28,114 results on '"phishing"'
Search Results
2. Why You MUST USE: Don't be afraid of artificial intelligence--it's more useful than you think. Robert Irvine reveals 30 ways that free AI tools can improve everything you do on your PC and online
- Subjects
Microsoft Corp. -- International economic relations ,Computer software industry -- International economic relations ,Internet videos ,Artificial intelligence ,Phishing ,Natural language interfaces ,Spyware ,Identity theft ,Computational linguistics ,Language processing ,Artificial intelligence ,Science and technology - Abstract
WHAT YOU CAN DO * Restore, resize and enhance your old photos * Scan downloads and websites for malware * Identify and avoid new phishing scams * Summarise the content [...]
- Published
- 2024
3. Beat the scammers: Protect yourself with the help of your Mac and iPhone
- Author
-
Peers, Nick
- Subjects
Trend Micro Inc. (Tokyo, Japan) ,Internet/Web advertising ,Internet/Web search services ,Computer software industry ,Internet fraud ,Phishing ,Spyware ,Smart phones ,Internet -- Safety and security measures ,Computer hackers ,Social networks ,Text search and retrieval software ,Internet security ,Smart phone ,Internet search software ,Internet/Web advertising ,Hacker ,Internet/Web search service ,Science and technology - Abstract
EVERYWHERE YOU TURN, it seems like someone is out to scam you. Online ads promoting deals too good to be true, suspicious web links lurking in prominent paid--for search engine [...]
- Published
- 2024
4. Beat the scammers: Protect yourself with the help of I your Mac and iPhone
- Author
-
Peers, Nick
- Subjects
Trend Micro Inc. (Tokyo, Japan) ,Internet/Web advertising ,Internet/Web search services ,Computer software industry ,Internet fraud ,Phishing ,Spyware ,Smart phones ,Internet -- Safety and security measures ,Computer hackers ,Social networks ,Text search and retrieval software ,Internet security ,Smart phone ,Internet search software ,Internet/Web advertising ,Hacker ,Internet/Web search service ,Science and technology - Abstract
Everywhere you turn, it seems like someone is out to scam you. Online ads promoting deals too good to be true, dodgy web links lurking in prominent paid-for search engine [...]
- Published
- 2024
5. Getting users to click: a content analysis of phishers’ tactics and techniques in mobile instant messaging phishing
- Author
-
Ahmad, Rufai, Terzis, Sotirios, and Renaud, Karen
- Published
- 2024
- Full Text
- View/download PDF
6. The role of financial literacy in consumer financial fraud exposure (via email) and victimisation: evidence from Spain
- Author
-
Rey-Ares, Lucía, Fernández-López, Sara, and Álvarez-Espiño, Marcos
- Published
- 2024
- Full Text
- View/download PDF
7. Explaining cybercrime victimization using a longitudinal population-based survey experiment. Are personal characteristics, online routine activities, and actual self-protective online behavior related to future cybercrime victimization?
- Author
-
van 't Hoff-de Goede, M.S., van de Weijer, S., and Leukfeldt, R.
- Subjects
- *
COMPUTER crimes , *CRIME victims , *INTERNET security - Abstract
With the increasing prevalence of cybercrime victimization there is a growing need for prevention. Previous studies have attempted to uncover risk factors associated with cybercrime victimization in the areas of personal characteristics and online routine activities. This article aims to take the field a step further by including actual self-protective online behavior, obtained through a population-based survey experiment (N = 1886), as a risk factor for cybercrime victimization. In wave 1 of our longitudinal design, personal characteristics, online routine activities, and actual self-protective online behavior concerning password strength, clicking behavior, sharing personal information, and handling phishing emails were measured. In wave 2, cybercrime victimization of several types of cyber-enabled and cyber-dependent cybercrimes was measured one year later. Results indicate that few personal characteristics, online routine activities, and self-protective online behaviors are related to the odds of becoming a cybercrime victim. This furthermore illustrates the heterogeneity of cybercrime victimization, since most significant factors only seem to be related to the risk of one particular type of cybercrime. These results indicate that to explain cybercrime victimization, the research field needs to shift its focus and adapt to new online developments. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
8. Phishing: Gender Differences in Email Security Perceptions and Behaviors.
- Author
-
Jie Du, Kalafut, Andrew, and Schymik, Gregory
- Subjects
GENDER differences in education ,INFORMATION technology security ,HEALTH Belief Model ,EMAIL security ,GENDER differences (Psychology) ,PHISHING - Abstract
Information security is a major concern for everyone nowadays. While substantial research exists on gender differences in education and technology, there appears to be very little research on gender differences in information security and that research examines a broad list of self-reported information security behaviors in a single study. Our research adds to the literature by examining in more depth one specific area of information security behavior: peoples' behavior relating to phishing attacks. This research attempts to investigate gender differences in email security perceptions and behaviors by surveying students, faculty, and staff at one midwestern public, master's granting university. The survey questions are developed based on the Health Belief Model. 414 usable survey response sets were collected and analyzed. The findings suggest that men and women have different perceptions on self-efficacy, vulnerability, barriers, cues to action, and self-reported security behaviors. While the Health Belief Model provides a relatively good fit in explaining email security behaviors for both men and women, each group appears to value each of the underlying factors differently. The findings shed light on how to design and conduct security training to increase adoption of protective email behaviors. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
9. Phishing detection using grey wolf and particle swarm optimizer.
- Author
-
Hamdan, Adel, Tahboush, Muhannad, Adawy, Mohammad, Alwada'n, Tariq, Ghwanmeh, Sameh, and Husni, Moath
- Subjects
GREY Wolf Optimizer algorithm ,PARTICLE swarm optimization ,METAHEURISTIC algorithms ,FEATURE selection ,PHISHING - Abstract
Phishing could be considered a worldwide problem; undoubtedly, the number of illegal websites has increased quickly. Besides that, phishing is a security attack that has several purposes, such as personal information, credit card numbers, and other information. Phishing websites look like legitimate ones, which makes it difficult to differentiate between them. There are several techniques and methods for phishing detection. The authors present two machine-learning algorithms for phishing detection. Besides that, the algorithms employed are XGBoost and random forest. Also, this study uses particle swarm optimization (PSO) and grey wolf optimizer (GWO), which are considered metaheuristic algorithms. This research used the Mendeley dataset. Precision, recall, and accuracy are used as the evaluation criteria. Experiments are done with all features (111) and with features selected by PSO and GWO. Finally, experiments are done with the most common features selected by both PSO and GWO (PSO n GWO). The result demonstrates that system performance is highly acceptable, with an F-measure of 91.4%. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
10. Integrating Novel Mechanisms for Threat Detection in Enhanced Data Classification using Ant Colony Optimization with Recurrent Neural Network.
- Author
-
Chidambaram, Vivek alias M. and Chandrasekaran, Karthik Painganadu
- Subjects
CYBERTERRORISM ,ANT algorithms ,RECURRENT neural networks ,TCP/IP ,COMPUTER networks ,PHISHING ,DENIAL of service attacks - Abstract
In new technologies like fog computing, edge computing, cloud computing, and the Internet of Things (IoT), cybersecurity concerns and cyber-attacks have surged. The demand for better threat detection and prevention systems has increased due to the present global uptick in phishing and computer network attacks. In order to identify irregularities and attacks on the network, which have increased in scale and prevalence, threat identification is essential. However, the community is forced to investigate and create novel threat detection approaches that are capable of detecting threats using anomalies due to the increase in network threats, the growth of new methods of attack and computations, and the requirement to ensure security measures. A novel mechanism is employed to identify threats in a data based on optimized deep learning. The main aim of this paper is the usage of data classification system based on Deep Learning (DL). The proposed mechanism employed the TCP (Transmission Control Protocol) communication protocol to extract data from loud IoT (Internet of Things) networks for the purpose of threat detection. To perform feature extraction an Ant Colony Optimization (ACO) is utilised, through Recurrent Neural Network (RNN), the attacks in data are classified and detected. Additionally, the suggested approach has been evaluated and trained using the BOUN DDoS contemporary dataset, which comprises a variety of attack types and allows for the effectiveness of the framework to be determined to compare it to previous approaches. The Findings indicate that the suggested approach achieved higher accuracy in DDoS attack identification in comparison with Traditional deep learning methods. The existing method detects the generic attack with lower efficiency however; the proposed mechanism achieves better accuracy in both the detection of the DDoS attack and the detection of regular traffic. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
11. Friend or phisher: how known senders and fear of missing out affect young adults' phishing susceptibility on social media.
- Author
-
Klütsch, Jennifer, Schwab, Jasmin, Böffel, Christian, Zimmermann, Verena, and Schlittmeier, Sabine J.
- Subjects
SOCIAL media ,YOUNG adults ,PHISHING ,SUSPICION ,VIGNETTES - Abstract
Phishers exploit the social nature of social media, thereby targeting young adults, who are highly susceptible to phishing. This study focuses on two under-researched factors influencing young adults' susceptibility to social media phishing: the user's relation to the message sender and Fear of Missing Out (FoMO). In an online vignette study, 193 young adults were presented with Instagram chat messages from either known or unknown senders, accompanied by varying consequences for not clicking. These ranged from missing an event with no other user (no consequences) to missing an event with one (low) or several other users (high consequences). The analysis focused on intended behaviour and suspicion, while also capturing young adults' situational fear of missing out on the scenario-based event with the message sender (State FoMO) and their individual Trait FoMO. The results highlight that the user-sender relation is a strong predictor of phishing susceptibility and a crucial contributor to State FoMO. Furthermore, young adults who are high in Trait FoMO exhibited lower suspicion towards phishing attempts. These findings are discussed along with methodological considerations. In addition, strategies to mitigate the identified vulnerabilities are suggested, focusing on areas where social media phishing is most likely to affect young adults. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
12. DeepEPhishNet: a deep learning framework for email phishing detection using word embedding algorithms.
- Author
-
Somesha, M and Pais, Alwyn Roshan
- Subjects
- *
DEEP learning , *PHISHING , *SOCIAL engineering (Fraud) , *ARTIFICIAL neural networks , *EMAIL , *ALGORITHMS , *MACHINE learning - Abstract
Email phishing is a social engineering scheme that uses spoofed emails intended to trick the user into disclosing legitimate business and personal credentials. Many phishing email detection techniques exist based on machine learning, deep learning, and word embedding. In this paper, we propose a new technique for the detection of phishing emails using word embedding (Word2Vec, FastText, and TF-IDF) and deep learning techniques (DNN and BiLSTM network). Our proposed technique makes use of only four header based (From, Returnpath, Subject, Message-ID) features of the emails for the email classification. We applied several word embeddings for the evaluation of our models. From the experimental evaluation, we observed that the DNN model with FastText-SkipGram achieved an accuracy of 99.52% and BiLSTM model with FastText-SkipGram achieved an accuracy of 99.42%. Among these two techniques, DNN outperformed BiLSTM using the same word embedding (FastText-SkipGram) techniques with an accuracy of 99.52%. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
13. A comprehensive survey on mobile browser security issues, challenges and solutions.
- Author
-
Debnath, Ninmoy and Jain, Ankit Kumar
- Subjects
- *
WEB-based user interfaces , *RESEARCH personnel , *MOBILE commerce , *PAYMENT systems , *PHISHING - Abstract
Smartphone users use the mobile browser to interact with web-based applications. However, mobile browsers are vulnerable to various types of attacks such as phishing, DDoS, etc. There are numerous methods for detecting such attacks on the desktop environment, but, due to hardware limitations, such methods may not be effective for smartphones. Therefore, this paper presents different types of possible cyber-attacks in mobile browsers, and their solutions provided by various researchers to avoid such attacks. Additionally, the survey provides different types of mobile browser-related TLS errors and security indicators related challenges. We have discussed the consequences of emerging domains like mobile payment systems and online meetings. This survey will help the various mobile users in avoiding cyber-attacks while using the Internet for their day-to-day activities and will encourage researchers in designing new effective solutions against various types of mobile-specific cyber-attacks. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
14. Optimized Phishing Detection with Recurrent Neural Network and Whale Optimizer Algorithm.
- Author
-
Gupta, Brij Bhooshan, Gaurav, Akshat, Attar, Razaz Waheeb, Arya, Varsha, Alhomoud, Ahmed, and Chui, Kwok Tai
- Subjects
MACHINE learning ,METAHEURISTIC algorithms ,UNIFORM Resource Locators ,PHISHING ,ELECTRONIC data processing - Abstract
Phishing attacks present a persistent and evolving threat in the cybersecurity land-scape, necessitating the development of more sophisticated detection methods. Traditional machine learning approaches to phishing detection have relied heavily on feature engineering and have often fallen short in adapting to the dynamically changing patterns of phishing Uniform Resource Locator (URLs). Addressing these challenge, we introduce a framework that integrates the sequential data processing strengths of a Recurrent Neural Network (RNN) with the hyperparameter optimization prowess of the Whale Optimization Algorithm (WOA). Our model capitalizes on an extensive Kaggle dataset, featuring over 11,000 URLs, each delineated by 30 attributes. The WOA's hyperparameter optimization enhances the RNN's performance, evidenced by a meticulous validation process. The results, encapsulated in precision, recall, and F1-score metrics, surpass baseline models, achieving an overall accuracy of 92%. This study not only demonstrates the RNN's proficiency in learning complex patterns but also underscores the WOA's effectiveness in refining machine learning models for the critical task of phishing detection. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
15. Fortifying the Future: A Comprehensive Study of Fin-Tech Security Measures.
- Author
-
Temani, Vishnu Priya
- Subjects
SOCIAL media ,SECURITY systems ,MALWARE ,DENIAL of service attacks ,COMPUTER security vulnerabilities ,PHISHING ,DATA security failures - Published
- 2024
- Full Text
- View/download PDF
16. XAI-PhD: Fortifying Trust of Phishing URL Detection Empowered by Shapley Additive Explanations.
- Author
-
Al-Fayoumi, Mustafa, Alhijawi, Bushra, Al-Haija, Qasem Abu, and Armoush, Rakan
- Subjects
SOCIAL engineering (Fraud) ,PHISHING ,ARTIFICIAL intelligence ,CYBERTERRORISM ,MACHINE learning - Abstract
The rapid growth of the Internet has led to an increased demand for online services. However, this surge in online activity has also brought about a new threat: phishing attacks. Phishing is a type of cyberattack that utilizes social engineering techniques and technological manipulations to steal crucial information from unsuspecting individuals. Consequently, there is a rising necessity to create dependable phishing URL detection models that can effectively identify phishing URLs with enhanced accuracy and reduced prediction overhead. This study introduces XAI-PhD, an innovative phishing detection method that utilizes machine learning (ML) and Shapley additive explanation (SHAP) capabilities. Specifically, XAI-PhD utilizes SHAP to thoroughly analyze the significance of each feature in influencing the decision-making process of the classifier. By selectively incorporating input characteristics based on their SHAP values, only the most crucial attributes are assessed, enabling the development of a highly adaptable and generalized model. XAI-PhD utilizes a lightweight gradient boosting machine as its classifier, and a series of rigorous tests are conducted to assess its performance compared to established baseline methods. The empirical findings unequivocally demonstrate the exceptional effectiveness of XAI-PhD, as evidenced by its remarkable accuracy and F1-score of 99.8% and 99%, respectively. Moreover, XAI-PhD exhibits high computational efficiency, requiring only 1.47 milliseconds and 18.5 microseconds per record to generate accurate predictions. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
17. URL based phishing attack detection using BiLSTM-gated highway attention block convolutional neural network.
- Author
-
Nanda, Manika and Goel, Shivani
- Subjects
CONVOLUTIONAL neural networks ,PHISHING ,CREDIT cards ,SELF ,REACTION time - Abstract
Phishing is an attack that attempts to replicate the official websites of businesses, including government agencies, financial institutions, e-commerce platforms, and banks. These fraudulent websites aim to obtain sensitive information from users, such as credit card numbers, email addresses, passwords, and personal identities. In response to the increasing number of phishing assaults, several anti-phishing strategies have been developed. However, existing techniques often fail to extract the most crucial features, leading to potential misclassification. Additionally, the complex algorithms employed result in high response times. To address these challenges, this paper proposes a novel approach called Bidirectional Long Short-Term Memory based Gated Highway Attention block Convolutional Neural Network (BiLSTM-GHA-CNN) for detecting phishing URLs. The BiLSTM captures contextual features, while the CNN extracts salient features. The integration of the highway network into the BiLSTM-CNN architecture enables the capture of significant features with rapid convergence. Furthermore, a gating mechanism is employed to weigh the output features of the CNN and BiLSTM. Five datasets from diverse sources such as Phish Tank and Open Phish were created for experimentation. The results demonstrate that BiLSTM-GHA-CNN achieves superior detection accuracy, precision recall, and F1-score compared to state-of-the-art techniques. Moreover, the proposed system significantly reduces the response time to a remarkable 12.46 ms. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
18. Phishing Webpage Detection via Multi-Modal Integration of HTML DOM Graphs and URL Features Based on Graph Convolutional and Transformer Networks.
- Author
-
Yoon, Jun-Ho, Buu, Seok-Jun, and Kim, Hae-Jung
- Subjects
CONVOLUTIONAL neural networks ,DEEP learning ,TRANSFORMER models ,INTERNET safety ,PHISHING - Abstract
Detecting phishing webpages is a critical task in the field of cybersecurity, with significant implications for online safety and data protection. Traditional methods have primarily relied on analyzing URL features, which can be limited in capturing the full context of phishing attacks. In this study, we propose an innovative approach that integrates HTML DOM graph modeling with URL feature analysis using advanced deep learning techniques. The proposed method leverages Graph Convolutional Networks (GCNs) to model the structure of HTML DOM graphs, combined with Convolutional Neural Networks (CNNs) and Transformer Networks to capture the character and word sequence features of URLs, respectively. These multi-modal features are then integrated using a Transformer network, which is adept at selectively capturing the interdependencies and complementary relationships between different feature sets. We evaluated our approach on a real-world dataset comprising URL and HTML DOM graph data collected from 2012 to 2024. This dataset includes over 80 million nodes and edges, providing a robust foundation for testing. Our method demonstrated a significant improvement in performance, achieving a 7.03 percentage point increase in classification accuracy compared to state-of-the-art techniques. Additionally, we conducted ablation tests to further validate the effectiveness of individual features in our model. The results validate the efficacy of integrating HTML DOM structure and URL features using deep learning. Our framework significantly enhances phishing detection capabilities, providing a more accurate and comprehensive solution to identifying malicious webpages. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
19. A systematic review and research challenges on phishing cyberattacks from an electroencephalography and gaze-based perspective.
- Author
-
Thomopoulos, George A., Lyras, Dimitrios P., and Fidas, Christos A.
- Subjects
- *
UBIQUITOUS computing , *ELECTRONIC surveillance , *PHISHING , *ARTIFICIAL intelligence , *CYBERTERRORISM , *EYE tracking - Abstract
Phishing is one of the most important security threats in modern information systems causing different levels of damages to end-users and service providers such as financial and reputational losses. State-of-the-art anti-phishing research is highly fragmented and monolithic and does not address the problem from a pervasive computing perspective. In this survey, we aim to contribute to the existing literature by providing a systematic review of existing experimental phishing research that employs EEG and eye-tracking methods within multi-modal and multi-sensory interaction environments. The main research objective of this review is to examine articles that contain results of at least one EEG-based and/or eye-tracking-based experimental setup within a phishing context. The database search with specific search criteria yielded 651 articles from which, after the identification and the screening process, 42 articles were examined as per the execution of experiments using EEG or eye-tracking technologies in the context of phishing, resulting to a total of 18 distinct papers that were included in the analysis. This survey is approaching the subject across the following pillars: a) the experimental design practices with an emphasis on the applied EEG and eye-tracking acquisition protocols, b) the artificial intelligence and signal preprocessing techniques that were applied in those experiments, and finally, c) the phishing attack types examined. We also provide a roadmap for future research in the field by suggesting ideas on how to combine state-of-the-art gaze-based mechanisms with EEG technologies for advancing phishing research. This leads to a discussion on the best practices for designing EEG and gaze-based frameworks. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
20. A novel deep learning model-based optimization algorithm for text message spam detection.
- Author
-
Das, Lipsa, Ahuja, Laxmi, and Pandey, Adesh
- Subjects
- *
SPAM email , *OPTIMIZATION algorithms , *DEEP learning , *TEXT messages , *SOCIAL engineering (Fraud) , *CONVOLUTIONAL neural networks , *WORD frequency , *PHISHING - Abstract
Mobile texting has increased social engineering assaults like phishing. Because spam, or unsolicited text messages, spread phishing attempts that steal personal information. Traditional methods of spam detection, often based on statistical models or human rule-based systems, have difficulties in keeping up with the growing complexity of spamming strategies. Gathering pertinent data from social networks is a challenging task, mostly due to the limits imposed by privacy concerns and time constraints. The inefficiency and time-consuming nature of conventional frequency-based techniques to word encoding are generally recognized. Text classification has shown promising outcomes with the use of word embeddings and deep learning techniques. The proposed approach involves integrating deep learning with the Remora optimization algorithm framework (DL–ROA) to autonomously extract intricate patterns and nuanced information from text messages. The system's capacity to adapt to new spamming strategies enhances the DL–ROA. The proposed technique improves the accuracy of detection while reducing the inefficiency and time required to create contextual word vectors based on word frequency. Spam detection is achieved by using a hybrid deep model that combines long short-term memory (LSTM) and deep convolutional neural networks (DCNN) architectures. Empirical data demonstrate that the DL–ROA technique surpasses existing deep learning models in terms of accuracy, f1-score, and recall. In addition, the DL–ROA achieved an unprecedented accuracy rate of 98.25%. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
21. A deep learning mechanism to detect phishing URLs using the permutation importance method and SMOTE-Tomek link.
- Author
-
Zaimi, Rania, Hafidi, Mohamed, and Lamia, Mahnane
- Subjects
- *
DEEP learning , *UNIFORM Resource Locators , *PHISHING , *FEATURE selection , *MACHINE learning , *PERMUTATIONS , *WEB-based user interfaces - Abstract
In contemporary times, the proliferation of phishing attacks presents a substantial and growing challenge to cybersecurity. This fraudulent tactic is designed to deceive unsuspecting individuals, enticing them to access malicious websites and disclose sensitive personal information such as usernames, passwords, and financial details. As a result, malevolent actors exploit this data for illicit purposes. As the sophistication and maliciousness of phishing continue to evolve, researchers are earnestly developing multiple anti-phishing solutions in the literature. Among these solutions, those based on machine learning and deep learning models have gained substantial attention in recent years. This study proposes an intelligent mechanism to detect phishing URLs. The proposed system is based on the permutation importance method to select the most relevant URL features and the SMOTE-Tomek link method to solve the problem of an unbalanced dataset. In addition, the XGBoost classifier and four deep learning models—CNN, LSTM, and two hybrid models (CNN-LSTM and LSTM-CNN)—are employed to classify URLs as phishing or legitimate and to compare their performance. The experimental results demonstrate the successful functioning of the proposed phishing detection mechanism. It is observed that the proposed mechanism achieved an accuracy ranging from 93.36 to 97.05% without feature selection and data balance across two variants of datasets and different classifiers. It also achieved an accuracy ranging from 94.12 to 97.82% with feature selection and data balance. Finally, our phishing detection mechanism is implemented as a web application to enhance its usability for web users. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
22. Toward a Hybrid Approach Combining Deep Learning and Case-Based Reasoning for Phishing Email Detection.
- Author
-
Remmide, Mohamed Abdelkarim, Boumahdi, Fatima, and Boustia, Narhimene
- Subjects
- *
ARTIFICIAL intelligence , *SOCIAL engineering (Fraud) , *KNOWLEDGE representation (Information theory) , *CASE-based reasoning , *PHISHING , *DEEP learning - Abstract
Phishing attacks are increasing every year, both in terms of number and technique. Using only human weaknesses, an attacker can easily obtain the victim's credentials or access their network. The problem persists despite many approaches offered by researchers, due to its dynamic nature, in which new phishing tactics are created every time. We, therefore, need more robust and effective methods to detect phishing emails. In this paper, we aim to detect phishing emails using the body text of the email with the hybrid approach combining case-based reasoning (CBR) and a deep learning model. Our proposed model, called DL-CBR, consists of a Bidirectional Long Short-Term Memory (Bi-LSTM) + Temporal Convolutional Network (TCN) network with an attention mechanism followed by a CBR classifier. The deep learning model is used for email representation, where it is trained using the N -pair loss function. To demonstrate the performance of DL-CBR, evaluation metrics, such as precision, accuracy, recall, and F-measure, were used, where we obtained an accuracy of 98.28%. The results show that our model outperformed other CBRs that utilize classical text representations like TF-IDF and Bag-of-Words. Additionally, while our model's performance is slightly below that of the state-of-the-art models, it offers several advantages inherent to CBR. For instance, it can learn from new cases and update their database accordingly. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
23. A cyber defense system against phishing attacks with deep learning game theory and LSTM-CNN with African vulture optimization algorithm (AVOA).
- Author
-
Elberri, Mustafa Ahmed, Tokeşer, Ümit, Rahebi, Javad, and Lopez-Guede, Jose Manuel
- Subjects
- *
OPTIMIZATION algorithms , *PHISHING , *GAME theory , *SWARM intelligence , *EDUCATIONAL games , *PHISHING prevention , *DEEP learning - Abstract
Phishing attacks pose a significant threat to online security, utilizing fake websites to steal sensitive user information. Deep learning techniques, particularly convolutional neural networks (CNNs), have emerged as promising tools for detecting phishing attacks. However, traditional CNN-based image classification methods face limitations in effectively identifying fake pages. To address this challenge, we propose an image-based coding approach for detecting phishing attacks using a CNN-LSTM hybrid model. This approach combines SMOTE, an enhanced GAN based on the Autoencoder network, and swarm intelligence algorithms to balance the dataset, select informative features, and generate grayscale images. Experiments on three benchmark datasets demonstrate that the proposed method achieves superior accuracy, precision, and sensitivity compared to other techniques, effectively identifying phishing attacks and enhancing online security. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
24. Spark-based multi-verse optimizer as wrapper features selection algorithm for phishing attack challenge.
- Author
-
Al-Sawwa, Jamil, Almseidin, Mohammad, Alkasassbeh, Mouhammd, Alemerien, Khalid, and Younisse, Remah
- Subjects
- *
PARTICLE swarm optimization , *OPTIMIZATION algorithms , *MACHINE learning , *PHISHING , *ARTIFICIAL intelligence , *BIOLOGICALLY inspired computing , *DECISION trees - Abstract
Nowadays, phishing attacks have grown rapidly, and there is an urgent need to introduce a suitable detection method that has the ability to detect different types of phishing attacks. This paper investigates the capability to use bio-inspired meta-heuristic algorithms to improve the performance of the detection engine for phishing attacks by reducing the number of features. This improvement was practiced by investigating the effectiveness of five meta-heuristic algorithms: Particle Swarm Optimization (PSO), Firefly Optimization Algorithm (FFA), Multi-Verse Optimizer (MVO), Moth-Flame Optimization algorithm (MFO), and BAT optimization algorithm, to select the relevant features that could be affected directly by different types of phishing attacks. The suggested detection model was tested and evaluated using four benchmark phishing attack datasets, and the Apache Spark-based decision tree algorithm was selected as a detection engine. The conducted experiments have demonstrated that the Spark-based MVO algorithm achieved the highest detection rate for detecting different types of phishing attacks within four phishing attack datasets. Moreover, the suggested detection model was able to reduce effectively the feature space, which could enhance the computational efficiency. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
25. 基于模型堆叠的以太坊钓鱼诈骗账户识别方法.
- Author
-
陈伟利, 叶明顺, 唐明董, and 郑子彬
- Subjects
FRAUD ,BLOCKCHAINS ,FORENSIC accounting ,PHISHING ,CLASSIFICATION algorithms - Abstract
Copyright of Control Theory & Applications / Kongzhi Lilun Yu Yinyong is the property of Editorial Department of Control Theory & Applications and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
- Published
- 2024
- Full Text
- View/download PDF
26. Detection of QR Code-based Cyberattacks using a Lightweight Deep Learning Model.
- Author
-
Sarkhi, Mousa and Mishra, Shailendra
- Subjects
TWO-dimensional bar codes ,MACHINE learning ,CYBERTERRORISM ,PHISHING ,SECURITY systems ,DEEP learning - Abstract
Traditional intrusion detection systems rely on known patterns and irregularities. This study proposes an approach to reinforce security measures on QR codes used for marketing and identification. The former investigates the use of a lightweight Deep Learning (DL) model to detect cyberattacks embedded in QR codes. A model that classifies QR codes into three categories: normal, phishing, and malware, is proposed. The model achieves high precision and F1 scores for normal and phishing codes (Class 0 and 1), indicating accurate identification. However, the model's recall for malware (Class 2) is lower, suggesting potential missed detections in this category. This stresses the need for further exploration of techniques to improve the detection of malware QR codes. Despite the particular limitation, the overall accuracy of the model remains impressive at 99%, demonstrating its effectiveness in distinguishing normal and phishing codes from potentially malicious ones. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
27. Know their Customers: An Empirical Study of Online Account Enumeration Attacks.
- Author
-
Maceiras, Maël, Salehzadeh Niksirat, Kavous, Bernard, Gaël, Garbinato, Benoit, Cherubini, Mauro, Humbert, Mathias, and Huguenin, Kévin
- Subjects
DATA protection ,PHISHING ,INTERNET users ,FOCUS groups ,CONSUMERS - Abstract
Internet users possess accounts on dozens of online services where they are often identified by one of their e-mail addresses. They often use the same address on multiple services and for communicating with their contacts. In this paper, we investigate attacks that enable an adversary (e.g., company, friend) to determine (stealthily or not) whether an individual, identified by their e-mail address, has an account on certain services (i.e., an account enumeration attack). Such attacks on account privacy have serious implications as information about one's accounts can be used to (1) profile them and (2) improve the effectiveness of phishing. We take a multifaceted approach and study these attacks through a combination of experiments (63 services), surveys (318 respondents), and focus groups (13 participants). We demonstrate the high vulnerability of popular services (93.7%) and the concerns of users about their account privacy, as well as their increased susceptibility to phishing e-mails that impersonate services on which they have an account. We also provide findings on the challenges in implementing countermeasures for service providers and on users' ideas for enhancing their account privacy. Finally, our interaction with national data protection authorities led to the inclusion of recommendations in their developers' guide. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
28. X-squatter: AI Multilingual Generation of Cross-Language Sound-squatting.
- Author
-
Valentim, Rodolfo Vieira, Drago, Idilio, Mellia, Marco, and Cerutti, Federico
- Subjects
ARTIFICIAL intelligence ,SMART speakers ,ASSET protection ,TRANSFORMER models ,PHISHING - Abstract
Sound-squatting is a squatting technique that exploits similarities in word pronunciation to trick users into accessing malicious resources. It is an understudied threat that has gained traction with the popularity of smart speakers and audio-only content, such as podcasts. The picture gets even more complex when multiple languages are involved. We here introduce X-squatter, a multi- and cross-language AI-based system that relies on a Transformer Neural Network for generating high-quality sound-squatting candidates. We illustrate the use of X-squatter by searching for domain name squatting abuse across hundreds of millions of issued TLS certificates, alongside other squatting types. Key findings unveil that approximately 15% of generated sound-squatting candidates have associated TLS certificates, well above the prevalence of other squatting types (7%). Furthermore, we employ X-squatter to assess the potential for abuse in PyPI packages, revealing the existence of hundreds of candidates within a 3-year package history. Notably, our results suggest that the current platform checks cannot handle sound-squatting attacks, calling for better countermeasures. We believe X-squatter uncovers the usage of multilingual sound-squatting phenomena on the Internet and it is a crucial asset for proactive protection against the threat. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
29. How do technology use patterns influence phishing susceptibility? A two-wave study of the role of reformulated locus of control.
- Author
-
Ayaburi, Emmanuel W. and Andoh-Baidoo, Francis Kofi
- Abstract
Phishing attacks continue to be a concern for academia and practice. Practitioners ranked phishing attacks second to data breaches in a recent industry survey. For scholars, interest in understanding the factors that influence phishing susceptibility, defined as user vulnerability to phishing attacks, continues to grow. While prior research has identified either state (situational cues) or trait (technology use) factors that influence users' response to phishing attacks, little previous research has investigated simultaneously user control of both state and trait factors on susceptibility to phishing. Additionally, the influence of users' automatic or routine technology use, user traits, on phishing susceptibility has not been examined. We investigate the effects of users' control of both state and trait factors on phishing susceptibility. Our results offer several interesting insights. Specifically, while routine technology use trait decreases phishing susceptibility, automatic technology use trait increases phishing susceptibility. Furthermore, while situational cues are related to phishing susceptibility, only users' automatic technology use is related to susceptibility to phishing under message sender situational cues. Our findings provide practical insights for developing countermeasures that incorporate the level of control into training programs that target trainees with customised training aimed at preventing successful phishing attacks. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
30. A machine learning model for predicting phishing websites.
- Author
-
Boussi, Grace Odette, Gupta, Himanshu, and Hossain, Syed Akhter
- Subjects
MACHINE learning ,RANDOM forest algorithms ,GEOGRAPHIC boundaries ,PHISHING ,COMPUTER crimes ,PHISHING prevention - Abstract
There are various types of cybercrime, and hackers often target specific ones for different reasons, such as financial gain, recognition, or even revenge. Cybercrimes are not restricted by geographical boundaries and can occur globally. The prevalence of specific types of cybercrime can vary from country to country, influenced by factors such as economic conditions, internet usage levels, and overall development. Phishing is a common cybercrime in the financial sector across different countries, with variations in techniques between developed and developing nations. However, the impact, often leading to financial losses, remains consistent. In our analysis, we utilized a dataset featuring 48 attributes from 5,000 phishing webpages and 5,000 legitimate webpages to predict the phishing status of websites. This approach achieved an impressive 98% accuracy. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
31. Russian business in the context of the growth of cybercrime: changes in economic behavior and protective mechanisms
- Author
-
S. G. Simonov and I. V. Lysenko
- Subjects
cybercrime ,phishing ,spoofing ,hacker attack ,information security ,cyber threats and vulnerabilities ,small and medium-sized businesses ,History (General) and history of Europe ,Economics as a science ,HB71-74 ,Newspapers ,AN - Abstract
The article is devoted to the identification and analysis of new vectors of cybercrime development, their localization and prevention. The analysis of secondary data, questionnaires, and expert assessment are used as research methods for this problem. The statistics of cybercrime in foreign countries and Russia in recent years have been analyzed. It is found out how the domestic business has changed its attitude to the security of information and information systems of the company. The sectoral landscape of cybercrimes in the Russian Federation for 2023 is presented. New vectors of phishing development are considered in detail and the main resources forged by hackers during phishing attacks are identified. Special attention is paid to phishing by the method of distribution, which today poses the greatest danger to Russian companies. Spoofing has been studied as a new type of cyberattack, where masquerading as a legal object (computer, device or network) is used by hackers as a means of penetrating other computer networks. The characteristics of modern types of spoofing and the negative consequences for business that they lead to are given. The measures taken at the state level to counter new vectors of cybercrime development are indicated. The conclusion is substantiated that state support and information protection measures themselves eliminate the consequences rather than the causes of high cybercrime, which is why the security problem cannot be solved without the participation of domestic business and the population of the country. The consolidated participation of Russian business in the fight against cybercrime is noted, which found its concrete embodiment in the creation of the F.C.C.T. joint-stock company. The key areas of activity of this company in the information technology market and the results of its work in 2023 are highlighted. Attention is focused on the fact that the creation of a joint-stock company F.C.C.T. in the country does not fully solve the problem of ensuring information security, which primarily concerns small and medium-sized business structures. It is stated that many of them, especially in the Russian regions, are not ready to purchase information security services not only financially, but also organizationally. Due to the low demand of entrepreneurs for vulnerability search services in the company’s software, web applications and IT infrastructure, it is proposed to build a typical SOC that meets the most minimal standards for combating cybercrime. An algorithm has been developed to achieve them in the form of step-by-step implementation of simple organizational and methodological recommendations for the prevention of cybercrimes and minimizing their consequences for small and medium-sized businesses.
- Published
- 2024
- Full Text
- View/download PDF
32. Adaptive hybrid learning for advanced phishing detection.
- Author
-
Hadi, Mohannad Hossain and Al-Saedi, Karim Hashim
- Subjects
- *
CYBERTERRORISM , *PHISHING , *BLENDED learning , *K-means clustering , *RANDOM forest algorithms - Abstract
Cybersecurity, particularly phishing detection, is an evolving field requiring dynamic and adaptive solutions. This study explored the efficacy of integrating supervised and unsupervised learning methods to enhance phishing website detection. The study initially employed a Random Forest classifier, a supervised learning model, demonstrating high accuracy in differentiating between legitimate and phishing websites, which achieved an accuracy of 98.00%, with precision and recall rates of 98.21% and 98.19%, respectively, for legitimate websites and 98.20% and 97.80%, respectively, for phishing websites. To further refine this approach, unsupervised learning techniques, specifically K-Means clustering and Isolation Forest anomaly detection, were integrated. The integrated model showed a nuanced shift in performance, where the precision rates changed to 97.84% for legitimate sites and 98.15% for phishing sites, whereas the recall rates were adjusted to 98.12% for legitimate sites and 97.48% for phishing sites, leading to an overall accuracy of 97.79%. This integration aims to uncover subtle and complex patterns that are indicative of sophisticated phishing activities that a purely supervised model may overlook. Although the integrated model shows a slight decrease in traditional performance metrics, such as accuracy and precision, it offers increased sensitivity to diverse and evolving phishing threats. A slight reduction in accuracy was considered in the context of the model's enhanced capability to detect anomalies and adapt to new patterns, which are crucial for countering modern cyber threats. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
33. Enhanced accuracy performance in detecting phishing website based on neuro fuzzy scheme comparison with support vector machine algorithm.
- Author
-
Saideep, T. and Priyadarsini, P. S. Uma
- Subjects
- *
INTERNET content , *FUZZY algorithms , *FUZZY systems , *PHISHING , *CYBERTERRORISM - Abstract
This study primarily employs a support vector machine strategy and a novel neuro fuzzy scheme to address the issue of cyberattacks on online content. After using the proposed approaches, we get an 80% G-power after estimating 10 samples for each group. When comparing the two algorithms, it is remarkable to see that the Support Vector Machine Algorithm outperforms the neuro fuzzy algorithm by an incredible 85 percent when it comes to identifying phishing websites. In SPSS's view, the two datasets couldn't be more different. The data indicates that a significance level of 0.001 (p<0.05) is necessary. In this study, the Support Vector Machine Algorithm outperformed neuro fuzzy systems in predicting retinopathy. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
34. An efficient detection of phishing sites in cloud computing using enhanced convolution neural network compared over linear regression with improved accuracy.
- Author
-
Kishore, S., Kumar, A., and Narendran, R.
- Subjects
- *
CONVOLUTIONAL neural networks , *PHISHING , *WEBSITES , *CLOUD computing , *INTERNET users - Abstract
The research aims to enhance the accuracy of phishing site detection in a cloud setting by employing innovative convolutional neural networks over traditional linear regression. The study involved comparing the performance of Novel Convolution Neural Network and Linear Regression algorithms using a sample size of 10, determined through a sample size calculation with a G-power of 0.8, alpha of 0.05, beta of 0.2, and a confidence interval of 95.52%. The Web page Phishing Detection Dataset, comprising 11,430 entries, was employed to identify phishing attacks, a prevalent method for acquiring confidential information from internet users. The findings revealed that the Novel Convolution Neural Network (95.52%) outperformed the Linear Regression (92.14%) algorithm significantly in detecting phishing sites. The Independent sample T-test exhibited a p-value of 0.003, below the significance level of 0.05, indicating a statistically significant difference between the study groups. In the context of cloud-based phishing site detection, Novel Convolution Neural Networks demonstrate superior accuracy compared to Linear Regression. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
35. A study and survey of chrome extension to detect phishing websites.
- Author
-
Machap, Kamalakannan, Murakami, Rin, and Rahman, Nor Azlina Abdul
- Subjects
- *
MACHINE learning , *INTERNET privacy , *PHISHING , *RANDOM forest algorithms , *SELF-efficacy - Abstract
This paper is focusing on the development of a efficient Chrome extension designed to detect phishing websites. Phishing attacks continue to pose a significant threat to online users, compromising their sensitive information and causing financial losses. The proposed extension utilizes random forest machine learning algorithm to analyze website URL, enabling the identification and alerting of potential phishing attempts. By integrating with the user's browsing experience, the extension provides a proactive defense mechanism, empowering users to make informed decisions and stay protected from phishing attacks. The research work effectiveness is evaluated through extensive testing. Overall, this research contributes to enhancing user security and privacy in the online ecosystem, with implications for both individual users and organizations concerned with cybersecurity. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
36. Email spam detection and filtering using machine learning.
- Author
-
Asha, P., Siddhartha, Katakam, Manikanta, Kodati Naga Satya Sai, Gopi, Chilukuri, and Mayan, J. Albert
- Subjects
- *
SPAM filtering (Email) , *SPAM email , *MACHINE learning , *RANDOM forest algorithms , *PHISHING - Abstract
Phishing assaults, in which the perpetrator masquerades as a legitimate source in order to obtain confidential material, are now a serious threat due to the rapid growth of online consumers damaging one's credibility, costing one's money, or infecting one's computer with spyware and perhaps other viruses. Due to their capacity to sift through large amounts of data in search of patterns that can be used to make predictions, intelligent approaches like ML & DL were finding growing usage in the realm of cybersecurity. In this study, we explore the efficacy of using such clever methods to identify phishing websites. We utilized two different data sets and picked the most highly linked attributes, which included both content-based and URL-lexical/domain-based characteristics. After that, many ML models were implemented, and their relative efficacy was assessed. The results demonstrated the significance of selecting features in raising the quality of the models. In addition, the findings attempted to determine the most useful factors that affect the model when it comes to recognizing phishing websites. When it came to classifying data, the Random Forest (RF) algorithm performed best across the board. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
37. Detection of Phishing websites using various machine learning techniques.
- Author
-
Eliazer, M., Baalaji, Haree, and Abhilash, Chalamcharla Naga
- Subjects
- *
PHISHING , *FEATURE selection , *WEBSITES , *RANDOM forest algorithms , *MACHINE learning , *PHISHING prevention - Abstract
Phishing is a type of cybercrime when unsuspecting individuals are persuaded to give crucial informationto the phishers through spammed messages and phony websites. This is how confidential information gathered is utilized to access money or take people. This study aims to build a phished channel using several machine learning methods. Classification is a machine learning approach that may be used to identify phishers. It creates and tests models using a number of setting combinations, contrasts different machine learning techniques, assesses the accuracy of a created model, and calculates a range of assessment metrics. In the current study, Nave Bayes (NB) and Random Forest (RF) are two machine learning techniques that are compared for their forecast performance, F1Score, precession, and recall. The approach is also improved by employing feature selection methods, which increases the accuracy in detecting phishing. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
38. Phishing website detection using machine learning algorithms.
- Author
-
Reddy, M. Shivananda, Reddy, K. M. Yogeswar, and Vinod, D.
- Subjects
- *
MACHINE learning , *COMPUTER passwords , *PHISHING , *CLASSIFICATION algorithms , *CREDIT cards , *CONSUMERS - Abstract
The objective of the work is to propose phishing website detection using machine learning. The online shoppers often provide sensitive information such as passwords, usernames, and credit card details, which makes them vulnerable to phishing websites that use such information for malicious purposes. To combat this problem, we have introduced an intelligent, adaptable, and efficient system that leverages machine learning techniques to detect and predict phishing websites. Our system utilizes a classification algorithm and methods for identifying phishing criteria to determine their authenticity. By analysing key features such as URL and domain identity, security, and encryption criteria, our system achieves a high rate of phishing detection. The system can be used by e-commerce businesses to secure their transaction process, and the machine learning algorithm used in our system outperforms conventional classification algorithms, providing online shoppers with a secure and confident shopping experience, our system willuse a machine learning algorithm to detect fraudulent websites. This application can be utilized by various e-commerce enterprises to secure the entire transaction process. Comparing this system's machine learning method to other conventional classification algorithms, it performs better. The user can buy goods without any hesitation online with the aid of this method. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
39. The challenges of cyber space with crime-as-a-service (CAAS) to amateur attackers.
- Author
-
Chandhar, Kothakonda, Kandukuri, Shashikanth, Shiva, Jangalapelli, and Sandeep, Achi
- Subjects
- *
SOCIAL engineering (Fraud) , *PHISHING , *DEBIT cards , *CREDIT cards , *EMAIL security - Abstract
Phishing is a type of attack that is often used to steal user data, including personal login credentials, debit cards, or credit card numbers. For hackers, phishing is an easy way to find and track any person's information or company data. In general, an effective phishing campaign requires a well-prepared cybercriminal with technical expertise and social engineering knowledge. However, with the rise of CaaS (Crime-as a-Service), anyone can become an expert in phishing for a little charge. CaaS vendor offer everything the amateur attacker needs to make their own effective phishing attack, from point-by-point target records to marked email formats. Intruders can even pay amount for access to compromised servers to conceal their tracks all the more without any problem. By eliminating large number of barriers to entry, this type of trend has made it simple to make a compelling phishing attack. And that is a major issue for the associations being targeted. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
40. The Second-Factor Authentication System at CERN.
- Author
-
Ahmad, Adeel, Aguado Corman, Asier, Short, Hannah, Valsan, Liviu, Fava, Maria, Tedesco, Paolo, Lopienski, Sebastian, Lueders, Stefan, and Brillault, Vincent
- Subjects
- *
PHISHING , *ARCHITECTURE , *COMPUTER users , *COMPUTER literacy , *DATA flow computing - Abstract
In 2022, CERN ran its annual simulated phishing campaign in which 2000 users gave away their passwords. In a real phishing incident, this would have meant 2000 compromised accounts, unless they were protected by Two-Factor Authentication (2FA). In the same year, CERN introduced 2FA for accounts with access to critical services. The new login flow requires users to always authenticate with a 2FA token, either with Time-based one-time password (TOTP) or WebAuthn. This introduces a significant security improvement for the individual and for the laboratory. The previous flow enforced 2FA to access a small number of applications. In this paper, we will discuss the rationale behind the 2FA deployment, as well as the technical setup of 2FA in the CERN Single Sign-On system, Keycloak. The paper will give a detailed overview of the architecture for this new 2FA flow and compare how it differs from the legacy 2FA system which was in place since 2019. We share statistics on how users are responding to this change in the login flow, and the actions we have taken to improve the user experience. Finally, we briefly describe our custom extensions to Keycloak for specific use cases, which include adding roles in the user token, overriding the default Keycloak session, and modifying the user login flow. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
41. Integrating the PanDA Workload Management System with the Vera C. Rubin Observatory.
- Author
-
Karavakis, Edward, Guan, Wen, Yang, Zhaoyu, Maeno, Tadashi, Wenaus, Torre, Adelman-McCarthy, Jennifer, Barreiro Megino, Fernando, De, Kaushik, Dubois, Richard, Gower, Michelle, Jenness, Tim, Klimentov, Alexei, Korchuganova, Tatiana, Kowalik, Mikolaj, Lin, FaHui, Nilsson, Paul, Padolski, Sergey, Yang, Wei, and Ye, Shuwei
- Subjects
- *
PHISHING , *ARCHITECTURE , *COMPUTER users , *COMPUTER literacy , *DATA flow computing - Abstract
The Vera C. Rubin Observatory will produce an unprecedented astronomical data set for studies of the deep and dynamic universe. Its Legacy Survey of Space and Time (LSST) will image the entire southern sky every three to four days and produce tens of petabytes of raw image data and associated calibration data over the course of the experiment's run. More than 20 terabytes of data must be stored every night, and annual campaigns to reprocess the entire dataset since the beginning of the survey will be conducted over ten years. The Production and Distributed Analysis (PanDA) system was evaluated by the Rubin Observatory Data Management team and selected to serve the Observatory's needs due to its demonstrated scalability and flexibility over the years, for its Directed Acyclic Graph (DAG) support, its support for multi-site processing, and its highly scalable complex workflows via the intelligent Data Delivery Service (iDDS). PanDA is also being evaluated for prompt processing where data must be processed within 60 seconds after image capture. This paper will briefly describe the Rubin Data Management system and its Data Facilities (DFs). Finally, it will describe in depth the work performed in order to integrate the PanDA system with the Rubin Observatory to be able to run the Rubin Science Pipelines using PanDA. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
42. PHISHING SUSCEPTIBILITY IN CONTEXT: A MULTILEVEL INFORMATION PROCESSING PERSPECTIVE ON DECEPTION DETECTION.
- Author
-
Wright, Ryan T., Johnson, Steven L., and Kitchens, Brent
- Abstract
Despite widespread awareness of risks, significant investments in cybersecurity protection, and substantial economic incentives to avoid security breaches, organizations remain vulnerable to phishing attacks. Phishing research has informed effective practical interventions to address phishing susceptibility that emphasize the importance of broadly applicable IT security knowledge. Yet employees still frequently fall victim to phishing attempts. To help understand why, we conceptualize phishing susceptibility as the failure to differentiate between deceptive and legitimate information processing requests that occur within the context of an employee's typical job responsibilities. We apply this contextual lens to identify characteristics of knowledge workers' organizational task and social context that may enhance or diminish performance in detecting deception in phishing email attempts. To test our hypotheses, we conducted a study in which employees of the finance division of a large university encountered simulated email-based phishing attempts as part of their normal work routine. We found evidence supporting our hypotheses that an individual's susceptibility to phishing attacks is influenced by their position in the knowledge flows of the organization and by the impact of workgroup responsibilities on their cognitive processing. We contend that phishing susceptibility is not merely a matter of IT security knowledge but is also influenced by contextualized, multilevel influences on information processing. As phishing attacks are increasingly targeted to specific organizational settings, it is even more important to incorporate this contextualized information processing view of phishing susceptibility. [ABSTRACT FROM AUTHOR]
- Published
- 2023
- Full Text
- View/download PDF
43. False saviour.
- Author
-
Kennedy, Liam
- Subjects
- *
LANGUAGE models , *SOCIAL media , *GENERATIVE artificial intelligence , *POSTAL service , *FLIGHT delays & cancellations (Airlines) , *PHISHING - Abstract
Impersonation scams on social media platforms, particularly on X (formerly known as Twitter), are targeting customers of major companies, including airlines, in order to steal money or personal information. Scammers create fake accounts that closely resemble official company accounts and respond to posts from customers seeking assistance. They then direct users to private messaging services where they can be sent dangerous links or asked to provide sensitive information. The problem has been exacerbated by changes to X's verification system, which has made it harder to distinguish between fake and legitimate accounts. Experts and consumer organizations are calling for stronger regulations and accountability measures to protect users from scams. [Extracted from the article]
- Published
- 2024
44. ВІДПОВІДАЛЬНІСТЬ ОСОБИ ЗА НЕПРАВОМІРНІ ДІЇ В ІНТЕРНЕТІ: ПРАВОВІ ТА ЕТИЧНІ АСПЕКТИ
- Author
-
І. П., Бахновська and О. А., Слободиська
- Subjects
LEGAL norms ,COPYRIGHT infringement ,SOCIAL responsibility ,INFORMATION society ,LEGAL compliance ,PHISHING - Abstract
The article examines the legal and ethical aspects of a person's responsibility related to the use of the Internet as a means of mass information. It is noted that psychotraumatization by war has become an everyday part of modern life, the media space has changed, which can become a powerful stressor and lead to media trauma of the population and a gradual decrease in the level of its psychological stability. In order to counteract dangerous influences on the Internet, the socialization of the population must be transformed, ensuring stress resistance and mental health of citizens through increasing legal and media literacy. It is noted that a modern person is not only a consumer of content, but also its author, that is, he can freely collect, store, use and distribute information orally, in writing or in another way - as he chooses. However, such information must be disseminated in compliance with the legal norms regarding its authenticity and must not tarnish the honor, dignity and business reputation of other persons, their mental health, i.e. everyone must be aware of their social responsibility for publicizing sensitive information for society. The article describes various types of offenses, such as: cybercrime, phishing, inciting enmity, spreading false information, insult and defamation, copyright infringement, breach of privacy, misuse of Internet resources, spam and unsolicited messages. The features of civil, administrative and criminal liability for the listed offenses are characterized. Also, the article states that persons who distribute illegal content may be held liable. Web resources and their officials can be held responsible only if they ignored the demands of the rights holders to stop copyright infringement or ignored content that is illegal in itself. The article demonstrates that every user must be aware that his actions can have real consequences for himself and other people. It is noted that it is important to adhere to ethical standards, including respect for the privacy of others, credibility and responsibility for the information that is published. Compliance with legal norms and ethical principles is the basis of safe and responsible use of the Internet. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF
45. Situational Contingencies in Susceptibility of Social Media to Phishing: A Temptation and Restraint Model.
- Author
-
Qahri-Saremi, Hamed and Turel, Ofir
- Subjects
PHISHING ,SOCIAL media ,INFORMATION technology security ,SLEEP quality ,TEMPTATION ,OPERANT behavior - Abstract
User susceptibility to phishing messages on social media is a growing information security concern. Contingency factors that can influence this susceptibility and the theoretical mechanisms through which they operate need more scholarly attention. To bridge this gap, we present a temptation and restraint (TR) model (a specific manifestation of the dual–system theory) of social media phishing susceptibility, which explains it as an outcome of a struggle between users' temptation toward engaging with a social media phishing message and their cognitive and behavioral restraint against it. The balance in this struggle is a function of various situational contingencies. First, via a Delphi study, we identify four key situational contingency factors in the context of social media that can influence this balance: (1) poor sleep quality, (2) social media ostracism, (3) source likability, and (4) fear appeals. Next, via five randomized controlled experiments using an ostensible social media paradigm with social media users, we show that the TR model explains (a) why and how users engage with social media phishing messages, and (b) when users are more or less susceptible to it based on key situational contingency factors. Our findings offer a nuanced perspective on social media phishing susceptibility, elucidate the fundamental roles of situational contingencies in the genesis of social media phishing victimization, and delineate important directions for future research in this area [ABSTRACT FROM AUTHOR]
- Published
- 2023
- Full Text
- View/download PDF
46. Carrier Global takes collaborative approach to cybersecurity
- Subjects
Data security ,Phishing ,Work environment ,Internet -- Safety and security measures ,Identity theft ,Cyberterrorism ,Security systems ,Internet security ,Data security issue ,Computers - Abstract
For enterprises that do business worldwide, cybersecurity can be a complex undertaking, as risks such as phishing attacks by threat actors continuously evolve across the globe to bypass traditional defenses [...]
- Published
- 2024
47. SAP SE revamps application security scanning using simulation and automation
- Subjects
SAP SE ,Computer software industry ,Internet software ,Phishing ,Web applications ,Security management ,Computers - Abstract
As a result, SAP is always evolving its security measures to stay ahead of cyber threats. The company recently launched a dynamic application security scanning system to detect vulnerabilities that [...]
- Published
- 2024
48. 12 dark web monitoring tools
- Subjects
Phishing ,Identity theft ,Web site management software ,Web site management software ,Computers - Abstract
What is dark web monitoring? Dark web monitoring is a service often offered by cybersecurity vendors that scans the dark web for information pertaining to an organization. These software scan [...]
- Published
- 2024
49. ‘Unusual’ Voldemort cyberespionage attack impersonates tax authorities
- Subjects
Phishing ,Spyware ,Identity theft ,Computers - Abstract
Researchers have identified an attack that impersonates tax authorities from several countries to compromise organizations and deploy a custom backdoor program dubbed Voldemort. While the campaign uses tactics seen in [...]
- Published
- 2024
50. The Role of AI in Email Security: Beyond Phishing Detection
- Subjects
Electronic mail systems ,Phishing ,Spyware ,Identity theft ,E-mail ,Computers - Abstract
Artificial Intelligence (AI) has long been recognized for its role in detecting phishing attempts, but its capabilities extend far beyond that. With the rise of sophisticated cyber threats, AI has [...]
- Published
- 2024
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.