Social Phishing - PowerPoint PPT Presentation

1 / 21

About This Presentation

Title:

Social Phishing

Description:

Facebook. Orkut. LinkedIn. Identified 'Circles of friends' ... Their email account is hacked. Overestimate the security and privacy of email ... – PowerPoint PPT presentation

Number of Views:422

Avg rating:3.0/5.0

Slides: 22

Provided by: kin85

Category:

more less

Transcript and Presenter's Notes

Title: Social Phishing

1
Social Phishing

Tom N. Jagatic
Nathaniel A. Johnson
Markus Jakobsson
Filippo Menczer
Presenter Ieng-Fat Lam
Date 2007/4/1

2
Paper to present

Jagatic, T.N. and Johnson, N.A. and Jakobsson, M.
and Menczer, F. Social Phishing, Communications
of the ACM, V0l. 50, No. 10, pp. 94100, ACM
Press New York, NY, USA , 2007
Tom N. Jagatic
Massachusetts Institute of Technology
Nathaniel A. Johnson
Indiana University, Bloomington
Markus Jakobsson
Indiana University, Bloomington
Filippo Menczer
Indiana University, Bloomington

2
3
Outline

Motivation
Method
Experiment
Results
Conclusion

3
4
Motivation

Phishing case are growing
19 clicked on link to phishing site
3 admitted provided financial information
Phishers are getting smarter
Notifying the victim of a Security Threat
And ask for personal information to solve the
problem
Spear phishing and context-aware phishing
Gain trust of victim by showing
bidding history
shopping preference
Inferred browse history and mothers maiden name

4
5
Motivation (cont.)

Growing number of social networking sites
Myspace
Facebook
Orkut
LinkedIn
Identified Circles of friends
Allow a phisher to harvest large amounts of
reliable social network information

5
6
Motivation (cont.)

Phishing Attacks take advantage of
Both technical and social vulnerabilities
We discuss
How phishing attacks can be honed By means of
publicity available personal information from
social networks ?
The question we ask is
How easily and effectively can a phisher exploit
social network found on the Internet to increase
the yield of a phishing attack ?

6
7
Motivation (cont.)

The answer is
Very easily and very effectively
Internet users
May be over four times as likely to become a
victim
If they are solicited by someone appearing to be
a known acquaintance

7
8
Method

Harvested freely available acquaintance data
Crawl social networking sites
Using Perl LWP library (libwww-perl)
Focused on a subset of targets
Affiliated with Indiana University (IU)
Cross-correlating the data with IUs address book
DB
Launch an actual (but harmless) phishing attack
Targeting IU students aged 18 to 24 years old
Sampled to represent typical phishing victims
To quantify, in an ethical manner
How reliable social context would increase the
success of phishing attack

8
9
Method (cont.)
9
Figure1 Illustration of phishing experiment
10
Method (cont.)

Phishing experiment
Blogging, social network, and other public data
is harvested
Data is correlated and stored in a relational
database
Heuristics are used to craft spoofed email
message by Eve as Alice to Bob (a friend)
Message is sent to Bob
Bob follows the link contained within the email
message and is sent to an unchecked redirect
Bob is sent to attacker whuffo.com site
Bob is prompted for his University credentials
Bobs credentials are verified with the
University authenticator
a. Bob is successfully phishedb. Bob is not
phished in this session he could try again.

10
11
Method (cont.)

Social Network Group
Spoofed email between two friends, Alice and Bob
Bob was redirected to a phishing site with domain
name distinct from IU
The site prompt Bob to enter university
credentials.
Control Group
Subjects received same message
From unknown fictitious (??) person with
university email

11
12
Result

Relatively high success in control group (16)
Subtle (??) context, senders email address,
hyperlink showed
Social network group is much higher (72)
Consistent with grade report experiment
(Ferguson, 2005)
80 cadet were deceived by link of grade report

Table1 Results of the social network phishing
attack and control experiment. From t-test, the
difference is very significant (p lt 10-25)
12
13
Result (cont.)

Phisher sites access log
70 of successful authentication occurred in
first 12 hours
Supports the importance of rapid takedown
Some user visited the site over 80 times
Social context of the attack leads peoples to
overlook important rules

13
14
Result (cont.)

Figure2
Unique visits and authentications per hour.
Distributions of repeat authentications and
refreshes of authenticated users.(victims who
successfully authenticated were shown a fake
message indicating the server was overloaded and
asking them to try again later.)

14
15
Result (cont.)

Gender of the subjects who fell victim
Females were more likely to become victims
The attack is more successful if spoof message
sent by opposite gender

Table2 Gender effects. The harvest profiles of
potential subjects identified a male/female ratio
close to that of the general student population
(18,294 males and 19,527 females) X2 test gender
of the sender did not have significant effect on
success rate (p 0.3), gender of receiver was
significant ( p lt0.005), combination of
sender-receiver genders also significant (p lt
0.004)
15
16
Result (cont.)

Demographics
Younger targets being slightly more vulnerable
Students in science major seemed to be the least
vulnerable group
Subjects and participants
Are invited to project web site and blog
30 complains (1.7)

16
17
Result (cont.)

Figure3
Success rate of phishing attack by target
class.t-test Difference in success rates are
significant for all classes (p lt 0.01)
Success rate of phishing attack by target
major.t-test Difference in success rates are
significant for all majors (p lt 0.02)

17
18
Result (cont.)