Presentation is loading. Please wait.

Presentation is loading. Please wait.

Human Factors in Security Phishing, Scam, Leaked Credentials

Published byMoses Peters Modified over 6 years ago

Similar presentations

Presentation on theme: "Human Factors in Security Phishing, Scam, Leaked Credentials"— Presentation transcript:

1 Human Factors in Security Phishing, Scam, Leaked Credentials
Phishing and spoofing Why spoofing is still possible? How could spoofing/phishing s penetrate the current defense? How to build robust and usable phishing detection and alert systems Measurement + User study Poor defense: SPF/DKIM/DMARC, 4%~48% adoption rate Spoofing indicators are largely missing Mobile phishing is even more serious Gmail

2 Human Factors in Security (Cont.) Phishing, Scam, Leaked Credentials
Understanding the persistent threat from leaked credentials How often do users reuse or modify passwords across services? How quickly do users change the reused (leaked) passwords? Are modified passwords predicable? Empirical approach instead of user studies Data-driven: 28M users, 62M passwords, 107 services 52% of users reused or modified passwords across services and shopping passwords mostly reused Guessing algorithm: 16 Million passwords cracked in < 10 guesses

3 Adversarial Machine Learning in the physical domain
Stop Sign Fool a machine learning system is relatively easy Most work focuses on the “digital domain” Machine learning cannot (does not) reason like human New challenges in the physical domain Various sources of errors make the attack more difficult View angle, distance, quantization, resolution Attacks require training data from the physical world, expensive Can we model the differences between digital and physical world? How to defend against adversarial attacks? Yield Sign + =

4 Other Projects GPS spoofing to attack mobile navigation systems (self-driving car) In preparation Crowdsourcing social media data to detect security events CIKM 2017 Mobile deep links to hijack web-to-mobile communications USENIX Security 2017 Detecting collusion between mobile apps Asia CCS 2017, MoST 2017 The social aspects of mobile payments ICWMS 2017, GROUP 2018

Download ppt "Human Factors in Security Phishing, Scam, Leaked Credentials"

Similar presentations

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.
Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.

Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.
ISEC0511 Programming for Information System Security

ISEC0511 Programming for Information System Security
WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.
KAIST Web Wallet: Preventing Phishing Attacks by Revealing User Intentions Min Wu, Robert C. Miller and Greg Little Symposium On Usable Privacy and Security.

KAIST Web Wallet: Preventing Phishing Attacks by Revealing User Intentions Min Wu, Robert C. Miller and Greg Little Symposium On Usable Privacy and Security.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Phishing: Trends and Countermeasures Blaine Wilson.

Phishing: Trends and Countermeasures Blaine Wilson.
The spoofed email. The spoofing The link appears as www.noodlebank.comwww.noodlebank.com (i.e NOODLEBANK.com) But actually it links to www.nood1ebank.comwww.nood1ebank.com.

The spoofed . The spoofing The link appears as (i.e NOODLEBANK.com) But actually it links to
Awicaksi E-Commerce Security & Payment System E-Commerce.

Awicaksi E-Commerce Security & Payment System E-Commerce.
Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.

Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.
Leveraging e-Delivery to Maximize e-Payments Jeff McKenzie - Vice President, Integrated Solutions Neopost USA.

Leveraging e-Delivery to Maximize e-Payments Jeff McKenzie - Vice President, Integrated Solutions Neopost USA.
A Quick Insight Paper about phishing attacks based on usability study Users required to classify websites as fraudulent/legitimate using security tools.

A Quick Insight Paper about phishing attacks based on usability study Users required to classify websites as fraudulent/legitimate using security tools.
Free, online, technical courses Take a free online course. Microsoft Virtual Academy.

Free, online, technical courses Take a free online course. Microsoft Virtual Academy.
Security Analytics Thrust Anthony D. Joseph (UCB) Rachel Greenstadt (Drexel), Ling Huang (Intel), Dawn Song (UCB), Doug Tygar (UCB)

Security Analytics Thrust Anthony D. Joseph (UCB) Rachel Greenstadt (Drexel), Ling Huang (Intel), Dawn Song (UCB), Doug Tygar (UCB)
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.

Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
C AMPUS A PP S TORE By: Tuan Bui. Puzzle Campus services are scattered across many web pages that are difficult to find and navigate (especially on mobile.

C AMPUS A PP S TORE By: Tuan Bui. Puzzle Campus services are scattered across many web pages that are difficult to find and navigate (especially on mobile.
Cybersecurity Test Review Introduction to Digital Technology.

Cybersecurity Test Review Introduction to Digital Technology.
Human Factors in Cyber Security: A Review for Research & Education P. Vigneswara Ilavarasan, PhD 1.

Human Factors in Cyber Security: A Review for Research & Education P. Vigneswara Ilavarasan, PhD 1.
PRESENTED BY Raju. What is information security?  Information security is the process of protecting information. It protects its availability, privacy.

PRESENTED BY Raju. What is information security?  Information security is the process of protecting information. It protects its availability, privacy.

Similar presentations

Ads by Google