Phi.sh/$oCiaL: The Phishing Landscape through Short URLs
-
Upload
precog -
Category
Technology
-
view
421 -
download
3
description
Transcript of Phi.sh/$oCiaL: The Phishing Landscape through Short URLs
![Page 1: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/1.jpg)
Phi.sh/$oCiaL: The Phishing Landscape
through Short URLsSidharth Chhabra*, Anupama Aggarwal†,
Fabricio Benevenuto‡, Ponnurangam Kumaraguru†
*Delhi College of Engineering, †IIIT-Delhi, †Federal University of Ouro Preto
1
![Page 2: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/2.jpg)
Motivation
2
![Page 3: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/3.jpg)
3
![Page 4: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/4.jpg)
4
![Page 5: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/5.jpg)
Phishing via Short URLs
5
![Page 6: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/6.jpg)
• Most popular - June 2010 - January 2011 *
• Most abused URL shortener
• 23.48% of short URL services
http://techblog.avira.com/en/
*
6
![Page 7: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/7.jpg)
Research Aim
7
![Page 8: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/8.jpg)
Analysis of Phishing Tweets containing Bitly
• How is Bitly used by Phishers?
• Who is Targeted ?
• Which Locations are Affected ?
8
![Page 9: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/9.jpg)
System Architecture
9
![Page 10: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/10.jpg)
URL TimeIs a
PhishIs
Up
Data Collection
10
![Page 11: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/11.jpg)
URL TimeIs a
PhishIs
Up
Phishing
URLs
Data Collection
10
![Page 12: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/12.jpg)
URL TimeIs a
PhishIs
Up
Phishing
URLs
Data Collection
10
![Page 13: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/13.jpg)
URL TimeIs a
PhishIs
Up
Phishing
URLs
Short
URLs
Data Collection
10
![Page 14: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/14.jpg)
URL TimeIs a
PhishIs
Up
Phishing
URLs
Short
URLsLong URL
Short URL
Created by
Lookup API
Data Collection Filtering
10
![Page 15: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/15.jpg)
Referral Analysis
URL TimeIs a
PhishIs
Up
Phishing
URLs
Short
URLsLong URL
Short URL
Created by
Lookup API
Brand Analysis Temporal Analysis
Geographical Analysis
Behavioral Analysis
Text AnalysisNetwork Analysis
Data Collection Filtering
Analysis
10
![Page 16: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/16.jpg)
Vote if PhishingVote if PhishingVote if Phishing
Yes No Unknown
Online
Yes 11,081 392 1,234
Online No 1,02,175 5,991 68,731Online
Unknown 4,863 523 795
1 January - 31 December, 2010
Dataset
11
![Page 17: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/17.jpg)
Vote if PhishingVote if PhishingVote if Phishing
Yes No Unknown
Online
Yes 11,081 392 1,234
Online No 1,02,175 5,991 68,731Online
Unknown 4,863 523 795
1 January - 31 December, 2010
Dataset
11
![Page 18: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/18.jpg)
Dataset
• 990 public Twitter users who posted phish tweets
• 864 user accounts present at the time of analysis
• 2000 past tweets for each of 516 users
12
![Page 19: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/19.jpg)
Results
13
![Page 20: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/20.jpg)
For 50% URLs, Space Gain < 37%
14
![Page 21: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/21.jpg)
Social Network Websites targeted
15
![Page 22: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/22.jpg)
516Twitterusers
213 inorganic
303 organic
Phish activity is majorly automated16
![Page 23: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/23.jpg)
516Twitterusers
213 inorganic
303 organic
153 compromised
150 legitimate
Phish activity is majorly automated16
![Page 24: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/24.jpg)
Sparse Network, High Reciprocity
17
![Page 25: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/25.jpg)
Brazil is most targeted followed by US and Canada
18
![Page 26: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/26.jpg)
Limitations
19
![Page 27: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/27.jpg)
• Reliance on PhishTank
• 90% URLs offline when voted
• Small number of active voters
20
![Page 28: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/28.jpg)
Conclusion
21
![Page 29: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/29.jpg)
• URLs shorteners used to hide identity
• Change in landscape of phishing - OSNs target
• Phishing activity is automated
• Lack of phishing communities
• Brazil had highest phish URL clickthrough
22
![Page 30: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/30.jpg)
Future Work
23
![Page 31: Phi.sh/$oCiaL: The Phishing Landscape through Short URLs](https://reader034.fdocuments.in/reader034/viewer/2022051108/54580429b1af9fc0638b5429/html5/thumbnails/31.jpg)
• Analyze the use of URL shorteners like goo.gl, tinyurl etc.
• Develop an algorithm to detect phishing on Twitter
24