Exploring Content Concealment in Email

• URL: http://arxiv.org/abs/2410.11169v1
• Date: Tue, 15 Oct 2024 01:12:47 GMT
• Title: Exploring Content Concealment in Email
• Authors: Lucas Betts, Robert Biddle, Danielle Lottridge, Giovanni Russello,
• Abstract summary: Modern email filters, one of our few defence mechanisms against malicious emails, are often circumvented by sophisticated attackers. This study focuses on how attackers exploit HTML and CSS in emails to conceal arbitrary content. This concealed content remains undetected by the recipient, presenting a serious security risk.
• Score: 0.48748194765816943
• License:
• Abstract: The never-ending barrage of malicious emails, such as spam and phishing, is of constant concern for users, who rely on countermeasures such as email filters to keep the intended recipient safe. Modern email filters, one of our few defence mechanisms against malicious emails, are often circumvented by sophisticated attackers. This study focuses on how attackers exploit HTML and CSS in emails to conceal arbitrary content, allowing for multiple permutations of a malicious email, some of which may evade detection by email filters. This concealed content remains undetected by the recipient, presenting a serious security risk. Our research involved developing and applying an email sampling and analysis procedure to a large-scale dataset of unsolicited emails. We then identify the sub-types of concealment attackers use to conceal content and the HTML and CSS tricks employed.

Related papers

• Eyes on the Phish(er): Towards Understanding Users' Email Processing Pattern and Mental Models in Phishing Detection [0.4543820534430522]
  This study examines how workload affects susceptibility to phishing. We use eye-tracking technology to observe participants' reading patterns and interactions with phishing emails. Our results provide concrete evidence that attention to the email sender can reduce phishing susceptibility.
  arXiv  Detail & Related papers  (2024-09-12T02:57:49Z)
• Different Victims, Same Layout: Email Visual Similarity Detection for Enhanced Email Protection [0.3683202928838613]
  We propose an email visual similarity detection approach, named Pisco, to improve the detection capabilities of an email threat defense system. Our results show that email kits are being reused extensively and visually similar emails are sent to our customers at various time intervals.
  arXiv  Detail & Related papers  (2024-08-29T23:51:51Z)
• ChatSpamDetector: Leveraging Large Language Models for Effective Phishing Email Detection [2.3999111269325266]
  This study introduces ChatSpamDetector, a system that uses large language models (LLMs) to detect phishing emails. By converting email data into a prompt suitable for LLM analysis, the system provides a highly accurate determination of whether an email is phishing or not. We conducted an evaluation using a comprehensive phishing email dataset and compared our system to several LLMs and baseline systems.
  arXiv  Detail & Related papers  (2024-02-28T06:28:15Z)
• Prompted Contextual Vectors for Spear-Phishing Detection [45.07804966535239]
  Spear-phishing attacks present a significant security challenge. We propose a detection approach based on a novel document vectorization method. Our method achieves a 91% F1 score in identifying LLM-generated spear-phishing emails.
  arXiv  Detail & Related papers  (2024-02-13T09:12:55Z)
• Anomaly Detection in Emails using Machine Learning and Header Information [0.0]
  Anomalies in emails such as phishing and spam present major security risks. Previous studies on email anomaly detection relied on a single type of anomaly and the analysis of the email body and subject content. This study conducted feature extraction and selection on email header datasets and leveraged both multi and one-class anomaly detection approaches.
  arXiv  Detail & Related papers  (2022-03-19T23:31:23Z)
• Holmes: An Efficient and Lightweight Semantic Based Anomalous Email Detector [1.926698798754349]
  We present Holmes, an efficient and lightweight semantic based engine for anomalous email detection. Based on our observations, we claim that, in an enterprise environment, there is a stable relation between senders and receivers, but suspicious emails are commonly from unusual sources. We evaluate the performance of Holmes in a real-world enterprise environment, in which it sends and receives around 5,000 emails each day.
  arXiv  Detail & Related papers  (2021-04-16T11:42:10Z)
• Modeling Deep Learning Based Privacy Attacks on Physical Mail [89.3344470606211]
  Mail privacy protection aims to prevent unauthorized access to hidden content within an envelope. We show that with a well designed deep learning model, the hidden content may be largely recovered without opening the envelope.
  arXiv  Detail & Related papers  (2020-12-22T02:54:00Z)
• Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers [47.828297621738265]
  We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier. As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger. We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
  arXiv  Detail & Related papers  (2020-10-30T15:27:44Z)
• Robust and Verifiable Information Embedding Attacks to Deep Neural Networks via Error-Correcting Codes [81.85509264573948]
  In the era of deep learning, a user often leverages a third-party machine learning tool to train a deep neural network (DNN) classifier. In an information embedding attack, an attacker is the provider of a malicious third-party machine learning tool. In this work, we aim to design information embedding attacks that are verifiable and robust against popular post-processing methods.
  arXiv  Detail & Related papers  (2020-10-26T17:42:42Z)
• Phishing and Spear Phishing: examples in Cyber Espionage and techniques to protect against them [91.3755431537592]
  Phishing attacks have become the most used technique in the online scams, initiating more than 91% of cyberattacks, from 2012 onwards. This study reviews how Phishing and Spear Phishing attacks are carried out by the phishers, through 5 steps which magnify the outcome.
  arXiv  Detail & Related papers  (2020-05-31T18:10:09Z)
• Learning with Weak Supervision for Email Intent Detection [56.71599262462638]
  We propose to leverage user actions as a source of weak supervision to detect intents in emails. We develop an end-to-end robust deep neural network model for email intent identification.
  arXiv  Detail & Related papers  (2020-05-26T23:41:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.