Phishing and Spear Phishing: examples in Cyber Espionage and techniques
to protect against them
- URL: http://arxiv.org/abs/2006.00577v1
- Date: Sun, 31 May 2020 18:10:09 GMT
- Title: Phishing and Spear Phishing: examples in Cyber Espionage and techniques
to protect against them
- Authors: Alessandro Ecclesie Agazzi
- Abstract summary: Phishing attacks have become the most used technique in the online scams, initiating more than 91% of cyberattacks, from 2012 onwards.
This study reviews how Phishing and Spear Phishing attacks are carried out by the phishers, through 5 steps which magnify the outcome.
- Score: 91.3755431537592
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Phishing attacks have become the most used technique in the online scams,
initiating more than 91% of cyberattacks, from 2012 onwards. This study reviews
how Phishing and Spear Phishing attacks are carried out by the phishers,
through 5 steps which magnify the outcome, increasing the chance of success.
The focus will be also given on four different layers of protection against
these social engineering attacks, showing their strengths and weaknesses; the
first and second layers consist of automated tools and decision-aid tools. the
third one is users' knowledge and expertise to deal with potential threats. The
last layer, defined as "external", will underline the importance of having a
Multi-factor authentication, an effective way to provide an enhanced security,
creating a further layer of protection against Phishing and Spear Phishing.
Related papers
- Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication.
Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
arXiv Detail & Related papers (2024-05-21T13:34:23Z) - Evaluating the Efficacy of Large Language Models in Identifying Phishing Attempts [2.6012482282204004]
Phishing, a prevalent cybercrime tactic for decades, remains a significant threat in today's digital world.
This paper aims to analyze the effectiveness of 15 Large Language Models (LLMs) in detecting phishing attempts.
arXiv Detail & Related papers (2024-04-23T19:55:18Z) - LOTUS: Evasive and Resilient Backdoor Attacks through Sub-Partitioning [49.174341192722615]
Backdoor attack poses a significant security threat to Deep Learning applications.
Recent papers have introduced attacks using sample-specific invisible triggers crafted through special transformation functions.
We introduce a novel backdoor attack LOTUS to address both evasiveness and resilience.
arXiv Detail & Related papers (2024-03-25T21:01:29Z) - An Innovative Information Theory-based Approach to Tackle and Enhance The Transparency in Phishing Detection [23.962076093344166]
We propose an innovative deep learning-based approach for phishing attack localization.
Our method can not only predict the vulnerability of the email data but also automatically learn and figure out the most important and phishing-relevant information.
arXiv Detail & Related papers (2024-02-27T00:03:07Z) - Thinking Two Moves Ahead: Anticipating Other Users Improves Backdoor
Attacks in Federated Learning [102.05872020792603]
We propose an attack that anticipates and accounts for the entire federated learning pipeline, including behaviors of other clients.
We show that this new attack is effective in realistic scenarios where the attacker only contributes to a small fraction of randomly sampled rounds.
arXiv Detail & Related papers (2022-10-17T17:59:38Z) - An Overview of Phishing Victimization: Human Factors, Training and the
Role of Emotions [0.0]
Phishing is a form of cybercrime that allows criminals, phishers, to deceive end users in order to steal their confidential and sensitive information.
This paper explores the emotional factors that have been reported in previous studies to be significant in phishing victimization.
arXiv Detail & Related papers (2022-09-13T12:51:20Z) - Detecting Phishing Sites -- An Overview [0.0]
Phishing is one of the most severe cyber-attacks where researchers are interested to find a solution.
To minimize the damage caused by phishing must be detected as early as possible.
There are various phishing detection techniques based on white-list, black-list, content-based, URL-based, visual-similarity and machine-learning.
arXiv Detail & Related papers (2021-03-23T19:16:03Z) - Phishing Detection Using Machine Learning Techniques [0.0]
Phishers try to deceive their victims by social engineering or creating mock-up websites to steal information.
One of the most successful methods for detecting these malicious activities is Machine Learning.
In this paper, we compared the results of multiple machine learning methods for predicting phishing websites.
arXiv Detail & Related papers (2020-09-20T11:52:52Z) - Adversarial Machine Learning Attacks and Defense Methods in the Cyber
Security Domain [58.30296637276011]
This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques.
It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
arXiv Detail & Related papers (2020-07-05T18:22:40Z) - On Certifying Robustness against Backdoor Attacks via Randomized
Smoothing [74.79764677396773]
We study the feasibility and effectiveness of certifying robustness against backdoor attacks using a recent technique called randomized smoothing.
Our results show the theoretical feasibility of using randomized smoothing to certify robustness against backdoor attacks.
Existing randomized smoothing methods have limited effectiveness at defending against backdoor attacks.
arXiv Detail & Related papers (2020-02-26T19:15:46Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.