Scaling and Effectiveness of Email Masquerade Attacks

Autor: Omprakash Gnawali, Rakesh M. Verma, Shahryar Baki, Arjun Mukherjee
Rok vydání: 2017
Předmět:
Zdroj: AsiaCCS
DOI: 10.1145/3052973.3053037
Popis: We focus on email-based attacks, a rich field with well-publicized consequences. We show how current Natural Language Generation (NLG) technology allows an attacker to generate masquerade attacks on scale, and study their effectiveness with a within-subjects study. We also gather insights on what parts of an email do users focus on and how users identify attacks in this realm, by planting signals and also by asking them for their reasoning. We find that: (i) 17% of participants could not identify any of the signals that were inserted in emails, and (ii) Participants were unable to perform better than random guessing on these attacks. The insights gathered and the tools and techniques employed could help defenders in: (i) implementing new, customized anti-phishing solutions for Internet users including training next-generation email filters that go beyond vanilla spam filters and capable of addressing masquerade, (ii) more effectively training and upgrading the skills of email users, and (iii) understanding the dynamics of this novel attack and its ability of tricking humans.
Databáze: OpenAIRE