short-paper

A Design of an Anti-Phishing Training System Collaborated with Multiple Organizations

Author:

Masayuki HigashinoAuthors Info & Claims

iiWAS2019: Proceedings of the 21st International Conference on Information Integration and Web-based Applications & Services

December 2019

Pages 589 - 592

https://doi.org/10.1145/3366030.3366086

Published: 22 February 2020 Publication History

Abstract

Phishing is a dangerous threat to organizations. A sender of a phishing email pretends to be a trusted person to steal valuable information, including personal identity data and credentials. If a targeted organization is sent a large number of attack emails, many members will be stolen valuable information. As a result, there are cases where the damage spreads by attack techniques in which targeted attack emails are sent in chaining from the account to other organizations. It is difficult to defend from such an attack by a single organization alone. In this paper, we design a system that can share information about phishing attack emails quickly and perform an anti-phishing training between multiple organizations. This system semi-automatically detoxifies and anonymizes attack emails received by an organization and shares it with multiple organizations. Each organization becomes possible to perform semiautomatic and continuous anti-phishing training using current attacking information.

References

[1]

Ivan Akimov. 2018. Hashids - generate short unique ids from integers. Retrieved October 18, 2019 from https://hashids.org/

[2]

Melad Mohamed Al-Daeef, Nurlida Basir, and Madihah Mohd Saudi. 2017. Security Awareness Training: A Review. In Lecture Notes in Engineering and Computer Science: Proceedings of The World Congress on Engineering 2017. International Association of Engineers (IAENG), Newswood Limited, 446--451.

[3]

Ahmed Aleroud and Lina Zhou. 2017. Phishing environments, techniques, and countermeasures: A survey. Computers & Security 68 (2017), 160--196. https://doi.org/10.1016/j.cose.2017.04.006

Digital Library

[4]

Anti-Phishing Working Group (APWG), Inc. 2018. Phishing Activity Trends Report 2nd Quarter 2018. Technical Report. Anti-Phishing Working Group (APWG), Inc.

[5]

Cofense, Inc. 2016. Enterprise Phishing Susceptibility and Resiliency Report. Technical Report. Cofense, Inc.

[6]

Cofense, Inc. 2017. Enterprise Phishing Resiliency and Defense Report. Technical Report. Cofense, Inc.

[7]

Adam Compton. 2019. SPF (SpeedPhish Framework). Retrieved October 18, 2019 from https://github.com/tatanus/spf

[8]

C. Dambra, A. Gralewski, E. Frumento, R. Puricelli, F. Valentini, A. Mamelli, M. Russo, N. Weiss, B. Pacheco, O. Segou, J. Beaume, and F. Custodio. 2016. Report on existing tools, their evaluation and the gap to be filled by DOGANA development. In Advanced Social Engineering and Vulnerability Assessment Framework. DOGANA Project.

[9]

Pentest Geek.2019. Phishing Frenzy: Ruby on Rails Phishing Framework. Retrieved October 18, 2019 from https://github.com/pentestgeek/phishing-frenzy

[10]

B. B. Gupta, Aakanksha Tewari, Ankit Kumar Jain, and Dharma P. Agrawal. 2017. Fighting against phishing attacks: state of the art and future challenges. Neural Computing and Applications 28, 12 (2017), 3629--3654. https://doi.org/10.1007/s00521-016-2275-y

Digital Library

[11]

David Heinemeier Hansson. 2018. Ruby on Rails / A web-application framework that includes everything needed to create database-backed web applications according to the Model-View-Controller (MVC) pattern. Retrieved October 18, 2019 from https://rubyonrails.org/

[12]

David Kennedy. 2019. The Social-Engineer Toolkit (SET). Retrieved October 18, 2019 from https://github.com/trustedsec/social-engineer-toolkit

[13]

KnowBe4, Inc. 2018. 2018 Phishing By Industry Benchmarking Report. Technical Report. KnowBe4, Inc.

[14]

Ponnurangam Kumaraguru, Justin Cranshaw, Alessandro Acquisti, Lorrie Cranor, Jason Hong, Mary Ann Blair, and Theodore Pham. 2009. School of Phish: A Real-world Evaluation of Anti-phishing Training. In Proceedings of the 5th Symposium on Usable Privacy and Security. 3:1-3:12. https://doi.org/10.1145/1572532.1572536

Digital Library

[15]

Andreas Pfitzmann and Marit Hansen. 2010. A Terminology for Talking about Privacy by Data Minimization: Anonymity, Unlinkability, Undetectability, Un-observability, Pseudonymity, and Identity Management. http://dud.inf.tu-dresden.de/Anon_Terminology.shtml

[16]

The Ruby Community. 2018. Ruby Programming Language. Retrieved October 18, 2019 from https://www.ruby-lang.org/

[17]

Trend Labs APT Research Team. 2012. Trend Micro Incorporated Research Paper 2012 Spear-Phishing Email: Most Favored APT Attack Bait. Technical Report. Trend Micro, Incorporated.

[18]

Rick Wash and Molly M. Cooper. 2018. Who Provides Phishing Training?: Facts, Stories, and People Like Me. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. 492:1-492:12. https://doi.org/10.1145/3173574.3174066

[19]

Zikai Alex Wen, Zhiqiu Lin, Rowena Chen, and Erik Andersen. 2019. What. Hack: Engaging Anti-Phishing Training Through a Role-playing Phishing Simulation Game. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. 108:1-108:12. https://doi.org/10.1145/3290605.3300338

Digital Library

[20]

Jordan Wright. 2019. Gophish - Open-Source Phishing Framework. Retrieved October 18, 2019 from https://github.com/gophish

Cited By

Thomopoulos GLyras DFidas C(2024)A systematic review and research challenges on phishing cyberattacks from an electroencephalography and gaze-based perspectivePersonal and Ubiquitous Computing10.1007/s00779-024-01794-9Online publication date: 19-Mar-2024
https://doi.org/10.1007/s00779-024-01794-9
Tally AAbbott JBochner ADas SNippert-Eng C(2023)What Mid-Career Professionals Think, Know, and Feel About Phishing: Opportunities for University IT Departments to Better Empower Employees in Their Anti-Phishing DecisionsProceedings of the ACM on Human-Computer Interaction10.1145/35795477:CSCW1(1-27)Online publication date: 16-Apr-2023
https://dl.acm.org/doi/10.1145/3579547
Tally AAbbott JBochner ADas SNippert-Eng C(2023)Tips, Tricks, and Training: Supporting Anti-Phishing Awareness among Mid-Career Office Workers Based on Employees’ Current PracticesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3580650(1-13)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3580650
Show More Cited By

Index Terms

A Design of an Anti-Phishing Training System Collaborated with Multiple Organizations

Recommendations

How Experts Detect Phishing Scam Emails
CSCW

Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduce the number of phishing emails ...
Read More
A Sender-Centric Approach to Detecting Phishing Emails
CYBERSECURITY '12: Proceedings of the 2012 International Conference on Cyber Security

Email-based online phishing is a critical security threat on the Internet. Although phishers have great flexibility in manipulating both the content and structure of phishing emails, phishers have much less flexibility in completely concealing the ...
Read More
Anti-phishing: A comprehensive perspective
Abstract
Phishing is a form of deception technique that attackers often use to acquire sensitive information related to individuals and organizations fraudulently. Although Phishing attacks have been known for more than two decades, and there is ongoing ...
Highlights
- Classification and discussion of various phishing attacks, motives, and their types.
- The role of social and cognitive factors in the success of a phishing attack.
- A comprehensive survey of various phishing detection and prevention ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

iiWAS2019: Proceedings of the 21st International Conference on Information Integration and Web-based Applications & Services

December 2019

709 pages

ISBN:9781450371797

DOI:10.1145/3366030

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

JKU: Johannes Kepler Universität Linz
@WAS: International Organization of Information Integration and Web-based Applications and Services

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 February 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Conference

iiWAS2019

iiWAS2019: The 21st International Conference on Information Integration and Web-based Applications & Services

December 2 - 4, 2019

Munich, Germany

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
294
Total Downloads

Downloads (Last 12 months)29
Downloads (Last 6 weeks)4

Other Metrics

View Author Metrics

Citations

Cited By

Thomopoulos GLyras DFidas C(2024)A systematic review and research challenges on phishing cyberattacks from an electroencephalography and gaze-based perspectivePersonal and Ubiquitous Computing10.1007/s00779-024-01794-9Online publication date: 19-Mar-2024
https://doi.org/10.1007/s00779-024-01794-9
Tally AAbbott JBochner ADas SNippert-Eng C(2023)What Mid-Career Professionals Think, Know, and Feel About Phishing: Opportunities for University IT Departments to Better Empower Employees in Their Anti-Phishing DecisionsProceedings of the ACM on Human-Computer Interaction10.1145/35795477:CSCW1(1-27)Online publication date: 16-Apr-2023
https://dl.acm.org/doi/10.1145/3579547
Tally AAbbott JBochner ADas SNippert-Eng C(2023)Tips, Tricks, and Training: Supporting Anti-Phishing Awareness among Mid-Career Office Workers Based on Employees’ Current PracticesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3580650(1-13)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3580650
Patil KArra S(2022)Detection of Phishing and User Awareness Training in Information Security: A Systematic Literature Review2022 2nd International Conference on Innovative Practices in Technology and Management (ICIPTM)10.1109/ICIPTM54933.2022.9753912(780-786)Online publication date: 23-Feb-2022
https://doi.org/10.1109/ICIPTM54933.2022.9753912
Althobaiti KMeng NVaniea KKitamura YQuigley AIsbister KIgarashi TBjørn PDrucker S(2021)I Don’t Need an Expert! Making URL Phishing Features Human ComprehensibleProceedings of the 2021 CHI Conference on Human Factors in Computing Systems10.1145/3411764.3445574(1-17)Online publication date: 6-May-2021
https://dl.acm.org/doi/10.1145/3411764.3445574

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents