Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:


More Internet users may be taking phishing bait than thought

A higher-than-expected percentage of Internet users are likely to fall victim to scam artists masquerading as trusted service providers, report researchers at the Indiana University School of Informatics.

"Designing Ethical Phishing Experiments: A study of (ROT13) rOnl query features," published online, simulated phishing tactics used to elicit online information from eBay customers. The online auction giant was selected because of its popularity among millions of users-and because it is one of the most popular targets of phishing scams.

The study, one of the first of its kind, reveals that phishers may be netting responses from as much as 14 percent of the targeted populations per attack, as opposed to 3 percent per year.

Phishers send e-mail to Internet users, spoofing legitimate and well-known enterprises such as eBay, financial institutions and even government agencies in an attempt to dupe people into surrendering private information. Users are asked to click on a link where they are taken to a site appearing to be legitimate. Once there, they are asked to correct or update personal information such as bank, credit card and Social Security accounts numbers.

Surveys by the Gartner Group report that about 3 percent of adult Americans are successfully targeted by phishing attacks each year, an amount that might be conservative given that many are reluctant to report they have been victimized, or may even be unaware of it. Other surveys may result in overestimates of the risks because of misunderstanding of what constitutes identity theft.

In contrast, experiments such as the one conducted by IU researchers Markus Jakobsson and Jacob Ratkiewicz have the advantage of reporting actual numbers.

"Our goal was to determine the success rates of different types of phishing attacks, not only the types used today, but those that don't yet occur in the wild, too," said Jakobsson, associate professor of Informatics. Jakobsson also is an associate director of the IU Center for Applied Cybersecurity Research, which studies and develops countermeasures to Internet fraud.

Ratkiewicz and Jakobsson devised simulated attacks where users received an e-mail appearing to be legitimate and providing a link to eBay. If recipients clicked on the link they were in fact sent to the eBay site, but the researchers received a message letting them know the recipient had logged in. The researchers specifically designed the study so that all they received was notification that a login occurred, not the login information (such as the recipient's eBay password) itself-unlike a real phishing attack, which is designed to harvest passwords and other personal information.

The study was approved in advance by the IU Bloomington Human Subjects Committee, which is responsible for reviewing and approving research activities involving human subjects and data collection. The experiment was unusual in that it did not involve debriefing of subjects, given that this step was judged to be the one and only aspect of the experiment that could potentially pose harm to subjects, who might be embarrassed over having been phished or wrongly conclude that sensitive information had been harvested by the researchers.

"We wanted to proceed ethically and yet obtain accurate results," said Ratkiewicz, a computer science doctoral student.

One experiment they devised was to launch a "spear phishing" attack in which a phisher sends a personalized message to a user who might actually welcome or expect the message. In this approach, the phisher gleans personal information readily available over the Internet and incorporates it in the attack, potentially making the attack more believable.

The researchers used three types of approach statements: "Hi can you ship packages with insurance for an extra fee? Thanks" … "HI CAN YOU DO OVERNIGHT SHIPPING? THANKS!" … and "Hi, how soon after payment do you ship? Thanks!" In a large portion of the messages, the user's eBay username was included in the message to make it appear more similar to those eBay itself would send.

"We think spear phishing attacks will become more prevalent as phishers are more able to harvest publicly available information to personalize each attack," Ratkiewicz said. "And there's good reason to believe that this kind of attack will be more dangerous than what we're seeing today."

Joe Stuteville | EurekAlert!
Further information:

More articles from Information Technology:

nachricht Green Light for Galaxy Europe
15.03.2018 | Albert-Ludwigs-Universität Freiburg im Breisgau

nachricht Tokyo Tech's six-legged robots get closer to nature
12.03.2018 | Tokyo Institute of Technology

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Locomotion control with photopigments

Researchers from Göttingen University discover additional function of opsins

Animal photoreceptors capture light with photopigments. Researchers from the University of Göttingen have now discovered that these photopigments fulfill an...

Im Focus: Surveying the Arctic: Tracking down carbon particles

Researchers embark on aerial campaign over Northeast Greenland

On 15 March, the AWI research aeroplane Polar 5 will depart for Greenland. Concentrating on the furthest northeast region of the island, an international team...

Im Focus: Unique Insights into the Antarctic Ice Shelf System

Data collected on ocean-ice interactions in the little-researched regions of the far south

The world’s second-largest ice shelf was the destination for a Polarstern expedition that ended in Punta Arenas, Chile on 14th March 2018. Oceanographers from...

Im Focus: ILA 2018: Laser alternative to hexavalent chromium coating

At the 2018 ILA Berlin Air Show from April 25–29, the Fraunhofer Institute for Laser Technology ILT is showcasing extreme high-speed Laser Material Deposition (EHLA): A video documents how for metal components that are highly loaded, EHLA has already proved itself as an alternative to hard chrome plating, which is now allowed only under special conditions.

When the EU restricted the use of hexavalent chromium compounds to special applications requiring authorization, the move prompted a rethink in the surface...

Im Focus: Radar for navigation support from autonomous flying drones

At the ILA Berlin, hall 4, booth 202, Fraunhofer FHR will present two radar sensors for navigation support of drones. The sensors are valuable components in the implementation of autonomous flying drones: they function as obstacle detectors to prevent collisions. Radar sensors also operate reliably in restricted visibility, e.g. in foggy or dusty conditions. Due to their ability to measure distances with high precision, the radar sensors can also be used as altimeters when other sources of information such as barometers or GPS are not available or cannot operate optimally.

Drones play an increasingly important role in the area of logistics and services. Well-known logistic companies place great hope in these compact, aerial...

All Focus news of the innovation-report >>>



Industry & Economy
Event News

Ultrafast Wireless and Chip Design at the DATE Conference in Dresden

16.03.2018 | Event News

International Tinnitus Conference of the Tinnitus Research Initiative in Regensburg

13.03.2018 | Event News

International Virtual Reality Conference “IEEE VR 2018” comes to Reutlingen, Germany

08.03.2018 | Event News

Latest News

Wandering greenhouse gas

16.03.2018 | Earth Sciences

'Frequency combs' ID chemicals within the mid-infrared spectral region

16.03.2018 | Physics and Astronomy

Biologists unravel another mystery of what makes DNA go 'loopy'

16.03.2018 | Life Sciences

Science & Research
Overview of more VideoLinks >>>