Targeted Attacks: Redefining Spear Phishing and Business Email Compromise

• URL: http://arxiv.org/abs/2309.14166v1
• Date: Mon, 25 Sep 2023 14:21:59 GMT
• Title: Targeted Attacks: Redefining Spear Phishing and Business Email Compromise
• Authors: Sarah Wassermann, Maxime Meyer, Sébastien Goutal, Damien Riquet,
• Abstract summary: Some rare, severely damaging email threats - known as spear phishing or Business Email Compromise - have emerged. We describe targeted-attack-detection techniques as well as social-engineering methods used by fraudsters. We present text-based attacks - with textual content as malicious payload - and compare non-targeted and targeted variants.
• Score: 0.17175834535889653
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: In today's digital world, cybercrime is responsible for significant damage to organizations, including financial losses, operational disruptions, or intellectual property theft. Cyberattacks often start with an email, the major means of corporate communication. Some rare, severely damaging email threats - known as spear phishing or Business Email Compromise - have emerged. However, the literature disagrees on their definition, impeding security vendors and researchers from mitigating targeted attacks. Therefore, we introduce targeted attacks. We describe targeted-attack-detection techniques as well as social-engineering methods used by fraudsters. Additionally, we present text-based attacks - with textual content as malicious payload - and compare non-targeted and targeted variants.

Related papers

• Characterizing the Networks Sending Enterprise Phishing Emails [3.6005071324152227]
  Phishing attacks on enterprise employees present one of the most costly and potent threats to organizations. We draw on a dataset spanning one year across thousands of enterprises, billions of emails, and over 800,000 delivered phishing attacks. We find that over one-third of the phishing email in our dataset originates from highly reputable networks, including Amazon and Microsoft.
  arXiv  Detail & Related papers  (2024-12-16T23:15:40Z)
• SpearBot: Leveraging Large Language Models in a Generative-Critique Framework for Spear-Phishing Email Generation [9.322176274376774]
  Large Language Models (LLMs) are increasingly capable, aiding in tasks such as content generation. This paper proposes an adversarial framework, SpearBot, to generate spear-phishing emails.
  arXiv  Detail & Related papers  (2024-12-15T08:13:12Z)
• Toward Mixture-of-Experts Enabled Trustworthy Semantic Communication for 6G Networks [82.3753728955968]
  We introduce a novel Mixture-of-Experts (MoE)-based SemCom system. This system comprises a gating network and multiple experts, each specializing in different security challenges. The gating network adaptively selects suitable experts to counter heterogeneous attacks based on user-defined security requirements. A case study in vehicular networks demonstrates the efficacy of the MoE-based SemCom system.
  arXiv  Detail & Related papers  (2024-09-24T03:17:51Z)
• Evaluating the Efficacy of Large Language Models in Identifying Phishing Attempts [2.6012482282204004]
  Phishing, a prevalent cybercrime tactic for decades, remains a significant threat in today's digital world. This paper aims to analyze the effectiveness of 15 Large Language Models (LLMs) in detecting phishing attempts.
  arXiv  Detail & Related papers  (2024-04-23T19:55:18Z)
• A framework for securing email entrances and mitigating phishing impersonation attacks [0.0]
  This work intends to protect users' email composition and settings. A secure code is applied to the composition send button to curtail insider impersonation attack. Also, to secure open applications on public and private devices.
  arXiv  Detail & Related papers  (2023-12-07T07:28:34Z)
• A Serious Game for Simulating Cyberattacks to Teach Cybersecurity [0.3149883354098941]
  Traditional training methods have proven to be less effective over time. In this paper we suggest an alternative approach -- a serious game. Our game explains the intention of each attack and shows the consequences of a successful attack.
  arXiv  Detail & Related papers  (2023-05-04T08:04:24Z)
• Zero-Query Transfer Attacks on Context-Aware Object Detectors [95.18656036716972]
  Adversarial attacks perturb images such that a deep neural network produces incorrect classification results. A promising approach to defend against adversarial attacks on natural multi-object scenes is to impose a context-consistency check. We present the first approach for generating context-consistent adversarial attacks that can evade the context-consistency check.
  arXiv  Detail & Related papers  (2022-03-29T04:33:06Z)
• A Targeted Attack on Black-Box Neural Machine Translation with Parallel Data Poisoning [60.826628282900955]
  We show that targeted attacks on black-box NMT systems are feasible, based on poisoning a small fraction of their parallel training data. We show that this attack can be realised practically via targeted corruption of web documents crawled to form the system's training data. Our results are alarming: even on the state-of-the-art systems trained with massive parallel data, the attacks are still successful (over 50% success rate) under surprisingly low poisoning budgets.
  arXiv  Detail & Related papers  (2020-11-02T01:52:46Z)
• Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
  This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
  arXiv  Detail & Related papers  (2020-07-05T18:22:40Z)
• Phishing and Spear Phishing: examples in Cyber Espionage and techniques to protect against them [91.3755431537592]
  Phishing attacks have become the most used technique in the online scams, initiating more than 91% of cyberattacks, from 2012 onwards. This study reviews how Phishing and Spear Phishing attacks are carried out by the phishers, through 5 steps which magnify the outcome.
  arXiv  Detail & Related papers  (2020-05-31T18:10:09Z)
• Deflecting Adversarial Attacks [94.85315681223702]
  We present a new approach towards ending this cycle where we "deflect" adversarial attacks by causing the attacker to produce an input that resembles the attack's target class. We first propose a stronger defense based on Capsule Networks that combines three detection mechanisms to achieve state-of-the-art detection performance.
  arXiv  Detail & Related papers  (2020-02-18T06:59:13Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.