Assessment of homographic behaviors in targeted phishing attacks that exploit susceptibility through reliability and seasonality
Abstract
The advance of phishing attacks is characterized not only in propagation, but also in rigor in detail, making fraud increasingly convincing in the eyes of the end user. Given this scenario, this study presents an approach to the homographic behaviors commonly present in phishing attacks associated with a specific target brand, either in the URL or in the page content. Through the application of 16 triggering questions, one can observe the cunning application of genuine terms, maliciously applied, in approximately 79% of the pages. It was also identified the application of homographic terms in just over 20% of the URLs. In addition to these, a predilection for the application of terms in the URL was revealed.
Keywords:
phishing, homographic behavior, trustworthiness, seasonality
References
Chiba, D., Akiyama, M., Yagi, T., Hato, K., Mori, T., and Goto, S. (2018). Domainchroma: Building actionable threat intelligence from malicious domain names. Computers & Security, 77:138–161.
Costello, A. M. (2003). Punycode: A bootstring encoding of unicode for internationalized domain names in applications (idna). Disponível em: https://tools.ietf.org/html/rfc3492.
da Silva, C. M. R., Feitosa, E. L., and Garcia, V. C. (2020). Heuristic-based strategy for phishing prediction: A survey of url-based approach. Computers & Security.
Elwell, R. and Polikar, R. (2011). Incremental learning of concept drift in nonstationary environments. IEEE Transactions on Neural Networks.
Hijji, M. and Alam, G. (2021). A multivocal literature review on growing social engineering based cyber-attacks/threats during the covid-19 pandemic: Challenges and prospective solutions. IEEE Access, 9:7152–7169.
Husain, M. D. and Iqbal, A. (2017). An empirical study on typosquatting abuse in bangladesh. In Proceedings of 2017 International Conference on Networking, Systems and Security, NSysS 2017, pages 47-54, Dhaka, Bangladesh.
Le Pochat, V., Van Goethem, T., and Joosen, W. (2019). A smorgasbord of typos: Exploring international keyboard layout typosquatting. In Proceedings 2019 IEEE Symposium on Security and Privacy Workshops, SPW 2019, pages 187 – 192, San Francisco, CA, United states.
Liu, T., Zhang, Y., Shi, J., Ya, J., Li, Q., and Guo, L. (2016). Towards quantifying visual similarity of domain names for combating typosquatting abuse. In Proceedings IEEE Military Communications Conference MILCOM, volume 0, pages 770 – 775, Baltimore, MD, United states.
Mishra, S. and Soni, D. (2019). Sms phishing and mitigation approaches. In 2019 Twelfth International Conference on Contemporary Computing (IC3), pages 1–5.
Moubayed, A., Injadat, M., Shami, A., and Lutyya, H. (2018). Dns typo-squatting domain detection: A data analytics & machine learning based approach. In 2018 IEEE Global Communications Conference, GLOBECOM 2018 Proceedings, Abu Dhabi, United arab emirates.
Oza, N. C. and Tumer, K. (2008). Classier ensembles: Select real world applications. Information Fusion, 9(1):4–20.
Piredda, P., Ariu, D., Biggio, B., Corona, I., Piras, L., Giacinto, G., and Roli, F. (2017). Deepsquatting: Learning-based typosquatting detection at deeper domain levels. In Lecture Notes in Computer Science, volume 10640 LNAI, pages 347 – 358, Bari, Italy.
Spaulding, J., Nyang, D., and Mohaisen, A. (2017a). Understanding the effectiveness of typosquatting techniques. In Proceedings of the Fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb ’17, New York, NY, USA. Association for Computing Machinery.
Spaulding, J., Upadhyaya, S., and Mohaisen, A. (2017b). You’ve been tricked! a user study of the effectiveness of typosquatting techniques. In Proceedings International Conference on Distributed Computing Systems, volume 0, pages 2593 – 2596, Atlanta, GA, United states.
Tahir, R., Raza, A., Ahmad, F., Kazi, J., Zaffar, F., Kanich, C., and Caesar, M. (2018). It’s all in the name: Why some urls are more vulnerable to typosquatting. In Proceedings IEEE INFOCOM, volume 2018-April, pages 2618 – 2626, Honolulu, HI, United states.
Ya, J., Liu, T., Li, Q., Lv, P., Shi, J., and Guo, L. (2018). Fast and accurate typosquatting domains evaluation with siamese networks. In MILCOM 2018 2018 IEEE Military Communications Conference (MILCOM), pages 58–63.
Costello, A. M. (2003). Punycode: A bootstring encoding of unicode for internationalized domain names in applications (idna). Disponível em: https://tools.ietf.org/html/rfc3492.
da Silva, C. M. R., Feitosa, E. L., and Garcia, V. C. (2020). Heuristic-based strategy for phishing prediction: A survey of url-based approach. Computers & Security.
Elwell, R. and Polikar, R. (2011). Incremental learning of concept drift in nonstationary environments. IEEE Transactions on Neural Networks.
Hijji, M. and Alam, G. (2021). A multivocal literature review on growing social engineering based cyber-attacks/threats during the covid-19 pandemic: Challenges and prospective solutions. IEEE Access, 9:7152–7169.
Husain, M. D. and Iqbal, A. (2017). An empirical study on typosquatting abuse in bangladesh. In Proceedings of 2017 International Conference on Networking, Systems and Security, NSysS 2017, pages 47-54, Dhaka, Bangladesh.
Le Pochat, V., Van Goethem, T., and Joosen, W. (2019). A smorgasbord of typos: Exploring international keyboard layout typosquatting. In Proceedings 2019 IEEE Symposium on Security and Privacy Workshops, SPW 2019, pages 187 – 192, San Francisco, CA, United states.
Liu, T., Zhang, Y., Shi, J., Ya, J., Li, Q., and Guo, L. (2016). Towards quantifying visual similarity of domain names for combating typosquatting abuse. In Proceedings IEEE Military Communications Conference MILCOM, volume 0, pages 770 – 775, Baltimore, MD, United states.
Mishra, S. and Soni, D. (2019). Sms phishing and mitigation approaches. In 2019 Twelfth International Conference on Contemporary Computing (IC3), pages 1–5.
Moubayed, A., Injadat, M., Shami, A., and Lutyya, H. (2018). Dns typo-squatting domain detection: A data analytics & machine learning based approach. In 2018 IEEE Global Communications Conference, GLOBECOM 2018 Proceedings, Abu Dhabi, United arab emirates.
Oza, N. C. and Tumer, K. (2008). Classier ensembles: Select real world applications. Information Fusion, 9(1):4–20.
Piredda, P., Ariu, D., Biggio, B., Corona, I., Piras, L., Giacinto, G., and Roli, F. (2017). Deepsquatting: Learning-based typosquatting detection at deeper domain levels. In Lecture Notes in Computer Science, volume 10640 LNAI, pages 347 – 358, Bari, Italy.
Spaulding, J., Nyang, D., and Mohaisen, A. (2017a). Understanding the effectiveness of typosquatting techniques. In Proceedings of the Fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb ’17, New York, NY, USA. Association for Computing Machinery.
Spaulding, J., Upadhyaya, S., and Mohaisen, A. (2017b). You’ve been tricked! a user study of the effectiveness of typosquatting techniques. In Proceedings International Conference on Distributed Computing Systems, volume 0, pages 2593 – 2596, Atlanta, GA, United states.
Tahir, R., Raza, A., Ahmad, F., Kazi, J., Zaffar, F., Kanich, C., and Caesar, M. (2018). It’s all in the name: Why some urls are more vulnerable to typosquatting. In Proceedings IEEE INFOCOM, volume 2018-April, pages 2618 – 2626, Honolulu, HI, United states.
Ya, J., Liu, T., Li, Q., Lv, P., Shi, J., and Guo, L. (2018). Fast and accurate typosquatting domains evaluation with siamese networks. In MILCOM 2018 2018 IEEE Military Communications Conference (MILCOM), pages 58–63.
Published
2021-10-04
How to Cite
TEIXEIRA, Lucas C.; SILVA, Carlo M. R. da; FERNANDES, Bruno J. T.; OLIVEIRA, João Fausto Lorenzato de; FEITOSA, Eduardo L.; C. FILHO, Gerson D. de; ARCOVERDE, Henrique F.; GARCIA, Vinicius C..
Assessment of homographic behaviors in targeted phishing attacks that exploit susceptibility through reliability and seasonality. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 253-266.
DOI: https://doi.org/10.5753/sbseg.2021.17320.
