PhishEye: Live monitoring of sandboxed phishing kits

Han, Xiao; Kheir, Nizar; Balzarotti, Davide
CCS 2016, 23rd ACM conference on Computer and communications security, October 24-28, 2016, Vienna, Austria

ACM Europe Student Best Paper Award

Phishing is a form of online identity theft that deceives unaware users into disclosing their confidential information. While significant effort has been devoted to the mitigation of phishing attacks, much less is known about the entire life-cycle of these attacks in the wild, which constitutes, however, a main step toward devising comprehensive anti-phishing techniques. In this paper, we present a novel approach to sandbox live phishing kits that completely protects the privacy of victims. By using this technique, we perform a comprehensive real-world assessment of phishing attacks, their mechanisms, and the behavior of the criminals, their victims, and the security community involved in the process -- based on data collected over a period of five months.

Our infrastructure allowed us to draw the first comprehensive picture of a phishing attack, from the time in which the attacker installs and tests the phishing pages on a compromised host, until the last interaction with real victims and with security researchers. Our study presents accurate measurements of the duration and effectiveness of this popular threat, and discusses many new and interesting aspects we observed by monitoring hundreds of phishing campaigns.


DOI
Type:
Conference
City:
Vienna
Date:
2016-10-24
Department:
Digital Security
Eurecom Ref:
4991
Copyright:
© ACM, 2016. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CCS 2016, 23rd ACM conference on Computer and communications security, October 24-28, 2016, Vienna, Austria http://dx.doi.org/http://dx.doi.org/10.1145/2976749.2978330

PERMALINK : https://www.eurecom.fr/publication/4991