SpringerLink
Log in

Constructs of Deceit: Exploring Nuances in Modern Social Engineering Attacks

  • Conference paper
  • First Online:
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14828))

  • 10 Accesses

Abstract

Despite the increasing effort in the defense community to develop robust security solutions, social engineering attacks are getting more prevalent every year. Detecting fraudulent websites has been a concurrent task of both academia and industry in combating this type of attack. A common approach is to use supervised methods and labeled data to locate suspicious cases. In this paper, we evaluate a set of more common features related to the development and deployment aspects of websites that have been widely used in detecting scam and phishing websites over the years. As threat actors and the defense community are in a cat-and-mouse game, we aim to investigate whether such features are still prevalent or how to move forward in determining signs of malice when looking at the problem space at scale. Our study challenges the efficacy of deployment-based features, such as infrastructure providers or certificate issuers, in detecting fraudulent websites. Additionally, we perform an empirical analysis of the development aspects of websites that can be utilized in the detection pipeline.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/phishvsbenign/phishvsbenign.

References

  1. Business Insurance. Ransomware victims paid \$18 billion ransom in 2020 (2021). https://www.businessinsurance.com/article/20210429/STORY/912341506/Ransomware-victims-paid-$18-billion-ransom-in-2020

  2. PurpleSec Inc. 2021 Ransomware Statistics, Data, & Trends (2021). https://purplesec.us/resources/cyber-security-statistics/ransomware/

  3. Venkatesha, S., Reddy, K.R., Chandavarkar, B.R.: Social engineering attacks during the COVID-19 pandemic. SN Comput. Sci. 2(2), 1–9 (2021)

    Article  Google Scholar 

  4. Verizon Inc. Data Breach Investigation Report 2020 (2020). https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf

  5. Security Magazine Inc. Microsoft warns of Russian Nobelium phishing campaign (2020). securitymagazine.com/articles/95328-microsoft-warns-of-russian-nobelium-phishing-campaign

  6. Stringhini, G., Thonnard, O.: That ain’t you: blocking spearphishing through behavioral modelling. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 78–97. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_5

    Chapter  Google Scholar 

  7. Bhardwaj, T., Sharma, T.K., Pandit, M.R.: Social engineering prevention by detecting malicious URLs using artificial bee colony algorithm. In: Pant, M., Deep, K., Nagar, A., Bansal, J.C. (eds.) Proceedings of the Third International Conference on Soft Computing for Problem Solving. AISC, vol. 258, pp. 355–363. Springer, New Delhi (2014). https://doi.org/10.1007/978-81-322-1771-8_31

    Chapter  Google Scholar 

  8. Neupane, A., Saxena, N., Kuruvilla, K., Georgescu, M., Kana, R.K.: Neural signatures of user-centered security: an fMRI study of phishing, and malware warnings. In: NDSS (2014)

    Google Scholar 

  9. Abeywardana, K.Y., Pfluegel, E., Tunnicliffe, M.J.: A layered defense mechanism for a social engineering aware perimeter. In: 2016 SAI Computing Conference (SAI), pp. 1054–1062. IEEE (2016)

    Google Scholar 

  10. Wen, Z.A., Lin, Z., Chen, R., Andersen, E.: What. Hack: engaging anti-phishing training through a role-playing phishing simulation game. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1–12 (2019)

    Google Scholar 

  11. Let’s Encrypt. Let’s Encrypt Certificate Provider (2024). https://letsencrypt.org/

  12. Pan, Y., Ding, X.: Anomaly based web phishing page detection. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 381–392 (2006)

    Google Scholar 

  13. Rosiello, A.P.E., Kirda, E., Kruegel, C., Ferrandi, F.: A layout-similarity-based approach for detecting phishing pages. In: 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007, pp. 454–463 (2007)

    Google Scholar 

  14. Whittaker, C., Ryner, B., Nazif, M.: Large-scale automatic classification of phishing pages. In: NDSS 2010 (2010)

    Google Scholar 

  15. **ang, G., Hong, J., Rose, C.P., Cranor, L.: Cantina+: a feature-rich machine learning framework for detecting phishing web sites. ACM Trans. Inf. Syst. Secur. 14(2) (2011)

    Google Scholar 

  16. Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Exposure: finding malicious domains using passive DNS analysis. In: NDSS, pp. 1–17 (2011)

    Google Scholar 

  17. Mao, J., Li, P., Li, K., Wei, T., Liang, Z.: BaitAlarm: detecting phishing sites using similarity in fundamental visual features. In: 2013 5th International Conference on Intelligent Networking and Collaborative Systems, pp. 790–795 (2013)

    Google Scholar 

  18. Dong, Z., Kapadia, A., Blythe, J., Camp, L.J.: Beyond the lock icon: real-time detection of phishing websites using public key certificates. In: 2015 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–12 (2015)

    Google Scholar 

  19. Ardi, C., Heidemann, J.: AuntieTuna: personalized content-based phishing detection. In: NDSS Usable Security Workshop (USEC) (2016)

    Google Scholar 

  20. Corona, I., et al.: DeltaPhish: detecting phishing webpages in compromised websites. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10492, pp. 370–388. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66402-6_22

    Chapter  Google Scholar 

  21. Rao, R.S., Pais, A.R.: Detecting phishing websites using automation of human behavior. In: Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, CPSS 2017, pp. 33–42. Association for Computing Machinery, New York (2017)

    Google Scholar 

  22. Niakanlahiji, A., Chu, B.-T., Al-Shaer, E.: PhishMon: a machine learning framework for detecting phishing webpages. In: 2018 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 220–225 (2018)

    Google Scholar 

  23. Torroledo, I., Camacho, L.D., Bahnsen, A.C.: Hunting malicious TLS certificates with deep neural networks. In: Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security, AISec 2018, pp. 64–73. Association for Computing Machinery, New York (2018)

    Google Scholar 

  24. Kharraz, A., Robertson, W., Kirda, E.: SurveyLance: automatically detecting online survey scams. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 70–86. IEEE (2018)

    Google Scholar 

  25. Mao, J., et al.: Phishing page detection via learning classifiers from page layout feature. EURASIP J. Wirel. Commun. Netw. 1, 2019 (2019)

    Google Scholar 

  26. Sánchez-Paniagua, M., Fidalgo, E., Alegre, E., Alaiz-Rodríguez, R.: Phishing websites detection using a novel multipurpose dataset and web technologies features. Expert Syst. Appl. 207, 118010 (2022)

    Article  Google Scholar 

  27. Bitaab, M., et al.: Beyond phish: toward detecting fraudulent e-commerce websites at scale. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 2566–2583 (2023)

    Google Scholar 

  28. Zhang, Y., Fu, X., Yang, R., Li, Y.: DRSDetector: detecting gambling websites by multi-level feature fusion. In: 2023 IEEE Symposium on Computers and Communications (ISCC), pp. 1441–1447 (2023)

    Google Scholar 

  29. Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3–24. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_1

    Chapter  Google Scholar 

  30. Kharraz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium (2016)

    Google Scholar 

  31. Miramirkhani, N., Starov, O., Nikiforakis, N.: Dial one for scam: analyzing and detecting technical support scams. In: 22nd Annual Network and Distributed System Security Symposium (NDSS 2016). NDSS (2016)

    Google Scholar 

  32. Ousat, B., Tofighi, M.A., Kharraz, A.: An end-to-end analysis of COVID-themed scams in the wild. In: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2023, pp. 509–523. Association for Computing Machinery, New York (2023)

    Google Scholar 

  33. Google. Chrome UX Report (2023). https://developer.chrome.com/docs/crux/

  34. Durumeric, Z.: Cached chrome top million websites (2023). https://github.com/zakird/crux-top-lists

  35. Google. Chrome Devtools Protocol (2024). https://chromedevtools.github.io/devtools-protocol/

  36. Google. Chrome’s Lighthouse (2024). https://developer.chrome.com/docs/-lighthouse/overview/

  37. Wappalyzer. Technology Profiler (2024). https://www.wappalyzer.com/

  38. Drury, V., Meyer, U.: Certified phishing: taking a look at public key certificates of phishing websites. In: Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019), Santa Clara, CA, pp. 211–223. USENIX Association (2019)

    Google Scholar 

  39. Aas, J., et al.: Let’s encrypt: an automated certificate authority to encrypt the entire web. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, pp. 2473–2487. Association for Computing Machinery, New York (2019)

    Google Scholar 

  40. Drichel, A., Drury, V., von Brandt, J., Meyer, U.: Finding phish in a haystack: A pipeline for phishing classification on certificate transparency logs. In: Proceedings of the 16th International Conference on Availability, Reliability and Security, ARES 2021. Association for Computing Machinery, New York (2021)

    Google Scholar 

  41. Edward. Dom visualizer (2024). https://0xedward.github.io/dom-visualizer/

  42. Mirzaei, O., Vasilenko, R., Kirda, E., Lu, L., Kharraz, A.: SCRUTINIZER: detecting code reuse in malware via decompilation and machine learning. In: Bilge, L., Cavallaro, L., Pellegrino, G., Neves, N. (eds.) DIMVA 2021. LNCS, vol. 12756, pp. 130–150. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-80825-9_7

    Chapter  Google Scholar 

Download references

Acknowledgments

We would like to thank the anonymous reviewers for their thoughtful feedback. This project was supported by Microsoft AI Security and CITES/IUCRC Grant No. 2113880. Opinions, findings, conclusions, or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of Microsoft Incorporation or NSF.

Author information

Authors and Affiliations

  1. Florida International University, Miami, USA

    Mohammad Ali Tofighi, Behzad Ousat, Javad Zandi, Esteban Schafir & Amin Kharraz

Authors
  1. Mohammad Ali Tofighi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Behzad Ousat
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Javad Zandi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Esteban Schafir
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Amin Kharraz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Behzad Ousat .

Editor information

Editors and Affiliations

  1. AWS, San Diego, CA, USA

    Federico Maggi

  2. Boston University, Boston, MA, USA

    Manuel Egele

  3. EPFL, Lausanne, Switzerland

    Mathias Payer

  4. Politecnico di Milano, Milan, Italy

    Michele Carminati

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tofighi, M.A., Ousat, B., Zandi, J., Schafir, E., Kharraz, A. (2024). Constructs of Deceit: Exploring Nuances in Modern Social Engineering Attacks. In: Maggi, F., Egele, M., Payer, M., Carminati, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2024. Lecture Notes in Computer Science, vol 14828. Springer, Cham. https://doi.org/10.1007/978-3-031-64171-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-64171-8_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-64170-1

  • Online ISBN: 978-3-031-64171-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation