SlideShare a Scribd company logo

Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phishing Education Landing Page, at APWG CeCOS 2010

Download as PPTX, PDF
Jason Hong
Jason Hong

The document discusses a study analyzing data collected from a phishing education landing page run by APWG/CMU. Over 20 months, 201,084 hits were identified as likely phishing victims redirected from taken-down phishing sites. The top countries visiting the page were the US, Canada, UK, and others. Analysis found phishing campaigns lasted a median of 2-7 days. The study aims to provide monthly reports to brands and continue improving the landing page and data collection.

TechnologyNews & Politics
1 of 24
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/1 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu Statistical Analysis of Phished eMail Users, Intercepted by the APWG/CMU Phishing Education Landing Page Jason Hong, PhD Carnegie Mellon University Wombat Security Technologies May 2010
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 2 User Education is Challenging  Users are not motivated to learn about security  Security is a secondary task  Difficult to teach people to make right online trust decision without increasing false positives “User education is a complete waste of time. It is about as much use as nailing jelly to a wall…. They are not interested…they just want to do their job.” Martin Overton, IBM security specialist http://news.cnet.com/21007350_361252132.html
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 3 But Actually, Users Are Trainable  Our research demonstrates that users can learn techniques to protect themselves from phishing… if you can get them to pay attention to training P. Kumaraguru, S. Sheng, A. Acquisti, L. Cranor, and J. Hong. Teaching Johnny Not to Fall for Phish. CyLab Technical Report CMUCyLab07003, 2007.
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 4 How Do We Get People Trained?  Solution – Find “teachable moments”: PhishGuru – Make training fun: AntiPhishing Phil, AntiPhishing Phyllis – Use learning science principles
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 5 PhishGuru Embedded Training  Send emails that look like a phishing attack  If recipient falls for it, show intervention that teaches what cues to look for in succinct and engaging format  Multiple user studies have demonstrated that this is effective  Delivering same training via direct email is not effective!
Subject: Revision to Your Amazon.com Information
Subject: Revision to Your Amazon.com Information Please login and enter your information
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 9 APWG Landing Page  Taking the “teachable moment” concept one step further  Provide education (instead of 404) when users click on real phishing links and arrive at real phishing sites that have been taken down P. Kumaraguru, L. Cranor, and L. Mather. AntiPhishing Landing Page: Turning a 404 into a Teachable Moment for End Users. CEAS 2009. http://www.ceas.cc/papers2009/ceas2009paper37.pdf http://education.apwg.org/
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 10 How the Landing Page Works  Brand owner or phish site takedown provider identifies phish site  ISP or registrar is asked to redirect disabled phish site to APWG redirect page  Consumer receives phishing email and clicks  Consumer is shown APWG education message instead of 404 page – Page available in many languages – Automatic redirect to appropriate language based on browser language code to happen soon
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 11 APWG Landing Page
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 12 Landing Page Data Collection  APWG server logs all requests to landing page – Time stamp – IP address (to determine country) – Language (will redirect to page in user’s language)  We’ve asked sites to embed info in redirect URL to track how people end up on landing page – Original URL taken down – Brand code (optional)  CMU CUPS Lab and Wombat Security Technologies have been analyzing the data
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 13 Lots of noisy data!  20 months of data (Sept 2008-April 2010)  840K hits on 15,000 unique redirected URLs  But this data contains lots of noise – Brand monitors checking up on sites to make sure they stay down – Random web crawlers – People testing landing page – Incorrectly redirected sites  We used heuristics to filter out most of the noise
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 14 Filtering Out the Noise  We filtered the data set by removing: – Hits that don’t identify the original phishing site (brand) – Hits that seem to be for testing only • URLs appearing only once • IPs that hit multiple URLs per day • IPs that hit same URL for more than a month – Hits from bots (e.g., specific IPs, 'bot', 'plurk', etc) – Hits from wonderdogsoftware (server misconfiguration that linked to homepage)  Filtering not perfect – Some noise remains – Improperly redirected sites don’t get counted
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 15 Filtered Data  201,084 hits – estimate of actual would-be phishing victims visiting landing page over 20 month period  1285 unique URLs redirected – Note that this is URLs, not domains  Number of hits per URL varies a lot – URL with most hits after filtering had 17,911 hits – Monthly mean hits per URL typically 100-300 – Monthly median hits per URL 2-7
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 16
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 17 Analysis of Time  Monitoring time period of each observed URL may give us insights into length of phishing campaigns  Time observed for each URL is number of days between first observation and last observation  Limitations – Our first observation is time when site was redirected; we don’t know how long it was live before being redirected – Some URLs are observed across month boundaries – Once browsers start blocking URL we may not have hits – Some redirects are removed after a period of time
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 18
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 19 April 2010 Top 20 countries hit landing page  United States 11,159  Canada 3,819  United Kingdom 1,790  Netherlands 725  Germany 650  Spain 600  France 470  Japan 452  Australia 449  India 417  Singapore 292  Mexico 238  Egypt 212  NA 184  Russian Federation 184  Austria 174  Sweden 145  China 137  Brazil 126  Norway 101
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 20 Analysis of Brands  7 brands have requested brand codes  Only 2 have shown up in logs  April 2010 brand data – Brand 1 • Total Hits: 2715 • Total unique URLs: 52 – Brand 2 • Total Hits: 370 • Total unique URLs: 3  We supplied each brand with a report showing list of their URLs and number of hits for each
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 21 Ongoing Work  Will soon be posting monthly reports at http://education.apwg.org/  Redirecting landing page automatically to show correct language (soon)  Encouraging more brands to redirect to landing page – If you sign up for a brand code we can provide you with monthly brand reports – laura.mather@antiphishing.org  Continuing to automate log processing, report generation, report distribution
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 22 For more information  Learn how to participate in the initiative: http://education.apwg.org/  View the landing page: http://education.apwg.org/r/en/
http://wombatsecurity.com CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 24 Other countries that sometimes make top 20  Italy  Romania  Czech Republic  Finland  Ireland  India  EU  Turkey  Belgium  Switzerland  Colombia  Israel  Morocco  Saudi Arabia  Argentina  Indonesia  Thailand  Tunisia  Poland  Greece  Korea  Chile  Pakistan

Recommended

Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016bugcrowd
 
The Critical Need to Secure the Web in Your Company
The Critical Need to Secure the Web in Your CompanyThe Critical Need to Secure the Web in Your Company
The Critical Need to Secure the Web in Your CompanyOsterman Research, Inc.
 
50 Essential Content Marketing Hacks (Content Marketing World)
50 Essential Content Marketing Hacks (Content Marketing World)50 Essential Content Marketing Hacks (Content Marketing World)
50 Essential Content Marketing Hacks (Content Marketing World)Heinz Marketing Inc
 
Prototyping is an attitude
Prototyping is an attitudePrototyping is an attitude
Prototyping is an attitudeWith Company
 
20 Ideas for your Website Homepage Content
20 Ideas for your Website Homepage Content20 Ideas for your Website Homepage Content
20 Ideas for your Website Homepage ContentBarry Feldman
 
10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer Experience10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer ExperienceYuan Wang
 
Learn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionLearn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionIn a Rocket
 
SEO: Getting Personal
SEO: Getting PersonalSEO: Getting Personal
SEO: Getting PersonalKirsty Hulse
 

Recommended

Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016bugcrowd
 
The Critical Need to Secure the Web in Your Company
The Critical Need to Secure the Web in Your CompanyThe Critical Need to Secure the Web in Your Company
The Critical Need to Secure the Web in Your CompanyOsterman Research, Inc.
 
50 Essential Content Marketing Hacks (Content Marketing World)
50 Essential Content Marketing Hacks (Content Marketing World)50 Essential Content Marketing Hacks (Content Marketing World)
50 Essential Content Marketing Hacks (Content Marketing World)Heinz Marketing Inc
 
Prototyping is an attitude
Prototyping is an attitudePrototyping is an attitude
Prototyping is an attitudeWith Company
 
20 Ideas for your Website Homepage Content
20 Ideas for your Website Homepage Content20 Ideas for your Website Homepage Content
20 Ideas for your Website Homepage ContentBarry Feldman
 
10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer Experience10 Insightful Quotes On Designing A Better Customer Experience
10 Insightful Quotes On Designing A Better Customer ExperienceYuan Wang
 
Learn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionLearn BEM: CSS Naming Convention
Learn BEM: CSS Naming ConventionIn a Rocket
 
SEO: Getting Personal
SEO: Getting PersonalSEO: Getting Personal
SEO: Getting PersonalKirsty Hulse
 
Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicUlf Mattsson
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
IRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing WebsitesIRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing WebsitesIRJET Journal
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Phishing Detection using Decision Tree Model
Phishing Detection using Decision Tree ModelPhishing Detection using Decision Tree Model
Phishing Detection using Decision Tree ModelIRJET Journal
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunk
 
IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET Journal
 
Getting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClubGetting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClubResellerClub
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...lior mazor
 
Ign ( 2016 ) ( 2015 )
Ign ( 2016 ) ( 2015 )Ign ( 2016 ) ( 2015 )
Ign ( 2016 ) ( 2015 )Tina Jordan
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016Tudor Damian
 
INTRODUCTION TO INFORMATION RETRIVAL
INTRODUCTION TO INFORMATION RETRIVALINTRODUCTION TO INFORMATION RETRIVAL
INTRODUCTION TO INFORMATION RETRIVALsathish sak
 
IRJET- Search Engine Optimization (Seo)
IRJET- Search Engine Optimization (Seo)IRJET- Search Engine Optimization (Seo)
IRJET- Search Engine Optimization (Seo)IRJET Journal
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetuppbink
 
Labelling – are you serious
Labelling – are you seriousLabelling – are you serious
Labelling – are you seriousPhil Archer
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12Jim Kaplan CIA CFE
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...Product School
 
Best practices to shape and secure your 1:1 program
Best practices to shape and secure your 1:1 programBest practices to shape and secure your 1:1 program
Best practices to shape and secure your 1:1 programSecurly
 
Internet research for HRD Profession
Internet research for HRD ProfessionInternet research for HRD Profession
Internet research for HRD ProfessionLaurence Yap M.A. (UM) CHRM
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

More Related Content

Similar to Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phishing Education Landing Page, at APWG CeCOS 2010

Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicUlf Mattsson
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
IRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing WebsitesIRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing WebsitesIRJET Journal
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Phishing Detection using Decision Tree Model
Phishing Detection using Decision Tree ModelPhishing Detection using Decision Tree Model
Phishing Detection using Decision Tree ModelIRJET Journal
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunk
 
IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET Journal
 
Getting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClubGetting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClubResellerClub
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...lior mazor
 
Ign ( 2016 ) ( 2015 )
Ign ( 2016 ) ( 2015 )Ign ( 2016 ) ( 2015 )
Ign ( 2016 ) ( 2015 )Tina Jordan
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016Tudor Damian
 
INTRODUCTION TO INFORMATION RETRIVAL
INTRODUCTION TO INFORMATION RETRIVALINTRODUCTION TO INFORMATION RETRIVAL
INTRODUCTION TO INFORMATION RETRIVALsathish sak
 
IRJET- Search Engine Optimization (Seo)
IRJET- Search Engine Optimization (Seo)IRJET- Search Engine Optimization (Seo)
IRJET- Search Engine Optimization (Seo)IRJET Journal
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetuppbink
 
Labelling – are you serious
Labelling – are you seriousLabelling – are you serious
Labelling – are you seriousPhil Archer
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...Product School
 
Best practices to shape and secure your 1:1 program
Best practices to shape and secure your 1:1 programBest practices to shape and secure your 1:1 program
Best practices to shape and secure your 1:1 programSecurly
 

Similar to Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phishing Education Landing Page, at APWG CeCOS 2010 (20)

Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus Pandemic
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 
IRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing WebsitesIRJET - Chrome Extension for Detecting Phishing Websites
IRJET - Chrome Extension for Detecting Phishing Websites
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
 
Phishing Detection using Decision Tree Model
Phishing Detection using Decision Tree ModelPhishing Detection using Decision Tree Model
Phishing Detection using Decision Tree Model
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics Methods
 
IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection System
 
Getting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClubGetting Started with Sitelock on ResellerClub
Getting Started with Sitelock on ResellerClub
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
 
Ign ( 2016 ) ( 2015 )
Ign ( 2016 ) ( 2015 )Ign ( 2016 ) ( 2015 )
Ign ( 2016 ) ( 2015 )
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
 
INTRODUCTION TO INFORMATION RETRIVAL
INTRODUCTION TO INFORMATION RETRIVALINTRODUCTION TO INFORMATION RETRIVAL
INTRODUCTION TO INFORMATION RETRIVAL
 
IRJET- Search Engine Optimization (Seo)
IRJET- Search Engine Optimization (Seo)IRJET- Search Engine Optimization (Seo)
IRJET- Search Engine Optimization (Seo)
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
Labelling – are you serious
Labelling – are you seriousLabelling – are you serious
Labelling – are you serious
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
 
Best practices to shape and secure your 1:1 program
Best practices to shape and secure your 1:1 programBest practices to shape and secure your 1:1 program
Best practices to shape and secure your 1:1 program
 
Internet research for HRD Profession
Internet research for HRD ProfessionInternet research for HRD Profession
Internet research for HRD Profession
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 

Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phishing Education Landing Page, at APWG CeCOS 2010

  • 1. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/1 CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu Statistical Analysis of Phished eMail Users, Intercepted by the APWG/CMU Phishing Education Landing Page Jason Hong, PhD Carnegie Mellon University Wombat Security Technologies May 2010
  • 2. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 2 User Education is Challenging  Users are not motivated to learn about security  Security is a secondary task  Difficult to teach people to make right online trust decision without increasing false positives “User education is a complete waste of time. It is about as much use as nailing jelly to a wall…. They are not interested…they just want to do their job.” Martin Overton, IBM security specialist http://news.cnet.com/21007350_361252132.html
  • 3. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 3 But Actually, Users Are Trainable  Our research demonstrates that users can learn techniques to protect themselves from phishing… if you can get them to pay attention to training P. Kumaraguru, S. Sheng, A. Acquisti, L. Cranor, and J. Hong. Teaching Johnny Not to Fall for Phish. CyLab Technical Report CMUCyLab07003, 2007.
  • 4. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 4 How Do We Get People Trained?  Solution – Find “teachable moments”: PhishGuru – Make training fun: AntiPhishing Phil, AntiPhishing Phyllis – Use learning science principles
  • 5. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 5 PhishGuru Embedded Training  Send emails that look like a phishing attack  If recipient falls for it, show intervention that teaches what cues to look for in succinct and engaging format  Multiple user studies have demonstrated that this is effective  Delivering same training via direct email is not effective!
  • 6. Subject: Revision to Your Amazon.com Information
  • 7. Subject: Revision to Your Amazon.com Information Please login and enter your information
  • 8.
  • 9. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 9 APWG Landing Page  Taking the “teachable moment” concept one step further  Provide education (instead of 404) when users click on real phishing links and arrive at real phishing sites that have been taken down P. Kumaraguru, L. Cranor, and L. Mather. AntiPhishing Landing Page: Turning a 404 into a Teachable Moment for End Users. CEAS 2009. http://www.ceas.cc/papers2009/ceas2009paper37.pdf http://education.apwg.org/
  • 10. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 10 How the Landing Page Works  Brand owner or phish site takedown provider identifies phish site  ISP or registrar is asked to redirect disabled phish site to APWG redirect page  Consumer receives phishing email and clicks  Consumer is shown APWG education message instead of 404 page – Page available in many languages – Automatic redirect to appropriate language based on browser language code to happen soon
  • 11. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 11 APWG Landing Page
  • 12. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 12 Landing Page Data Collection  APWG server logs all requests to landing page – Time stamp – IP address (to determine country) – Language (will redirect to page in user’s language)  We’ve asked sites to embed info in redirect URL to track how people end up on landing page – Original URL taken down – Brand code (optional)  CMU CUPS Lab and Wombat Security Technologies have been analyzing the data
  • 13. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 13 Lots of noisy data!  20 months of data (Sept 2008-April 2010)  840K hits on 15,000 unique redirected URLs  But this data contains lots of noise – Brand monitors checking up on sites to make sure they stay down – Random web crawlers – People testing landing page – Incorrectly redirected sites  We used heuristics to filter out most of the noise
  • 14. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 14 Filtering Out the Noise  We filtered the data set by removing: – Hits that don’t identify the original phishing site (brand) – Hits that seem to be for testing only • URLs appearing only once • IPs that hit multiple URLs per day • IPs that hit same URL for more than a month – Hits from bots (e.g., specific IPs, 'bot', 'plurk', etc) – Hits from wonderdogsoftware (server misconfiguration that linked to homepage)  Filtering not perfect – Some noise remains – Improperly redirected sites don’t get counted
  • 15. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 15 Filtered Data  201,084 hits – estimate of actual would-be phishing victims visiting landing page over 20 month period  1285 unique URLs redirected – Note that this is URLs, not domains  Number of hits per URL varies a lot – URL with most hits after filtering had 17,911 hits – Monthly mean hits per URL typically 100-300 – Monthly median hits per URL 2-7
  • 16. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 16
  • 17. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 17 Analysis of Time  Monitoring time period of each observed URL may give us insights into length of phishing campaigns  Time observed for each URL is number of days between first observation and last observation  Limitations – Our first observation is time when site was redirected; we don’t know how long it was live before being redirected – Some URLs are observed across month boundaries – Once browsers start blocking URL we may not have hits – Some redirects are removed after a period of time
  • 18. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 18
  • 19. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 19 April 2010 Top 20 countries hit landing page  United States 11,159  Canada 3,819  United Kingdom 1,790  Netherlands 725  Germany 650  Spain 600  France 470  Japan 452  Australia 449  India 417  Singapore 292  Mexico 238  Egypt 212  NA 184  Russian Federation 184  Austria 174  Sweden 145  China 137  Brazil 126  Norway 101
  • 20. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 20 Analysis of Brands  7 brands have requested brand codes  Only 2 have shown up in logs  April 2010 brand data – Brand 1 • Total Hits: 2715 • Total unique URLs: 52 – Brand 2 • Total Hits: 370 • Total unique URLs: 3  We supplied each brand with a report showing list of their URLs and number of hits for each
  • 21. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 21 Ongoing Work  Will soon be posting monthly reports at http://education.apwg.org/  Redirecting landing page automatically to show correct language (soon)  Encouraging more brands to redirect to landing page – If you sign up for a brand code we can provide you with monthly brand reports – laura.mather@antiphishing.org  Continuing to automate log processing, report generation, report distribution
  • 22. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 22 For more information  Learn how to participate in the initiative: http://education.apwg.org/  View the landing page: http://education.apwg.org/r/en/
  • 23. http://wombatsecurity.com CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/
  • 24. CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu 24 Other countries that sometimes make top 20  Italy  Romania  Czech Republic  Finland  Ireland  India  EU  Turkey  Belgium  Switzerland  Colombia  Israel  Morocco  Saudi Arabia  Argentina  Indonesia  Thailand  Tunisia  Poland  Greece  Korea  Chile  Pakistan