Scaling and Effectiveness of Email Masquerade Attacks
Autor: | Omprakash Gnawali, Rakesh M. Verma, Shahryar Baki, Arjun Mukherjee |
---|---|
Rok vydání: | 2017 |
Předmět: |
World Wide Web
Computer science 020204 information systems Email address harvesting 0202 electrical engineering electronic engineering information engineering Email authentication Natural language generation 020201 artificial intelligence & image processing 02 engineering and technology Computer security computer.software_genre computer |
Zdroj: | AsiaCCS |
DOI: | 10.1145/3052973.3053037 |
Popis: | We focus on email-based attacks, a rich field with well-publicized consequences. We show how current Natural Language Generation (NLG) technology allows an attacker to generate masquerade attacks on scale, and study their effectiveness with a within-subjects study. We also gather insights on what parts of an email do users focus on and how users identify attacks in this realm, by planting signals and also by asking them for their reasoning. We find that: (i) 17% of participants could not identify any of the signals that were inserted in emails, and (ii) Participants were unable to perform better than random guessing on these attacks. The insights gathered and the tools and techniques employed could help defenders in: (i) implementing new, customized anti-phishing solutions for Internet users including training next-generation email filters that go beyond vanilla spam filters and capable of addressing masquerade, (ii) more effectively training and upgrading the skills of email users, and (iii) understanding the dynamics of this novel attack and its ability of tricking humans. |
Databáze: | OpenAIRE |
Externí odkaz: |