Presentation is loading. Please wait.

Presentation is loading. Please wait.

Markus Jakobsson School of Informatics Indiana University Bloomington, IN 47406, USA Jacob Ratkiewicz Dept. of Computer Science Indiana University Bloomington,

Published byClaude Gardner Modified over 9 years ago

Similar presentations

Presentation on theme: "Markus Jakobsson School of Informatics Indiana University Bloomington, IN 47406, USA Jacob Ratkiewicz Dept. of Computer Science Indiana University Bloomington,"— Presentation transcript:

1 Markus Jakobsson School of Informatics Indiana University Bloomington, IN 47406, USA Jacob Ratkiewicz Dept. of Computer Science Indiana University Bloomington, IN 47406, USA Designing Ethical Phishing Experiments: A study of (ROT13) rOnl query features

2 Introduction Phishing Ethical & Accurate Experiment V.S. Attack status

3 Previous work Gartner Group 2004 servey $2.4 billion per year in the US alone Around 5% adult American Internet users are successfully targeted by phishing attacks each year Lower bound

4 Previous work Mailfrontier March ’05 (report) identified phishing emails correctly 83% of the time identified legitimate emails 52% of the time. Their conclusion Our believe

5 Techniques Monitoring of ongoing attacks Administrators Lower estimate Real Experiment Ethical & accurate

6 USER-TO-USER PHISHING ON RONL rOnl User-to-User Communication Third Party

7 USER-TO-USER PHISHING ON RONL Abusing User-to-User Communication Content injection attack Spoofing attack ContextAware Attacks

8 Content injection attack

9 Spoofing attack

10 ContextAware Attacks Purchase History Username / Email Correspondence

11 RONL PHISHING SCENARIOS Attack 1: Context-aware spoofing attack Attack 2: Contextless spoofing attack

12 Experimenting with Spoofing Experiment 1: context & Non-malicious link Experiment 2: No context & Non-malicious link

13 Experimenting with Spoofing

14 Experimenting with a Malicious Link Experiment 3: Context & Malicious link Experiment 4: No Context & Malicious link

15 Experimenting with a Malicious Link

16 Experiment Design Analysis

17 METHODOLOGY Identity Linkage 93 rOnl users (through the rOnl interface). 44 of the 93 users (47%) Automated Google searches with several queries limited to cgi.ronl.com(237)

18 Experimental Email Multi Accounts & Days Questions 1. Hi! How soon after payment do you ship? Thanks! 2. Hi, can you ship packages with insurance for an extra fee? Thanks. 3. HI CAN YOU DO OVERNIGHT SHIPPING?? 4. Hi - could I still get delivery before Christmas to a US address? Thanks!! (sent a few weeks before Christmas ’05).

19 Results

20 Questions

Download ppt "Markus Jakobsson School of Informatics Indiana University Bloomington, IN 47406, USA Jacob Ratkiewicz Dept. of Computer Science Indiana University Bloomington,"

Similar presentations

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
Alert Driven Process Integration and Exception Handing: A Case Study on Audit Confirmation with Web Service Mandy Y.S. Tong Dept. of Computer Science,

Alert Driven Process Integration and Exception Handing: A Case Study on Audit Confirmation with Web Service Mandy Y.S. Tong Dept. of Computer Science,
Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.

Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.
Breaking Trust On The Internet

Breaking Trust On The Internet
Jason Rich CIS - 158 1.  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
Users Are Not Dependable How to make security indicators that protect them better Min Wu, Simson Garfinkel, Robert Miller MIT Computer Science and Artificial.

Users Are Not Dependable How to make security indicators that protect them better Min Wu, Simson Garfinkel, Robert Miller MIT Computer Science and Artificial.
Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.
Social Phishing Tom N. Jagatic Nathaniel A. Johnson Markus Jakobsson Filippo Menczer Presenter: Ieng-Fat Lam Date: 2007/4/1.

Social Phishing Tom N. Jagatic Nathaniel A. Johnson Markus Jakobsson Filippo Menczer Presenter: Ieng-Fat Lam Date: 2007/4/1.
Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.

Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.
Chapter 9: Configuring Internet Explorer. Internet Explorer Usability Features Reorganized user interface Instant Search box RSS support Tabbed browsing.

Chapter 9: Configuring Internet Explorer. Internet Explorer Usability Features Reorganized user interface Instant Search box RSS support Tabbed browsing.
Extending Instant Messaging to Provide Pervasive Personal Communication Wei Li, Fredrik Kilander and Carl Gustaf Jansson {liwei, fk, Department.

Extending Instant Messaging to Provide Pervasive Personal Communication Wei Li, Fredrik Kilander and Carl Gustaf Jansson {liwei, fk, Department.
Application Process USAJOBS – Application Manager USA STAFFING ® —OPM’S AUTOMATED HIRING TOOL FOR FEDERAL AGENCIES.

Application Process USAJOBS – Application Manager USA STAFFING ® —OPM’S AUTOMATED HIRING TOOL FOR FEDERAL AGENCIES.
Google Docs & Sun City HH Computer Club Website WWW.suncitycc.org.

Google Docs & Sun City HH Computer Club Website
Social networking FACEBOOK AND TWITTER. Then In the beginning of Facebook, there were very few features. There were no status updates, messages, photo.

Social networking FACEBOOK AND TWITTER. Then In the beginning of Facebook, there were very few features. There were no status updates, messages, photo.
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
The Study of Security and Privacy in Mobile Applications Name: Liang Wei

The Study of Security and Privacy in Mobile Applications Name: Liang Wei
Security Framework For Cloud Computing -Sharath Reddy Gajjala.

Security Framework For Cloud Computing -Sharath Reddy Gajjala.
May 2014 Zimele Technologies Customer convenience through mobile MDMS applications.

May 2014 Zimele Technologies Customer convenience through mobile MDMS applications.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Similar presentations

Ads by Google