Abstract
Despite the increasing effort in the defense community to develop robust security solutions, social engineering attacks are getting more prevalent every year. Detecting fraudulent websites has been a concurrent task of both academia and industry in combating this type of attack. A common approach is to use supervised methods and labeled data to locate suspicious cases. In this paper, we evaluate a set of more common features related to the development and deployment aspects of websites that have been widely used in detecting scam and phishing websites over the years. As threat actors and the defense community are in a cat-and-mouse game, we aim to investigate whether such features are still prevalent or how to move forward in determining signs of malice when looking at the problem space at scale. Our study challenges the efficacy of deployment-based features, such as infrastructure providers or certificate issuers, in detecting fraudulent websites. Additionally, we perform an empirical analysis of the development aspects of websites that can be utilized in the detection pipeline.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Business Insurance. Ransomware victims paid \$18 billion ransom in 2020 (2021). https://www.businessinsurance.com/article/20210429/STORY/912341506/Ransomware-victims-paid-$18-billion-ransom-in-2020
PurpleSec Inc. 2021 Ransomware Statistics, Data, & Trends (2021). https://purplesec.us/resources/cyber-security-statistics/ransomware/
Venkatesha, S., Reddy, K.R., Chandavarkar, B.R.: Social engineering attacks during the COVID-19 pandemic. SN Comput. Sci. 2(2), 1–9 (2021)
Verizon Inc. Data Breach Investigation Report 2020 (2020). https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf
Security Magazine Inc. Microsoft warns of Russian Nobelium phishing campaign (2020). securitymagazine.com/articles/95328-microsoft-warns-of-russian-nobelium-phishing-campaign
Stringhini, G., Thonnard, O.: That ain’t you: blocking spearphishing through behavioral modelling. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 78–97. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_5
Bhardwaj, T., Sharma, T.K., Pandit, M.R.: Social engineering prevention by detecting malicious URLs using artificial bee colony algorithm. In: Pant, M., Deep, K., Nagar, A., Bansal, J.C. (eds.) Proceedings of the Third International Conference on Soft Computing for Problem Solving. AISC, vol. 258, pp. 355–363. Springer, New Delhi (2014). https://doi.org/10.1007/978-81-322-1771-8_31
Neupane, A., Saxena, N., Kuruvilla, K., Georgescu, M., Kana, R.K.: Neural signatures of user-centered security: an fMRI study of phishing, and malware warnings. In: NDSS (2014)
Abeywardana, K.Y., Pfluegel, E., Tunnicliffe, M.J.: A layered defense mechanism for a social engineering aware perimeter. In: 2016 SAI Computing Conference (SAI), pp. 1054–1062. IEEE (2016)
Wen, Z.A., Lin, Z., Chen, R., Andersen, E.: What. Hack: engaging anti-phishing training through a role-playing phishing simulation game. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1–12 (2019)
Let’s Encrypt. Let’s Encrypt Certificate Provider (2024). https://letsencrypt.org/
Pan, Y., Ding, X.: Anomaly based web phishing page detection. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 381–392 (2006)
Rosiello, A.P.E., Kirda, E., Kruegel, C., Ferrandi, F.: A layout-similarity-based approach for detecting phishing pages. In: 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007, pp. 454–463 (2007)
Whittaker, C., Ryner, B., Nazif, M.: Large-scale automatic classification of phishing pages. In: NDSS 2010 (2010)
**ang, G., Hong, J., Rose, C.P., Cranor, L.: Cantina+: a feature-rich machine learning framework for detecting phishing web sites. ACM Trans. Inf. Syst. Secur. 14(2) (2011)
Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Exposure: finding malicious domains using passive DNS analysis. In: NDSS, pp. 1–17 (2011)
Mao, J., Li, P., Li, K., Wei, T., Liang, Z.: BaitAlarm: detecting phishing sites using similarity in fundamental visual features. In: 2013 5th International Conference on Intelligent Networking and Collaborative Systems, pp. 790–795 (2013)
Dong, Z., Kapadia, A., Blythe, J., Camp, L.J.: Beyond the lock icon: real-time detection of phishing websites using public key certificates. In: 2015 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–12 (2015)
Ardi, C., Heidemann, J.: AuntieTuna: personalized content-based phishing detection. In: NDSS Usable Security Workshop (USEC) (2016)
Corona, I., et al.: DeltaPhish: detecting phishing webpages in compromised websites. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10492, pp. 370–388. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66402-6_22
Rao, R.S., Pais, A.R.: Detecting phishing websites using automation of human behavior. In: Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, CPSS 2017, pp. 33–42. Association for Computing Machinery, New York (2017)
Niakanlahiji, A., Chu, B.-T., Al-Shaer, E.: PhishMon: a machine learning framework for detecting phishing webpages. In: 2018 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 220–225 (2018)
Torroledo, I., Camacho, L.D., Bahnsen, A.C.: Hunting malicious TLS certificates with deep neural networks. In: Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security, AISec 2018, pp. 64–73. Association for Computing Machinery, New York (2018)
Kharraz, A., Robertson, W., Kirda, E.: SurveyLance: automatically detecting online survey scams. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 70–86. IEEE (2018)
Mao, J., et al.: Phishing page detection via learning classifiers from page layout feature. EURASIP J. Wirel. Commun. Netw. 1, 2019 (2019)
Sánchez-Paniagua, M., Fidalgo, E., Alegre, E., Alaiz-Rodríguez, R.: Phishing websites detection using a novel multipurpose dataset and web technologies features. Expert Syst. Appl. 207, 118010 (2022)
Bitaab, M., et al.: Beyond phish: toward detecting fraudulent e-commerce websites at scale. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 2566–2583 (2023)
Zhang, Y., Fu, X., Yang, R., Li, Y.: DRSDetector: detecting gambling websites by multi-level feature fusion. In: 2023 IEEE Symposium on Computers and Communications (ISCC), pp. 1441–1447 (2023)
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3–24. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_1
Kharraz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: 25th USENIX Security Symposium (2016)
Miramirkhani, N., Starov, O., Nikiforakis, N.: Dial one for scam: analyzing and detecting technical support scams. In: 22nd Annual Network and Distributed System Security Symposium (NDSS 2016). NDSS (2016)
Ousat, B., Tofighi, M.A., Kharraz, A.: An end-to-end analysis of COVID-themed scams in the wild. In: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2023, pp. 509–523. Association for Computing Machinery, New York (2023)
Google. Chrome UX Report (2023). https://developer.chrome.com/docs/crux/
Durumeric, Z.: Cached chrome top million websites (2023). https://github.com/zakird/crux-top-lists
Google. Chrome Devtools Protocol (2024). https://chromedevtools.github.io/devtools-protocol/
Google. Chrome’s Lighthouse (2024). https://developer.chrome.com/docs/-lighthouse/overview/
Wappalyzer. Technology Profiler (2024). https://www.wappalyzer.com/
Drury, V., Meyer, U.: Certified phishing: taking a look at public key certificates of phishing websites. In: Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019), Santa Clara, CA, pp. 211–223. USENIX Association (2019)
Aas, J., et al.: Let’s encrypt: an automated certificate authority to encrypt the entire web. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, pp. 2473–2487. Association for Computing Machinery, New York (2019)
Drichel, A., Drury, V., von Brandt, J., Meyer, U.: Finding phish in a haystack: A pipeline for phishing classification on certificate transparency logs. In: Proceedings of the 16th International Conference on Availability, Reliability and Security, ARES 2021. Association for Computing Machinery, New York (2021)
Edward. Dom visualizer (2024). https://0xedward.github.io/dom-visualizer/
Mirzaei, O., Vasilenko, R., Kirda, E., Lu, L., Kharraz, A.: SCRUTINIZER: detecting code reuse in malware via decompilation and machine learning. In: Bilge, L., Cavallaro, L., Pellegrino, G., Neves, N. (eds.) DIMVA 2021. LNCS, vol. 12756, pp. 130–150. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-80825-9_7
Acknowledgments
We would like to thank the anonymous reviewers for their thoughtful feedback. This project was supported by Microsoft AI Security and CITES/IUCRC Grant No. 2113880. Opinions, findings, conclusions, or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of Microsoft Incorporation or NSF.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Tofighi, M.A., Ousat, B., Zandi, J., Schafir, E., Kharraz, A. (2024). Constructs of Deceit: Exploring Nuances in Modern Social Engineering Attacks. In: Maggi, F., Egele, M., Payer, M., Carminati, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2024. Lecture Notes in Computer Science, vol 14828. Springer, Cham. https://doi.org/10.1007/978-3-031-64171-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-64171-8_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-64170-1
Online ISBN: 978-3-031-64171-8
eBook Packages: Computer ScienceComputer Science (R0)