This document summarizes a student project analyzing phishing attacks on the Facebook social media platform. The study involved:
1) Creating a fake Facebook login page to simulate a phishing scam and collect data on users who entered their credentials.
2) Approximately 1 in 3 Facebook users fell for the simulated scam, indicating users of social media are more vulnerable to phishing.
3) Tests showed Facebook does not effectively deal with phishing attacks. Additional authentication for accessing accounts from new devices was proposed to help address this issue.
Phishing detection in ims using domain ontology and cba an innovative rule ...ijistjournal
User ignorance towards the use of communication services like Instant Messengers, emails, websites, social networks etc. is becoming the biggest advantage for phishers. It is required to create technical awareness in users by educating them to create a phishing detection application which would generate phishing alerts for the user so that phishing messages are not ignored. The lack of basic security features to detect and prevent phishing has had a profound effect on the IM clients, as they lose their faith in e-banking and e-commerce transactions, which will have a disastrous impact on the corporate and banking sectors and businesses which rely heavily on the internet.Very little research contributions were available in for phishing detection in Instant messengers. A context
based, dynamic and intelligent phishing detection
methodology in IMs is proposed, to analyze and detect phishing in Instant Messages with relevance to domain ontology (OBIE) and utilizes the Classification based on Association (CBA) for generating phishing rules and alerting the victims. A PDS Monitoring system algorithm is used to identify the phishing activity during exchange of messages in IMs, with high ratio of precision and recall. The results have shown improvement by the increased percentage of precision and recall when compared to the existing methods.
Social Engineering CSO Survival Guide, designing leading edge 21st Century Business Models go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering Solutions.
Targeted social engineering attacks in the form of spear phishing emails, are often the main gimmick used by attackers to infiltrate organizational networks and implant state- of-the-art Advanced Persistent Threats (APTs). Spear phishing is a complex targeted attack in which, an attacker harvests information about the victim prior to the attack. This infor- mation is then used to create sophisticated, genuine-looking attack vectors, drawing the victim to compromise confidential information. What makes spear phishing different, and more powerful than normal phishing, is this contextual information about the victim. Online social media services can be one such source for gathering vital information about an individual. In this paper, we characterize and examine a true positive dataset of spear phishing, spam, and normal phishing emails from Symantec’s enterprise email scanning service. We then present a model to detect spear phishing emails sent to employees of 14 international organizations, by using social features extracted from LinkedIn. Our dataset consists of 4,742 targeted attack emails sent to 2,434 victims, and 9,353 non targeted attack emails sent to 5,912 non victims; and publicly available information from their LinkedIn profiles. We applied various machine learning algorithms to this labeled data, and achieved an overall maximum accuracy of 97.76% in identifying spear phishing emails. We used a combination of social features from LinkedIn profiles, and stylometric features extracted from email subjects, bodies, and attachments. However, we achieved a slightly better accuracy of 98.28% without the social features. Our analysis revealed that social features extracted from LinkedIn do not help in identifying spear phishing emails. To the best of our knowledge, this is one of the first attempts to make use of a combination of stylometric features extracted from emails, and social features extracted from an online social network to detect targeted spear phishing emails.
Phishing detection in ims using domain ontology and cba an innovative rule ...ijistjournal
User ignorance towards the use of communication services like Instant Messengers, emails, websites, social networks etc. is becoming the biggest advantage for phishers. It is required to create technical awareness in users by educating them to create a phishing detection application which would generate phishing alerts for the user so that phishing messages are not ignored. The lack of basic security features to detect and prevent phishing has had a profound effect on the IM clients, as they lose their faith in e-banking and e-commerce transactions, which will have a disastrous impact on the corporate and banking sectors and businesses which rely heavily on the internet.Very little research contributions were available in for phishing detection in Instant messengers. A context
based, dynamic and intelligent phishing detection
methodology in IMs is proposed, to analyze and detect phishing in Instant Messages with relevance to domain ontology (OBIE) and utilizes the Classification based on Association (CBA) for generating phishing rules and alerting the victims. A PDS Monitoring system algorithm is used to identify the phishing activity during exchange of messages in IMs, with high ratio of precision and recall. The results have shown improvement by the increased percentage of precision and recall when compared to the existing methods.
Social Engineering CSO Survival Guide, designing leading edge 21st Century Business Models go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering Solutions.
Targeted social engineering attacks in the form of spear phishing emails, are often the main gimmick used by attackers to infiltrate organizational networks and implant state- of-the-art Advanced Persistent Threats (APTs). Spear phishing is a complex targeted attack in which, an attacker harvests information about the victim prior to the attack. This infor- mation is then used to create sophisticated, genuine-looking attack vectors, drawing the victim to compromise confidential information. What makes spear phishing different, and more powerful than normal phishing, is this contextual information about the victim. Online social media services can be one such source for gathering vital information about an individual. In this paper, we characterize and examine a true positive dataset of spear phishing, spam, and normal phishing emails from Symantec’s enterprise email scanning service. We then present a model to detect spear phishing emails sent to employees of 14 international organizations, by using social features extracted from LinkedIn. Our dataset consists of 4,742 targeted attack emails sent to 2,434 victims, and 9,353 non targeted attack emails sent to 5,912 non victims; and publicly available information from their LinkedIn profiles. We applied various machine learning algorithms to this labeled data, and achieved an overall maximum accuracy of 97.76% in identifying spear phishing emails. We used a combination of social features from LinkedIn profiles, and stylometric features extracted from email subjects, bodies, and attachments. However, we achieved a slightly better accuracy of 98.28% without the social features. Our analysis revealed that social features extracted from LinkedIn do not help in identifying spear phishing emails. To the best of our knowledge, this is one of the first attempts to make use of a combination of stylometric features extracted from emails, and social features extracted from an online social network to detect targeted spear phishing emails.
There are many malicious programs disbursing on Face book every single day. Within the recent occasions, online hackers have thought about recognition within the third-party application platform additionally to deployment of malicious programs. Programs that present appropriate method of online hackers to spread malicious content on Face book however, little is known concerning highlights of malicious programs and just how they function. Our goal ought to be to create a comprehensive application evaluator of face book the very first tool that will depend on recognition of malicious programs on Face book. To develop rigorous application evaluator of face book we utilize information that's collected by way of observation of posting conduct of Face book apps that are seen across numerous face book clients. This can be frequently possibly initial comprehensive study which has dedicated to malicious Face book programs that concentrate on quantifying additionally to knowledge of malicious programs making these particulars in to a effective recognition method. For structuring of rigorous application evaluator of face book, we utilize data within the security application within Facebook that examines profiles of Facebook clients.
This presentation provides an inside view of how the Social media presence could harm any individual if no proper vigilance is kept while being active on various social platforms.
How to Make People Click on a Dangerous Link Despite their Security Awareness mark-smith
It is possible to make virtually any person click on a link, as any person will be curious about something, or interested in some topic, or find the message plausible because they know the sender, or because it fits their expectations (context).
Symantec Report On Rogue Security SoftwareSymantec
The Symantec Report on Rogue Security Software is an in-depth analysis of rogue security software programs. In total, Symantec has detected more than 250 distinct rogue security software programs. During the period of this report, from July 1, 2008, to June 30, 2009, Symantec received reports of 43 million rogue security software installation attempts from those 250 distinct samples. The continued prevalence of these programs emphasizes the ongoing threat they pose to potential victims despite efforts to shut them down and raise public awareness.
Who were the top 5 riskiest celebrities in 2009? Did spammers really know who killed Michael Jackson? Take a look back at who and what made the top of cybercriminals’ list in 2009 and what’s on their radar in 2010.
An Approach to Detect and Avoid Social Engineering and Phasing Attack in Soci...IJASRD Journal
Digital physical frameworks are the key advancement driver for some spaces, for example, car, flight, mechanical procedure control, and industrial facility mechanization. Be that as it may, their interconnection possibly gives enemies simple access to delicate information, code, and setups. In the event that aggressors gain control, material harm or even damage to individuals must be normal. To neutralize information burglary, framework control and digital assaults, security instruments must be implanted in the digital physical framework. The social building assault layouts are changed over to social designing assault situations by populating the format with the two subjects and articles from genuine precedents while as yet keeping up the point by point stream of the assault as gave in the format. Social Engineering by E-Mail is by a wide margin the most intensely utilized vector of assault, trailed by assaults beginning from sites. The aggressor in this way misuses the set up trust by requesting that consent utilize the organization's remote system office to send an email. A social designer can likewise join mechanical intends to accomplish the assault goals. The heuristic-based discovery method examines and separates phishing site includes and recognizes phishing locales utilizing that data .Based on the robotized examination of the record in the informal organization, you can construct suppositions about the power of correspondence between clients. In view of this data, it is conceivable to compute the likelihood of achievement of a multistep social building assault from the client to the client in digital physical/digital social framework. Furthermore, the proposed social designing assault layouts can likewise be utilized to create social building mindfulness material.
PHISHING DETECTION IN IMS USING DOMAIN ONTOLOGY AND CBA – AN INNOVATIVE RULE ...ijistjournal
User ignorance towards the use of communication services like Instant Messengers, emails, websites, social networks etc. is becoming the biggest advantage for phishers. It is required to create technical awareness in users by educating them to create a phishing detection application which would generate phishing alerts for the user so that phishing messages are not ignored. The lack of basic security features to detect and prevent phishing has had a profound effect on the IM clients, as they lose their faith in e-banking and e-commerce transactions, which will have a disastrous impact on the corporate and banking sectors and businesses which rely heavily on the internet. Very little research contributions were available in for phishing detection in Instant messengers. A context based, dynamic and intelligent phishing detection methodology in IMs is proposed, to analyze and detect phishing in Instant Messages with relevance to domain ontology (OBIE) and utilizes the Classification based on Association (CBA) for generating phishing rules and alerting the victims. A PDS Monitoring system algorithm is used to identify the phishing activity during exchange of messages in IMs, with high ratio of precision and recall. The results have shown improvement by the increased percentage of precision and recall when compared to the existing methods.
There are many malicious programs disbursing on Face book every single day. Within the recent occasions, online hackers have thought about recognition within the third-party application platform additionally to deployment of malicious programs. Programs that present appropriate method of online hackers to spread malicious content on Face book however, little is known concerning highlights of malicious programs and just how they function. Our goal ought to be to create a comprehensive application evaluator of face book the very first tool that will depend on recognition of malicious programs on Face book. To develop rigorous application evaluator of face book we utilize information that's collected by way of observation of posting conduct of Face book apps that are seen across numerous face book clients. This can be frequently possibly initial comprehensive study which has dedicated to malicious Face book programs that concentrate on quantifying additionally to knowledge of malicious programs making these particulars in to a effective recognition method. For structuring of rigorous application evaluator of face book, we utilize data within the security application within Facebook that examines profiles of Facebook clients.
This presentation provides an inside view of how the Social media presence could harm any individual if no proper vigilance is kept while being active on various social platforms.
How to Make People Click on a Dangerous Link Despite their Security Awareness mark-smith
It is possible to make virtually any person click on a link, as any person will be curious about something, or interested in some topic, or find the message plausible because they know the sender, or because it fits their expectations (context).
Symantec Report On Rogue Security SoftwareSymantec
The Symantec Report on Rogue Security Software is an in-depth analysis of rogue security software programs. In total, Symantec has detected more than 250 distinct rogue security software programs. During the period of this report, from July 1, 2008, to June 30, 2009, Symantec received reports of 43 million rogue security software installation attempts from those 250 distinct samples. The continued prevalence of these programs emphasizes the ongoing threat they pose to potential victims despite efforts to shut them down and raise public awareness.
Who were the top 5 riskiest celebrities in 2009? Did spammers really know who killed Michael Jackson? Take a look back at who and what made the top of cybercriminals’ list in 2009 and what’s on their radar in 2010.
An Approach to Detect and Avoid Social Engineering and Phasing Attack in Soci...IJASRD Journal
Digital physical frameworks are the key advancement driver for some spaces, for example, car, flight, mechanical procedure control, and industrial facility mechanization. Be that as it may, their interconnection possibly gives enemies simple access to delicate information, code, and setups. In the event that aggressors gain control, material harm or even damage to individuals must be normal. To neutralize information burglary, framework control and digital assaults, security instruments must be implanted in the digital physical framework. The social building assault layouts are changed over to social designing assault situations by populating the format with the two subjects and articles from genuine precedents while as yet keeping up the point by point stream of the assault as gave in the format. Social Engineering by E-Mail is by a wide margin the most intensely utilized vector of assault, trailed by assaults beginning from sites. The aggressor in this way misuses the set up trust by requesting that consent utilize the organization's remote system office to send an email. A social designer can likewise join mechanical intends to accomplish the assault goals. The heuristic-based discovery method examines and separates phishing site includes and recognizes phishing locales utilizing that data .Based on the robotized examination of the record in the informal organization, you can construct suppositions about the power of correspondence between clients. In view of this data, it is conceivable to compute the likelihood of achievement of a multistep social building assault from the client to the client in digital physical/digital social framework. Furthermore, the proposed social designing assault layouts can likewise be utilized to create social building mindfulness material.
PHISHING DETECTION IN IMS USING DOMAIN ONTOLOGY AND CBA – AN INNOVATIVE RULE ...ijistjournal
User ignorance towards the use of communication services like Instant Messengers, emails, websites, social networks etc. is becoming the biggest advantage for phishers. It is required to create technical awareness in users by educating them to create a phishing detection application which would generate phishing alerts for the user so that phishing messages are not ignored. The lack of basic security features to detect and prevent phishing has had a profound effect on the IM clients, as they lose their faith in e-banking and e-commerce transactions, which will have a disastrous impact on the corporate and banking sectors and businesses which rely heavily on the internet. Very little research contributions were available in for phishing detection in Instant messengers. A context based, dynamic and intelligent phishing detection methodology in IMs is proposed, to analyze and detect phishing in Instant Messages with relevance to domain ontology (OBIE) and utilizes the Classification based on Association (CBA) for generating phishing rules and alerting the victims. A PDS Monitoring system algorithm is used to identify the phishing activity during exchange of messages in IMs, with high ratio of precision and recall. The results have shown improvement by the increased percentage of precision and recall when compared to the existing methods.
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docxjoyjonna282
A4.1
Proceedings of Student-Faculty Research Day, CSIS, Pace University, May 8th, 2009
Forensics Tools for Social Network Security
Solution
s
Janet Cheng, Jennifer Hoffman, Therese LaMarche, Ahmet Tavil, Amit Yavad, and Steve Kim
Seidenberg School of CSIS, Pace University, White Plains, NY 10606, USA
Abstract
The usage of Social Network Sites has increased
rapidly in recent years. Since the success of a Social
Network Site depends on the number of users it
attracts, there is pressure on providers of Social
Network sites to design systems that encourage
behavior which increases both the number of users
and their connections. However, like any fast-
growing technology, security has not been a high
priority in the development of Social Network Sites.
As a result, along with the benefits of Social Network
Sites, significant security risks have resulted.
Providing Social Network Site users with tools which
will help protect them is ideal. Tools are developed
for installation on a user’s computer to provide them
the ability to retrieve other online user information
via chat and social network websites. These tools will
also benefit law enforcement agents when crimes are
committed.
1. Introduction
This paper analyzes and extends the forensic tools
developed in an earlier study for protecting Social
Network Site users from security threats [14]. First,
we will identify the security issues found in Social
Network Sites. Second, we will demonstrate how our
tools can provide users with more information which
we hope will help prevent them from becoming
victims. Finally, if a crime has been committed, we
will detail the tools available to assist in
apprehending the perpetrator.
The tools we developed retrieve Social Network Site
user’s non-personal-identifiable information, such as
IP address, operating system, browser type, etc.
Retrieval of this information occurs upon the virtual
contact from that other person, be it by them simply
browsing our personal page, or by other person
contacting via Virtual Meeting, for example chatting.
This paper covers methodologies used, test results,
and future goals.
The Social Network Site security issues are: [4]
Corporate Espionage; Cross Site Scripting, Viruses &
Worms; Social Network Site Aggregators; Spear
Phishing & Social Network specific Phishing;
Infiltration of Networks Leading to data leakage; I.D.
Theft; Bullying; Digital Dossier Aggregation
Vulnerabilities; Secondary Data Collection
Vulnerabilities; Face Recognition Vulnerabilities;
CBIR (Content-based Image Retrieval); Difficulty of
Complete Account Deletion; Spam; and Stalking.
2. Case Studies
There are many criminal activities arising from the
use of social network sites. For example, a mother
was convicted of computer fraud for her involvement
in creating a phony account on MySpace to trick a
teenager, who later committed suicide [15]. The
tools found in thi ...
Prevention of Phishing Attacks Based on Discriminative Key Point Features of ...CSCJournals
Phishing is the combination of social engineering and technical exploits designed to convince a victim to provide personal information, usually for the monetary gain of the attacker (Phisher). Attempts to stop phishing by preventing a user from interacting with a malicious web site have shown to be ineffective. In this paper, present an effective image-based anti-phishing scheme based on discriminative key point features in WebPages. We use an invariant content descriptor, the Contrast Context Histogram (CCH), to compute the similarity degree between suspicious pages and authentic pages. To determine whether two images are similar, a common approach involves extracting a vector of salient features from each image, and computing the distance between the vectors, which is taken as the degree of visual difference between the two images. The results show that the proposed scheme achieves high accuracy and low error rates.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Social media websites are becoming more prevalent on the Internet. Sites, such as Twitter, Facebook, and Instagram, spend significantly more of their time on users online. People in social media share thoughts, views, and facts and create new acquaintances. Social media sites supply users with a great deal of useful information. This enormous quantity of social media information invites hackers to abuse data. These hackers establish fraudulent profiles for actual people and distribute useless material. The material on spam might include commercials and harmful URLs that disrupt natural users. This spam content is a massive problem in social networks. Spam identification is a vital procedure on social media networking platforms. In this paper, we have proposed a spam detection artificial intelligence technique for Twitter social networks. In this approach, we employed a vector support machine, a neural artificial network, and a random forest technique to build a model. The results indicate that, compared with RF and ANN algorithms, the suggested support vector machine algorithm has the greatest precision, recall, and Fmeasure. The findings of this paper would be useful in monitoring and tracking social media shared photos for the identification of inappropriate content and forged images and to safeguard social media from digital threats and attacks.
Social media privacy threats that you need to keep an eye on in 2021Impulse Digital
Social media users' interests about information protection have seen a sharp ascent throughout the most recent couple of years. Cybercriminals have developed the ability to deceive social based media users into sharing touchy individual data and information.
Exploring machine learning techniques for fake profile detection in online so...IJECEIAES
The online social network is the largest network, more than 4 billion users use social media and with its rapid growth, the risk of maintaining the integrity of data has tremendously increased. There are several kinds of security challenges in online social networks (OSNs). Many abominable behaviors try to hack social sites and misuse the data available on these sites. Therefore, protection against such behaviors has become an essential requirement. Though there are many types of security threats in online social networks but, one of the significant threats is the fake profile. Fake profiles are created intentionally with certain motives, and such profiles may be targeted to steal or acquire sensitive information and/or spread rumors on online social networks with specific motives. Fake profiles are primarily used to steal or extract information by means of friendly interaction online and/or misusing online data available on social sites. Thus, fake profile detection in social media networks is attracting the attention of researchers. This paper aims to discuss various machine learning (ML) methods used by researchers for fake profile detection to explore the further possibility of improvising the machine learning models for speedy results.
CERT STRATEGY TO DEAL WITH PHISHING ATTACKScsandit
Every day, internet thieves employ new ways to obtain personal identity people and get access
to their personal information. Phishing is a somehow complex method that has recently been
considered by internet thieves. First, the present study aims to explain phishing, and why an
organization should deal with it and its challenges of providing. In addition, different kinds of
this attack and classification of security approaches for organizational and lay users are
addressed in this article. Finally, the CERT strategy – which relies on three principles of
informing, supporting and helping- is presented to deal with phishing and studying some antiphishing.
This slide gives a brief description of social engineering, its classcification, attack environment and various impersonation scenario which will give the audinece a sound knowledge on social engineering technique.
Credential Harvesting Using Man in the Middle Attack via Social Engineeringijtsrd
With growing internet users threat landscape is also increasing widely. Even following standard security policies and using multiple security layers will not keep users safe unless they are well aware of the emerging cyber threats and the risks involved. Humans are the weakest link in the security system as they possess emotions that can be exploited with minimum reconnaissance. social engineering is a type of cyber attack where it exploits human behavior or emotions to collect sensitive information such as username, password, personal details, etc. This paper proposes a system that helps end users to understand that even using security mechanisms such as two factor authentication can be useless when the user is not aware of basic security elements and make internet users aware of cyber threats and the risk involved. Sudhakar P | Dr. Uma Rani Chellapandy "Credential Harvesting Using Man in the Middle Attack via Social Engineering" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-3 , April 2022, URL: https://www.ijtsrd.com/papers/ijtsrd49629.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/49629/credential-harvesting-using-man-in-the-middle-attack-via-social-engineering/sudhakar-p
1. EECE 412 Term Project Report 1
Abstract— Phishing is one of the most common Internet
scams on the Internet today and with the introduction of
interactive social websites, it has the potential to become
more effective. Thus, the project analyzes phishing on the
Facebook social website. In order to accomplish this, we set up
a fake Facebook login page and simulated a simple phishing
scam to gain insight on social systems and the techniques they
implement to deal with phishing. From the analysis done, it
was found that approximately 1 in 3 Facebook user’s fell for
the simulated scam. The results show that users interacting on
a social networking website are more likely to fall for phishing
scam due to its social nature. Furthermore, tests have shown
that the Facebook social system does not provide effective
means in dealing with phishing attacks. Out of the many
solutions suggested, a possible resolution to combat phishing
on Facebook could be to implement a restriction on the
number of devices the user can use to access their accounts
without additional authentication.
I. INTRODUCTION
With over $1.2 billion dollars in direct loss in 2003, internet
phishing has become one of the most common and powerful
attacks present on the web [1]. Phishing is a form of social
engineering in which the adversary attempts to steal personal
information such as usernames, passwords and credit card
information by emulating a legitimate source. Emails have
been the center of attention for phishing attacks. Users would
receive mail that visually imitates a trusted service or
company, using convincing rationalizations to steal personal
information. Many solutions have been proposed and
implemented for these types of phishing attacks in which
awareness and education have played a crucial role [2].
However, the introduction of the Web 2.0 has provided new
techniques in which scammers can successfully increase the
effectiveness of phishing attacks [3]. By its very nature, this
new web phenomenon encourages interactive information
sharing and user oriented web designs which make social
engineering a more influential process. In the heart of this new
trend is the emergence of social websites such as Facebook,
MySpace, hi5 and YouTube. Facebook for instance has over 30
billion objects such as web links and blog posts that are shared
every month [4].
Along with real social interactions, interactive interfaces, such
as the one provided by Facebook, can prove to be very
vulnerable to social engineering attacks. Thus, we attempt to
analyze to what extent this is true in two major steps. We
study how Facebook’s user interface encourages, or more
accurately, lacks a system that can effectively reduce the
amount of phishing on the growing trend of social websites.
Furthermore, we look at how users, usually known to be the
weakest link in a secure system, can impact the integrity and
confidentiality of the social experience. The fundamental
importance of the analysis is to understand what needs to be
done to reduce such risks.
Analysis and solutions on phishing have been very extensive
and have been carried out by researchers on topics like fake
emails, web sites and web forms [5]. However, little has been
done on the risks and solutions for social websites. There has
been some work, but not to the extent provided in this report.
Thus, part of our analysis attempts to simulate real phishing
attacks on Facebook through various interactive methods. This
assists in effectively understanding how Facebook deals with
phishing attacks, as well as, how and why users fall for simple
scams.
From our simulated attacks, we found out that Facebook does
not provide a comprehensive system in reducing the amount
Facebook: A Comprehensive Analysis of
Phishing on a Social System
December 7, 2010
Tarek Amin, Oseghale Okhiria, James Lu and James An
Department of Electrical and Computer Engineering
University of British Columbia
Vancouver, Canada
tarekamin89@gmail.com, sega.okhiria@gmail.com, jameslu1027@gmail.com, jamesanse@gmail.com
2. EECE 412 Term Project Report 2
of phishing scams. Furthermore, our results show that roughly
1 in 3 people fall for very simple attacks, in which their
username and password could have been easily retrieved. One
of the major implications of such vulnerability is the ability for
adversaries to use this personal information to exploit the
relationship entrusted between friends to gain financial
benefits. Due to this social interaction between users in the
context of social websites, it is difficult for Facebook to
implement a psychologically acceptable design that does not
hinder the user friendliness of the system. Defense in depth
and securing the weakest links have not been achieved either.
In order to reduce the risks involved with phishing attacks
some countermeasures have been proposed including user
authentication and URL detection.
II. ANALYZING THE FACEBOOK SYSTEM
As mentioned in the introduction, the analysis of the Facebook
system is broken down into two essential components. The
first component attempts to analyze how the system, in this
case the website, encourages or prevents phishing attacks.
Thus, we study various aspects of the system such as the login
procedure, the layout of the interface and the services
provided to the user. This will give important insight on what
does or doesn’t increase the effectiveness of social
engineering attacks. A list of the elements is described below.
I. THE FACEBOOK SYSTEM INTERFACE
A. Account Creation
An analysis needs to be made on the account creation
procedures that Facebook employ. The ease or difficulty in the
process of successfully creating a Facebook account is
essential. This plays an important role in analyzing how
phishers would be capable of creating an account in which
phishing attacks can occur from. A question related to this
interface could be how does Facebook ensure that the user
creating the account is a real person and has true intentions to
socialize over the system?
B. Login Process
Studies on how the Facebook system deals with log in process
is also a crucial point of analysis. Thus, we have to look at how
the system deals with usernames and passwords and the
ways, if any, it deals with suspicious login variations. This
investigation is important as it determines how the system
would react to someone other than the real user logging into
their accounts. A question related to this element would be, if
an adversary had access to a user’s personal information,
would the system be able to detect changes such as a change
in geographical location? This assumes that the adversary is
located in a different part of the globe.
C. Exploitation of Services
Services provided by the Facebook system such as wall
posting, group creation, in-system messaging and instant chat
play an essential role in social engineering attacks. If an
adversary can exploit the user friendliness of the system, then
he/she can effectively encapsulate the phishing scam into a
service that the typical user expects to be normal. A question
that can be raised is how can the adversary exploit the services
of a basic wall post to convince the victim that the scam is
actually trustworthy?
D. Account Activity
An obvious element of inspection is how the Facebook system
deals with suspicious account activity. Having a system that
does not incorporate this can lead to mass phishing attacks.
But a more important question could be how does the
Facebook system detect narrow targeted phishing attacks? i.e
attacks that do not trigger account suspension. When is there
a limit?
II. THE HUMAN ASPECT
Humans are usually known to be the weakest link of a secure
system. Phishing in essence attempts to exploit this link. It is
always easier to get a user to give you their personal
information rather than exploit the cryptographic algorithms
of the system. Thus a major part of our analysis focuses on
how easy it is to deceive a user into providing their personal
information. We attempt to find out if users of the social
system and any internet user in general, do pay attention to
the URL of a phishing scam that attempts to redirect them.
Gathering such information is essential as an understanding of
what makes phishing successful will be beneficial to the
proposal of counter-measures.
III. RELATED WORK
Phishing has been around for a while and, as stated in the
introduction, is one of the most common attacks on the
Internet. So it comes as no surprise that there have been many
analyses on the topic. However, many of the previous analyses
on Internet phishing deal with capturing the essence of
phishing attacks by analyzing the components and processes
which attackers use to collect sensitive or confidential
information [6]. Very few researchers simulate actual phishing
on social networks in order to acquire information about both
the system and the users that fall for the scam.
One previous work to note would be that of Check Point
Software’s Security Research & Response team. This team
conducted a phishing simulation using Facebook in order to
evaluate the dangers social network sites expose us to. In their
analysis, the team created a fake Facebook profile. Using this
profile they then sent out 200 private messages to complete
3. EECE 412 Term Project Report 3
strangers. The message was the same for all 200 recipients. It
consisted of a short message which read, “Check out my latest
pictures”, accompanied with an external URL link to a
potentially dangerous site, which could contain worms,
Trojans or viruses that could attempt to gain information from
your computer [7]. The results were obtained by keeping track
of the number of people who clicked on the potentially
dangerous link.
From their analysis, they found that approximately 35% of the
recipients attempted to visit the URL link provided in the
message. This is a substantial finding, as a previous study done
on traditional phishing without the use of social networks
done by Gartner in April, 2004 showed that only 3% of
randomly surveyed participants reported to falling for a
phishing scam [6].
While this analysis provides substantial findings, we believe it
may be insufficient because visiting a suspicious URL link does
not necessarily mean that the scam is successful. In our
analysis we approached the victims in a different manner as
well as going one step further to gaining more accurate
results, which will be discussed in the following section.
IV. ANALYSIS METHODOLOGY
In order to effectively analyze the Facebook system, the set of
tasks and methodologies are split into two major components.
First, the mechanisms for analysis must be setup and
effectively designed to successfully simulate a real phishing
attack. This is an important factor in the overall achievement
of the investigation and must be described in some detail to
ensure this analysis can be repeatable. Secondly, the system
must be attacked in specific ways in order to effectively
analyze the elements mentioned in section number II. A good
integration of these two major components will aid in the
achievement of crucial results.
I. SETTING UP A FACEBOOK PHISHING ATTACK
The essence of phishing is to attempt to steal a user’s personal
information. In this case, the personal information mainly
relates to the user’s username and password. Thus, a common
method in doing so is by redirecting the user to a fake
websites that effectively imitates the trustworthy source. In
the case of our analysis, we intended in directing the user to a
fake Facebook login page that would ask them to re-enter
their personal information. It is important to reiterate from
the previous section that such attacks occur from both the
legitimate source itself (Facebook) and through external
means such as other social websites. This is one of the aspects
that differentiate this analysis from previously carried ones.
A. Creating the Fake Login Page
To setup our analysis, we obtained a domain name through a
provider. Thus, we were able to manipulate the webpages on
the domain to simulate a Facebook phishing attack. By adding
webpages with names such as the one shown in fig 1, we
attempt to deceive the user into thinking that this page
originates from Facebook.
Figure 1: Fake Facebook Web Page
The webpages part of redirect-facebook.com indicates that
the user is accessing a Facebook group and thus tricks them
into believing the source of the content. This signifies the
importance that not all internet users can parse and
understand the content of the URL, which has been identified
in research [5]. Paying close attention to the images shown
above we see that visual cues such as the small Facebook logo
at the beginning of the URL along with the name of the
website provide false indication that the webpage is
trustworthy. All of these small details play an important role in
the simulation of a real attack.
B. Replicating the Facebook Login Page
The next vital step in the setup was to convincingly replicate
the Facebook login page. Surprisingly, this was not too
difficult. By accessing the source code through any web
browser, the Cascading Style Sheets (CSS)
1
and other
information can be obtained. Thus, it was easy to create a
website that accurately replicated the login page and was
identical to Facebook. Furthermore, the fake login page had a
security notice such as the one shown in fig 2. This justifies the
user’s requirement to re-enter their username and password
in order to be redirect to the Facebook group.
C. Collecting Information
The only major difference between the two login pages was
that the fake one did not actually obtain the user’s username
and password. Furthermore, the fake page would redirect the
user to a carefully thought survey in order to collect maximum
information regarding their phished accounts. This information
was useful in determining why users fall for such scams and
provided insight to some of the counter-measures.
1
The CSS is a set of rules that govern the structure and format of a web
page.
4. EECE 412 Term Project Report 4
Figure 2: Fake Security Notice
It is important to mention that the number of phished users
was obtained by implementing two “unique IP counters”, one
at the login page and the other was at the survey. By looking
at the number of IP addresses on the survey page, we could
infer that these users actually fell for the scam. Furthermore,
looking at the IP counter difference between the survey page
and the login page, we could deduce that these users followed
the link but did not provide their personal information. It is
vital to mention that we assumed the users who were
redirected to this survey have actually provided their real
username and password and not meaningless information.
II. SIMULATING THE ATTACK
Once the essentials have been setup, we proceeded with the
actual analysis of the Facebook social system. By making use of
the fake website that we have created, we attempted to
simulate the process a phisher would go through in order to
successfully steal personal information from the users.
Therefore, we tested how the Facebook system would deal
with such attacks and how it would encourage it. At the same
time, we found out if the techniques employed have been
successful by looking at the collected information from the IP
counters and surveys.
A. Creating Fake Accounts
The initial step a phisher would take is to create several fake
Facebook accounts. This was simply accomplished by going
through the account creation procedures and filling in the
required information. After the account was setup, all that was
left was to personalize the account to mimic one of a typical
Facebook user. We tested the account creation procedure by
attempting to create around 10 new Facebook accounts within
a very short period of time. Furthermore we repeated this
process with both the same IP address and a different IP
address each time. This simulates the idea that the adversary
would attempt to spoof their IP address in order to go
undetected by Facebook. This was accomplished by an IP
proxy.
B. Logging into User’s Accounts
This simulation was done assuming one obtained a user’s
username and password through a phishing scam similar to
the one we describe. There is little one can do with such a
simulation, however, we attempted to find out whether the
Facebook system could identify whether multiple users can
access the same account from different IP addresses. This
relates to the scenario that an adversary can log on to an
account at the same time as the actual user. This was
accomplished by logging into the same account from two
different computers. Furthermore, we analyzed the possible
situation in which the adversary can log onto an account from
a different region of the world within a short time frame. This
was achieved through an IP proxy.
C. Exploiting Facebook Interactive Services
We attempted to exploit some of the features Facebook
provide such as adding links to wall posts. Once links were
added, their metadata would be displayed and the user
would have command over the type of information that is
shown. An example is provided in fig 3 below.
Figure 3: Encapsulated Phishing Scam
The user has the ability to change the title of the link as well as
the content that describes it. For instance, the figure above
encapsulates the URL that was shown in fig 1 with the “UBC
REC” title and a non-existing link as shown by the last URL.
Even though the fake Facebook link was still present, as seen
in the middle of the figure, the other data would provide a
means of distraction.
D. Flooding Facebook
The last scenario we attempted to simulate was the idea that
phishers would attempt to send many phishing scams within a
short period of time. Thus, this was accomplished by posting
many messages through different groups within a matter of
minutes. The concept of this analysis was whether Facebook
could determine this action to be suspicious or not. If so, we
wanted to find out how long it would take.
V. RESULTS
The results collected from this analysis provide some
interesting and concerning outcomes. Thus to effectively
describe them, the same headings used for the analysis
methodology will be applied.
A. Problems and Results from Creating Fake
Accounts
The first problem that was encountered was the requirement
for a valid email to sign up. This was easily solved by the use of
widely available online services that provide internet users a
temporary email address for a short period of time. Thus any
5. EECE 412 Term Project Report 5
email account will work; even if they end up expiring within 10
minutes.
When attempting to create multiple accounts from the same
IP address, Facebook was clever enough to detect this. Within
a couple of account creations, a box appeared requesting
phone verification to ensure the user was real. However,
attempting to sign in with an IP proxy was successful as long
the IP was changed every few accounts. Within a few days of
account creation, some accounts were disabled as shown in fig
4. It was revealed that the ones that were not disabled were
due to uncommon names; suggesting Facebook pay close
attention to names that are commonly used such as “Alice”,
“Trudy” and “Bob. However, this is not a major concern.
Figure 4: Disabled Account
B. Accessing User Accounts
After some testing and analyzing, it was found that
irrespective of the IP address used to access an account using
the user’s personal information; Facebook would allow the
“authorized” person to login. Furthermore, multiple accesses
are also allowable; indicating a user and an adversary could be
logged in at the same time without detection.
C. Send Many Message on Facebook
After carrying out the analysis, it was discovered that
Facebook has already taken care of users sending too many
messages within the system. However, when posting
messages on groups at a decent frequency (roughly 10 per
hour), Facebook was unable to detect messages at this rate.
D. Success of Phishing Scam
The phishing scam that was implemented showed some very
interesting results. Out of a sample space of around 60 total
users, 31% of them were deceived by the simple scam. This
shows that roughly one in three people are likely to give their
username and password to the phisher through a social
website. Furthermore, 71% of the people who carried out the
survey (roughly half of the people who were deceived)
mentioned that they did not check the URL before the
provided their personal information. In addition, 75% stated
that logging onto the Facebook website was second nature to
them. These results provide very useful information.
VI. DISCUSSION
The results that were collected from the analysis of phishing
on the Facebook social system must be evaluated in order to
achieve insights in their meaning.
A. Findings and Implications
From the collected results we realized that one major factor
that contributed to the success rate of our simulated phishing
scam was due to the human being’s habit capture errors.
Some tasks become second nature to an individual as a result
of having preformed the task so frequently e.g. logging in to
Facebook. This is a key factor which attackers could easily
exploit with a commonly used network such as Facebook.
Another equally prominent contribution to the success of the
simulated phishing scam is the level of trust created due to the
constant interaction with people over the Internet (social
network). Users tend to trust those who they perceive as being
real people and share similar interests and hobbies. It
becomes impossible to differentiate between legitimate users
and users who have ill intentions.
Despite attempts to increase security the fact that it is difficult
to create mutual authentication between Facebook and the
user, makes phishing a little easier. Facebook attempts to
authenticate the user with the use of several tools (such as
phone verification). Nonetheless, these means of
authentication are insufficient and do not consistently ensure
the legitimacy of the user. Furthermore, there is no fail-safe
means for the user to authenticate Facebook besides the URL
in the address bar and the common visual interface, which can
easily be replicated (such as the login page). This relies on the
knowledge of the user, which in most cases is not sufficient.
Moreover, it is important to note that besides the already
known implications of a successful phishing scam, users tend
to use the same password for multiple accounts throughout
the Internet. Access to ones email address and password could
be the gateway to successfully impersonating the individual on
a variety of other websites (since many allow users to login
with their email address). Even worse, if the user uses the
same password for their email accounts, the adversary could
possibly have access to sensitive information such as financial
matters.
B. Principles of Secure Design
Often web 2.0 platforms are faced with the decision of
ensuring user accessibility and ease of use or ensuring a more
secure system. Many try to find a balance between the two,
making security as invisible to the user as much as possible. As
this is not easy, more often than not, system designers tend to
sacrifice a little on security for user accessibility. Such is the
case with many social networks. For instance, Facebook could
ask for verification from the user every time the user’s account
is accessed from a different computer or location but they
choose not to. This hinders the user’s social experience.
Therefore, it is a result of attempting to make the Facebook
social system more psychologically acceptable to the user that
phishing security was not up to par.
6. EECE 412 Term Project Report 6
The principal of defense in depth could be further explored in
this scenario. By providing more countermeasures such as the
ones suggested below, a great deal of attackers could be
dissuaded from performing scams as it would take greater
effort and more advanced techniques. Another aspect of
security design principles that Facebook could benefit from is
to assume that human behavior introduces vulnerability.
Facebook must design the system with the idea that the
average user is either attempting to break it, or has no
knowledge of how to be safe on the Internet. A very
straightforward example of this principle would be to draw the
user’s attention to the URL prior to every login.
C. Limitations
Certain limitations we faced in carrying out this analysis
caused us to make some assumptions. To preserve user’s
confidentiality we could not verify that the right information
had been entered on the login page. To do this we would have
been forced to illegally obtain their information and verify this
by logging into their accounts. So we made the assumption
that users who arrived at the survey page had entered their
real email address and password on the fake login page.
Another limitation we faced was that of the unique IP counter.
While it is a lot more accurate and superior to the page hit
counter, it provides room for error. Many Internet user’s use
laptops and connect to networks via a Dynamic Host
Configuration Protocol (DHCP). This means that if such a user
should revisit the site after having been assigned a new IP
address by the Host we would count the new IP address as
another visitor.
D. Suggestions
To combat the idea of Habit Capture Errors, we decided to
design a very simple prototype to accompany this suggestion.
To ensure users did not login to a Facebook account that was
not real, we designed a web browser prototype that would
compare the URL of the “fake” Facebook page with the real
one. By using a simple algorithm, the tool would detect parts
of the URL and attempt to determine if it is similar to the URL
“facebook.com”. Once a match is found, the tool would assess
the location of the server and compare it with the real
Facebook multiple IP addresses. If they are equivalent, the URL
can be assumed safe and part of Facebook. If not, the tool
would warn the user. This method can be applied to a list of
commonly attacked websites. The idea behind the tool is to
provide some defense in depth (on the browser side) to better
help users parse URLs.
The ability that users can use temporary emails (that can be
setup in a matter of seconds) should be prevented. Facebook
could implement a system that blacklists email domains that
provide such service ensuring legitimate email accounts are
used. This does not necessarily stop adversaries from creating
fake accounts; however, it does slow down the process as they
have to undergo various email creation steps.
In terms of the user being able to authenticate Facebook, an
SSL connection could be established for the login page. This
will provide the visual cues that are well known to secure sites,
thus, fake login page replication can be reduced. Along with
the SSL, the user should be made aware to look for such
indications upon login.
Despite sacrificing a little bit of user accessibility we believe
that, with such the size of network Facebook has, it is vital to
implement a means to deny access to accounts from a device
different from those commonly used by the user without
proper authentication. For instance a user should have three
registered commonly used devices for accessing Facebook;
two computers and one mobile device (similar to apple’s 5
computer policy for iTunes content). Access to the users
account from all other devices should require additional user
authentication unless the user changes their commonly used
device and register it with Facebook. Such additional
authentication could be in the form of a second password, an
email message, a secret question or perhaps one pertaining to
information about you that is stored on their server. This will
prevent unauthorized access by people who manage to obtain
the username and password.
VII. CONCLUSION
Our analysis of phishing on a social system, using Facebook as
our stage, provided us with a lot of information regarding both
the Facebook system and how users interact with it. We were
able to analyze why social networks make phishing scams
much harder to detect by the average user. While it is difficult
to ensure all users are knowledgeable and use the system
correctly, there are several options Facebook can explore in
terms of protecting their users.
VIII. REFERENCES
[1] R. Dhamija and J. Tygar, "The Battle Against Phishing: Dynamic
Security Skins," University of California, Berkeley,
[2] "Report on Phishing," Binational Working Group on Cross-
Border Mass Marketing Fraud, Oct 2006.
URL:www.justice.gov/opa/report_on_phishing.pdf
[3] Lawton, G.; , "Web 2.0 Creates Security Challenges," Computer ,
vol.40, no.10, pp.13-16, Oct. 2007doi: 10.1109/MC.2007.367
[4] [Online].Facebook
Available: http://www.facebook.com/press/info.php?statistics
[5] J. Chen and C. Guo, "Online Detection and Prevention of
Phishing Attacks," Institute of Communications Engineering,
[6] M. Jakobsson, "Modeling and Preventing Phishing Attacks,"
Indiana University, Bloomington,
[7] (2010, December 6) 35% of Facebook Users Could Be Victims of
Phishing Scams. [Online]. Available:
http://blog.zonealarm.com/blog/2010/01/35-of-facebook-
users-could-be-victims-of-phishing-scams.html