From fishing to phishing

Elmer Evert Hendrik Lastdrager

Research output: ThesisPhD Thesis - Research UT, graduation UTAcademic

355 Downloads (Pure)

Abstract

Phishing is one of the many types of cybercrime targeting internet users. A phishing message is sent with the aim to obtain information from a potential victim. One of the reasons phishing is popular has
to do with the connectivity that the internet provides. A message can be spread to thousands of recipients with little effort and at negligible cost. A successful phishing attack can lead to identity theft and loss of money for the victims.When an organisation is targeted, phishing can lead to, among other things, compromised network security and stolen intellectual property.
Phishing is highly scalable. On the other side of the scalability spectrum are less scalable modus operandi. We categorise less scalable methods as “fishing for information”. In this thesis, we aim to explore the spectrum of scalability. This thesis uses a socio-technical approach by describing both experiments and technical perspectives to “fishing” and phishing.
This thesis starts by exploring definitions of phishing in literature and analysing their concepts. This provides us with a foundation of what constitutes phishing. Following on the definition, we explore
two modus operandi that are less scalable than phishing, using USB keys and QR codes.We focus on measuring attack effectiveness on the boundary between the physical (i. e., objects on the floor) and digital world (i. e., getting a computer virus.) By quantifying the effectiveness of an attack using experiments, we investigate the feasibility of less scalable attacks. Then, we investigate the thought patterns that potential victims use in order to assess a phishing email. The thought patterns, or heuristics, determine whether a recipient of phishing becomes a victim or not. Knowledge on people’s thought patterns can be used to improve user training. Subsequently, we created a anti-phishing
training to be provided to children.We show that training children is feasible and increases their ability to detect phishing on the short term.
Finally, we performed a large-scale analysis of phishing emails in the Netherlands.We discuss patterns in terms of both attacker behavior as well as recipient behaviour. Our results demonstrate the effectiveness of phishing with different degrees of scalability. Less scalable methods of attack require more effort on the part of the attacker, but provide higher effectiveness. More scalable attacks provide lower success rates, but require less effort than scalable attacks. The contributions in this thesis allow researchers and security professionals to better understand the dynamic nature of phishing.
Original languageEnglish
Awarding Institution
  • University of Twente
Supervisors/Advisors
  • Hartel, Pieter Hendrik, Supervisor
  • Junger, Marianne , Supervisor
Award date9 Feb 2018
Place of PublicationEnschede
Publisher
Print ISBNs978-90-365-4479-5
DOIs
Publication statusPublished - 9 Feb 2018

Fingerprint

Scalability
Electronic mail
Internet
Computer viruses
Network security
Intellectual property
Experiments
Costs

Cite this

Lastdrager, E. E. H. (2018). From fishing to phishing. Enschede: University of Twente. https://doi.org/10.3990/1.9789036544795
Lastdrager, Elmer Evert Hendrik. / From fishing to phishing. Enschede : University of Twente, 2018. 204 p.
@phdthesis{94a67e720a464eb9b9f287f7bda2d330,
title = "From fishing to phishing",
abstract = "Phishing is one of the many types of cybercrime targeting internet users. A phishing message is sent with the aim to obtain information from a potential victim. One of the reasons phishing is popular hasto do with the connectivity that the internet provides. A message can be spread to thousands of recipients with little effort and at negligible cost. A successful phishing attack can lead to identity theft and loss of money for the victims.When an organisation is targeted, phishing can lead to, among other things, compromised network security and stolen intellectual property.Phishing is highly scalable. On the other side of the scalability spectrum are less scalable modus operandi. We categorise less scalable methods as “fishing for information”. In this thesis, we aim to explore the spectrum of scalability. This thesis uses a socio-technical approach by describing both experiments and technical perspectives to “fishing” and phishing.This thesis starts by exploring definitions of phishing in literature and analysing their concepts. This provides us with a foundation of what constitutes phishing. Following on the definition, we exploretwo modus operandi that are less scalable than phishing, using USB keys and QR codes.We focus on measuring attack effectiveness on the boundary between the physical (i. e., objects on the floor) and digital world (i. e., getting a computer virus.) By quantifying the effectiveness of an attack using experiments, we investigate the feasibility of less scalable attacks. Then, we investigate the thought patterns that potential victims use in order to assess a phishing email. The thought patterns, or heuristics, determine whether a recipient of phishing becomes a victim or not. Knowledge on people’s thought patterns can be used to improve user training. Subsequently, we created a anti-phishingtraining to be provided to children.We show that training children is feasible and increases their ability to detect phishing on the short term.Finally, we performed a large-scale analysis of phishing emails in the Netherlands.We discuss patterns in terms of both attacker behavior as well as recipient behaviour. Our results demonstrate the effectiveness of phishing with different degrees of scalability. Less scalable methods of attack require more effort on the part of the attacker, but provide higher effectiveness. More scalable attacks provide lower success rates, but require less effort than scalable attacks. The contributions in this thesis allow researchers and security professionals to better understand the dynamic nature of phishing.",
author = "Lastdrager, {Elmer Evert Hendrik}",
year = "2018",
month = "2",
day = "9",
doi = "10.3990/1.9789036544795",
language = "English",
isbn = "978-90-365-4479-5",
publisher = "University of Twente",
address = "Netherlands",
school = "University of Twente",

}

Lastdrager, EEH 2018, 'From fishing to phishing', University of Twente, Enschede. https://doi.org/10.3990/1.9789036544795

From fishing to phishing. / Lastdrager, Elmer Evert Hendrik.

Enschede : University of Twente, 2018. 204 p.

Research output: ThesisPhD Thesis - Research UT, graduation UTAcademic

TY - THES

T1 - From fishing to phishing

AU - Lastdrager, Elmer Evert Hendrik

PY - 2018/2/9

Y1 - 2018/2/9

N2 - Phishing is one of the many types of cybercrime targeting internet users. A phishing message is sent with the aim to obtain information from a potential victim. One of the reasons phishing is popular hasto do with the connectivity that the internet provides. A message can be spread to thousands of recipients with little effort and at negligible cost. A successful phishing attack can lead to identity theft and loss of money for the victims.When an organisation is targeted, phishing can lead to, among other things, compromised network security and stolen intellectual property.Phishing is highly scalable. On the other side of the scalability spectrum are less scalable modus operandi. We categorise less scalable methods as “fishing for information”. In this thesis, we aim to explore the spectrum of scalability. This thesis uses a socio-technical approach by describing both experiments and technical perspectives to “fishing” and phishing.This thesis starts by exploring definitions of phishing in literature and analysing their concepts. This provides us with a foundation of what constitutes phishing. Following on the definition, we exploretwo modus operandi that are less scalable than phishing, using USB keys and QR codes.We focus on measuring attack effectiveness on the boundary between the physical (i. e., objects on the floor) and digital world (i. e., getting a computer virus.) By quantifying the effectiveness of an attack using experiments, we investigate the feasibility of less scalable attacks. Then, we investigate the thought patterns that potential victims use in order to assess a phishing email. The thought patterns, or heuristics, determine whether a recipient of phishing becomes a victim or not. Knowledge on people’s thought patterns can be used to improve user training. Subsequently, we created a anti-phishingtraining to be provided to children.We show that training children is feasible and increases their ability to detect phishing on the short term.Finally, we performed a large-scale analysis of phishing emails in the Netherlands.We discuss patterns in terms of both attacker behavior as well as recipient behaviour. Our results demonstrate the effectiveness of phishing with different degrees of scalability. Less scalable methods of attack require more effort on the part of the attacker, but provide higher effectiveness. More scalable attacks provide lower success rates, but require less effort than scalable attacks. The contributions in this thesis allow researchers and security professionals to better understand the dynamic nature of phishing.

AB - Phishing is one of the many types of cybercrime targeting internet users. A phishing message is sent with the aim to obtain information from a potential victim. One of the reasons phishing is popular hasto do with the connectivity that the internet provides. A message can be spread to thousands of recipients with little effort and at negligible cost. A successful phishing attack can lead to identity theft and loss of money for the victims.When an organisation is targeted, phishing can lead to, among other things, compromised network security and stolen intellectual property.Phishing is highly scalable. On the other side of the scalability spectrum are less scalable modus operandi. We categorise less scalable methods as “fishing for information”. In this thesis, we aim to explore the spectrum of scalability. This thesis uses a socio-technical approach by describing both experiments and technical perspectives to “fishing” and phishing.This thesis starts by exploring definitions of phishing in literature and analysing their concepts. This provides us with a foundation of what constitutes phishing. Following on the definition, we exploretwo modus operandi that are less scalable than phishing, using USB keys and QR codes.We focus on measuring attack effectiveness on the boundary between the physical (i. e., objects on the floor) and digital world (i. e., getting a computer virus.) By quantifying the effectiveness of an attack using experiments, we investigate the feasibility of less scalable attacks. Then, we investigate the thought patterns that potential victims use in order to assess a phishing email. The thought patterns, or heuristics, determine whether a recipient of phishing becomes a victim or not. Knowledge on people’s thought patterns can be used to improve user training. Subsequently, we created a anti-phishingtraining to be provided to children.We show that training children is feasible and increases their ability to detect phishing on the short term.Finally, we performed a large-scale analysis of phishing emails in the Netherlands.We discuss patterns in terms of both attacker behavior as well as recipient behaviour. Our results demonstrate the effectiveness of phishing with different degrees of scalability. Less scalable methods of attack require more effort on the part of the attacker, but provide higher effectiveness. More scalable attacks provide lower success rates, but require less effort than scalable attacks. The contributions in this thesis allow researchers and security professionals to better understand the dynamic nature of phishing.

U2 - 10.3990/1.9789036544795

DO - 10.3990/1.9789036544795

M3 - PhD Thesis - Research UT, graduation UT

SN - 978-90-365-4479-5

PB - University of Twente

CY - Enschede

ER -

Lastdrager EEH. From fishing to phishing. Enschede: University of Twente, 2018. 204 p. https://doi.org/10.3990/1.9789036544795