hosting infrastructure. In USENIX Security, 2007.

Digital Library

[3]

APWG. Anti-phishing working group. Electronic, 2008.

[4]

Lorrie Cranor, Serge Egelman, Jason Hong, and Yue Zhang. Phinding phish: An evaluation of antiphishing toolbars. In Network & Distributed System Security (NDSS) Symposium, 2007.

[5]

Rachna Dhamija, J. D. Tygar, and Marti Hearst. Why phishing works. In ACM Computer/Human Interaction Conference (CHI), 2006.

Digital Library

[6]

Ian Fette, Norman Sadeh, and Anthony Tomasic. Learning to detect phishing emails. In ACM International conference on World Wide Web (WWW), 2007.

Digital Library

[7]

Mozilla Foundation. Public suffix list. http://publicsuffix.org/list/, 2008.

[8]

Sujata Garera, Niels Provos, Monica Chew, and Aviel D. Rubin. A framework for detection and measurement of phishing attacks. In ACM Workshop on Recurring Malcode (WORM), 2007.

Digital Library

[9]

Gilby Productions. TinyURL. http://tinyurl.com/.

[10]

Alex Goldman. Top 23 U.S. ISPs by subscriber: Q3 2007. http://www.ispplanet.com/research/rankings/usa.html, 2007.

[11]

G. Goth. Phishing attacks rising, but dollar losses down. IEEE Security & Privacy, 3(1):8-, Jan.-Feb. 2005.

Digital Library

[12]

Hexasoft Development Sdn. Bhd. IP2Location geolocation service. http://www.ip2location.com/, February 2008.

[13]

ICANN Security and Stability Advisory Committee. SAC advisory on fast flux hosting and DNS. http://www.icann.org/committees/security/sac025.pdf, January 2008.

[14]

Christian Ludl, Sean McAllister, Engin Kirda, and Christopher Kruegel. On the effectiveness of techniques to detect phishing sites. In DIMVA, 2007.

Digital Library

[15]

MarkMonitor, Inc. http://www.markmonitor.com, 2008.

[16]

Tom McCall. Gartner survey shows phishing attacks escalated in 2007. http://www.gartner.com/it/page.jsp?id=565125, December 2007.

[17]

Tyler Moore and Richard Clayton. An Empirical Analysis of the Current State of Phishing Attack and Defence. In Workshop on the Economics of Information Security, 2007.

[18]

Netscape. Open directory project. http://www.dmoz.org.

[19]

Palin Ningthoujam. Url toolbox: 90+ url shortening services. http://mashable.com/2008/01/08/urlshortening-services/.

[20]

OpenDNS. PhishTank. http://www.phishtank.com/, 2008.

[21]

Anirudh Ramachandran and Nick Feamster. Understanding the network-level behavior of spammers. In ACM SIGCOMM, 2006.

Digital Library

[22]

Anirudh Ramachandran, Nick Feamster, and Santosh Vempala. Filtering spam with behavioral blacklisting. In ACM Conference on Computer and Communications Security (CCS), 2007.

Digital Library

[23]

Zulfikar Ramzan and Candid Wüest. Phishing attacks: Analyzing trends in 2006. In Conference on Email and Anti-Spam (CEAS), 2007.

[24]

RSA Security. Phishing special report: What we can expect for 2007. White Paper, 2006.

[25]

Craig Shue, Andrew Kalafut, and Minaxi Gupta. The Web is Smaller than it Seems. ACM SIGCOMM Internet Measurement Conference (IMC), 2007.

Digital Library

[26]

VeriSign. The domain name industry brief. http://www.verisign.com/static/043194.pdf.

[27]

Mark W. Is Google bringing an end to domain tasting? http://www.workboxers.com/2008/01/25/isgoogle-bringing-an-end-to-domain-tasting/.

[28]

Liu Wenyin, Guanglin Huang, Liu Xiaoyue, Zhang Min, and Xiaotie Deng. Detection of phishing web-pages based on visual similarity. In Special interest tracks and posters of the ACM International Conference on World Wide Web (WWW), New York, NY, USA, 2005.

Digital Library

[29]

Y. Zhang, J. Hong, and L. Cranor. Cantina: A content-based approach to detecting phishing web sites. In ACM International Conference on World Wide Web (WWW), 2007.

Digital Library

Cited By

Huang CHao SInvernizzi LLiu JFang YKruegel CVigna GKarri RSinanoglu OSadeghi AYi X(2017)GossipProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security10.1145/3052973.3053017(494-505)Online publication date: 2-Apr-2017
https://dl.acm.org/doi/10.1145/3052973.3053017
Aleroud AZhou L(2017)Phishing environments, techniques, and countermeasuresComputers and Security10.1016/j.cose.2017.04.00668:C(160-196)Online publication date: 1-Jul-2017
https://dl.acm.org/doi/10.1016/j.cose.2017.04.006
Han XKheir NBalzarotti DWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)PhishEyeProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978330(1402-1413)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978330
Show More Cited By

Index Terms

Behind phishing: an examination of phisher modi operandi

Recommendations

How Experts Detect Phishing Scam Emails
CSCW

Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduce the number of phishing emails ...
A Sender-Centric Approach to Detecting Phishing Emails
CYBERSECURITY '12: Proceedings of the 2012 International Conference on Cyber Security

Email-based online phishing is a critical security threat on the Internet. Although phishers have great flexibility in manipulating both the content and structure of phishing emails, phishers have much less flexibility in completely concealing the ...
Phishing and Penetrating Attacks Volume 1 Anti Phishing Training CyberE-security: Cyber E-security Level 101 Make yourself safe on the internet

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

LEET'08: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats

April 2008

96 pages

Editor:
Fabian Monrose
Johns Hopkins University

Publisher

USENIX Association

United States

Publication History

Published: 15 April 2008

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

24
Total Citations
View Citations
2
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Huang CHao SInvernizzi LLiu JFang YKruegel CVigna GKarri RSinanoglu OSadeghi AYi X(2017)GossipProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security10.1145/3052973.3053017(494-505)Online publication date: 2-Apr-2017
https://dl.acm.org/doi/10.1145/3052973.3053017
Aleroud AZhou L(2017)Phishing environments, techniques, and countermeasuresComputers and Security10.1016/j.cose.2017.04.00668:C(160-196)Online publication date: 1-Jul-2017
https://dl.acm.org/doi/10.1016/j.cose.2017.04.006
Han XKheir NBalzarotti DWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)PhishEyeProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978330(1402-1413)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978330
Bulakh VGupta MVerma RRusinowitch MVerma R(2016)Countering Phishing from Brands' Vantage PointProceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics10.1145/2875475.2875478(17-24)Online publication date: 11-Mar-2016
https://dl.acm.org/doi/10.1145/2875475.2875478
Sun JChen A(2016)Effects of integrating dynamic concept maps with Interactive Response System on elementary school students' motivation and learning outcomeComputers & Education10.1016/j.compedu.2016.08.002102:C(117-127)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1016/j.compedu.2016.08.002
Liu SFoster ISavage SVoelker GSaul LCho KFukuda KPai VSpring N(2015)Who is .com?Proceedings of the 2015 Internet Measurement Conference10.1145/2815675.2815693(369-380)Online publication date: 28-Oct-2015
https://dl.acm.org/doi/10.1145/2815675.2815693
Verma RDyer KPark JSquicciarini A(2015)On the Character of Phishing URLsProceedings of the 5th ACM Conference on Data and Application Security and Privacy10.1145/2699026.2699115(111-122)Online publication date: 2-Mar-2015
https://dl.acm.org/doi/10.1145/2699026.2699115
Huang DXu KPei J(2014)Malicious URL detection by dynamically mining patterns without pre-defined elementsWorld Wide Web10.1007/s11280-013-0250-417:6(1375-1394)Online publication date: 1-Nov-2014
https://dl.acm.org/doi/10.1007/s11280-013-0250-4
Maggi FFrossi AZanero SStringhini GStone-Gross BKruegel CVigna GSchwabe DAlmeida VGlaser HBaeza-Yates RMoon S(2013)Two years of short URLs internet measurementProceedings of the 22nd international conference on World Wide Web10.1145/2488388.2488463(861-872)Online publication date: 13-May-2013
https://dl.acm.org/doi/10.1145/2488388.2488463
Yadav SReddy AReddy ARanjan S(2012)Detecting algorithmically generated domain-flux attacks with DNS traffic analysisIEEE/ACM Transactions on Networking10.5555/2428696.242872220:5(1663-1677)Online publication date: 1-Oct-2012
https://dl.acm.org/doi/10.5555/2428696.2428722
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents