Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Institution
Articles 1 - 7 of 7
Full-Text Articles in Physical Sciences and Mathematics
Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution, Marco Casagrande, Mauro Conti, Monica Fedeli, Eleonora Losiouk
Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution, Marco Casagrande, Mauro Conti, Monica Fedeli, Eleonora Losiouk
Journal of Cybersecurity Education, Research and Practice
Phishing is a common social engineering attack aimed to steal personal information. Universities attract phishing attacks because: 1) they store employees and students sensitive data, 2) they save confidential documents, 3) their infrastructures often lack security. In this paper, we showcase a phishing assessment at the University of Redacted aimed to identify the people, and the features of such people, that are more susceptible to phishing attacks. We delivered phishing emails to 1.508 subjects in three separate batches, collecting a clickrate equal to 30%, 11% and 13%, respectively. We considered several features (i.e., age, gender, role, working/studying field, email template) …
Phishing Detection Using Natural Language Processing And Machine Learning, Apurv Mittal, Dr Daniel Engels, Harsha Kommanapalli, Ravi Sivaraman, Taifur Chowdhury
Phishing Detection Using Natural Language Processing And Machine Learning, Apurv Mittal, Dr Daniel Engels, Harsha Kommanapalli, Ravi Sivaraman, Taifur Chowdhury
SMU Data Science Review
Phishing emails are a primary mode of entry for attackers into an organization. A successful phishing attempt leads to unauthorized access to sensitive information and systems. However, automatically identifying phishing emails is often difficult since many phishing emails have composite features such as body text and metadata that are nearly indistinguishable from valid emails. This paper presents a novel machine learning-based framework, the DARTH framework, that characterizes and combines multiple models, with one model for each composite feature, that enables the accurate identification of phishing emails. The framework analyses each composite feature independently utilizing a multi-faceted approach using Natural Language …
Gophish: Implementing A Real-World Phishing Exercise To Teach Social Engineering, Andy Luse, Jim Burkman
Gophish: Implementing A Real-World Phishing Exercise To Teach Social Engineering, Andy Luse, Jim Burkman
Journal of Cybersecurity Education, Research and Practice
Social engineering is a large problem in our modern technological world, but while conceptually understood, it is harder to teach compared to traditional pen testing techniques. This research details a class project where students implemented a phishing exercise against real-world targets. Through cooperation with an external corporate partner, students learned the legal, technical, behavioral, analysis, and reporting aspects of social engineering. The outcome provided both usable data for a real-world corporation as well as valuable educational experience for the students.
Phishing And Cybercrime Risks In A University Student Community, Roderic Broadhurst, Katie Skinner, Nicholas Sifniotis, Bryan Matamoros-Macias, Yuguang Ipsen
Phishing And Cybercrime Risks In A University Student Community, Roderic Broadhurst, Katie Skinner, Nicholas Sifniotis, Bryan Matamoros-Macias, Yuguang Ipsen
International Journal of Cybersecurity Intelligence & Cybercrime
In an exploratory quasi-experimental observational study, 138 participants recruited during a university orientation week were exposed to social engineering directives in the form of fake email or phishing attacks over several months in 2017. These email attacks attempted to elicit personal information from participants or entice them into clicking links which may have been compromised in a real-world setting. The study aimed to determine the risks of cybercrime for students by observing their responses to social engineering and exploring attitudes to cybercrime risks before and after the phishing phase. Three types of scam emails were distributed that varied in the …
Using A Game To Improve Phishing Awareness, Patrickson Weanquoi, Jaris Johnson, Jinghua Zhang
Using A Game To Improve Phishing Awareness, Patrickson Weanquoi, Jaris Johnson, Jinghua Zhang
Journal of Cybersecurity Education, Research and Practice
Cybersecurity education has become increasingly critical as we spend more of our everyday lives online. Research shows that college students are mostly unaware of the many online dangers. To teach students about cybersecurity using their preferred medium, gaming, we developed an educational 2D game called “Bird’s Life” that aims to teach college students, as well as general interest individuals, about phishing. Players will come to understand phishing attacks and how to avoid them in real-world scenarios through a fun gaming context. The game can be deployed to multiple platforms such as PC, web, and mobile devices. To measure the effect …
Automated Man-In-The-Middle Attack Against Wi‑Fi Networks, Martin Vondráček, Jan Pluskal, Ondřej Ryšavý
Automated Man-In-The-Middle Attack Against Wi‑Fi Networks, Martin Vondráček, Jan Pluskal, Ondřej Ryšavý
Journal of Digital Forensics, Security and Law
Currently used wireless communication technologies suffer security weaknesses that can be exploited allowing to eavesdrop or to spoof network communication. In this paper, we present a practical tool that can automate the attack on wireless security. The developed package called wifimitm provides functionality for the automation of MitM attacks in the wireless environment. The package combines several existing tools and attack strategies to bypass the wireless security mechanisms, such as WEP, WPA, and WPS. The presented tool can be integrated into a solution for automated penetration testing. Also, a popularization of the fact that such attacks can be easily automated …
Reeling In Big Phish With A Deep Md5 Net, Brad Wardman, Gary Warner, Heather Mccalley, Sarah Turner, Anthony Skjellum
Reeling In Big Phish With A Deep Md5 Net, Brad Wardman, Gary Warner, Heather Mccalley, Sarah Turner, Anthony Skjellum
Journal of Digital Forensics, Security and Law
Phishing continues to grow as phishers discover new exploits and attack vectors for hosting malicious content; the traditional response using takedowns and blacklists does not appear to impede phishers significantly. A handful of law enforcement projects — for example the FBI's Digital PhishNet and the Internet Crime and Complaint Center (ic3.gov) — have demonstrated that they can collect phishing data in substantial volumes, but these collections have not yet resulted in a significant decline in criminal phishing activity. In this paper, a new system is demonstrated for prioritizing investigative resources to help reduce the time and effort expended examining this …