Download presentation
Presentation is loading. Please wait.
1
presented by: Lingzi Hong
Social Phishing presented by: Lingzi Hong
2
Research Question Question: How easily and effectively can a fisher exploit social network data found on the Internet to increase the yield of a phishing attack? Answer: Four times as likely to become victims!
3
Relative Work technical vulnerabilities: spear phishing or context aware phishing gain trust by history, preferences information personal information from public databases, websites, public records, etc. social vulnerabilities: 4. Emigh, A. Online identity theft: Phishing technology, chokepoints and countermeasures. ITTC Report on Online Identity Theft Technology and Countermeaures (Oct. 2005); dhs-report.pdf. 11.Jakobsson, M. and Myers, S. Phishing and Counter-Measures. John Wiley and Sons, 2006.
5
Experiment Procesure Data: crawl, parse, cross-correlating with IU’s address book database Subject: IU students aged 18 to 24 sampled to represent typical phishing victims experiment protocols
6
A: overall situation: first 12 hours, 70% successful authentication——-rapid takedown
B: number of times authenticated or refreshed their credentials
7
Experiment Results control experiment gender effect
8
age effect and major effect
Experiment Results age effect and major effect
9
comments and feedback about the experiment
440 posts, majority are supportive 30 complaints, 1.7% of the participants insights: ethical aspects of the study, better understanding of phishing victims, vulnerabilities and feelings following the attack.
10
comments and feedback about the experiment
Anger: phishing not only has the potential monetary costs associated with identity theft, but also a significant psychological cost to victims. Denial: difficult to admit vulnerability, as a consequence many phishing attacks may go unreported.success rate underestimated. Misunderstanding of . underestimation of dangers of publicly posted personal information
11
Discussion ethical ways to conduct experiments on social engineering attacks, help to design effective countermeasures. solutions: 1.digitally signed 2.browser toolbar which alerts users of likely web spoofing attempts. 3. need for extensive educational campaigns about phishing and other security threats.
12
Questions Only requires University access, different from real phishing, students may not be alert to privacy release. Successful rate for both control group and social groups are very high. Other than age, gender, major, try to find other relations. e.g.. number of friends in social network, online activity, level of information literacy and vulnerability of phishing attack.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.