A Social-Engineering-centric Data Collection Initiative to Study Phishing

Authors

Federico Maggi, Alessandro Sisto, Stefano Zanero

Venue

Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), April 2011

Abstract

Phishers nowadays rely on a variety of channels, ranging from old-fashioned emails to instant messages, social networks, and the phone system (with both calls and text messages), with the goal of reaching more victims. As a consequence, modern phishing became a multi-faceted, even more pervasive threat that is inherently more difficult to study than traditional, email-based phishing. This short paper describes the status of a data collection system we are developing to capture different aspects of phishing campaigns, with a particular focus on the emerging use of the voice channel. The general approach is to record inbound calls received on decoy phone lines, place outbound calls to the same caller identifiers (when available) and also to telephone numbers obtained from different sources. Specifically, our system analyzes instant messages (e.g., automated social engineering attempts) and suspicious emails (e.g., spam, phishing), and extracts telephone numbers, URLs and popular words from the content. In addition, users can voluntarily submit voice phishing (vishing) attempts through a public website. Extracted telephone numbers, URLs and popular words will be correlated to recognize campaigns by means of cross-channel relationships between messages.

BibTeX

@inproceedings{Maggi2011A_Social-Engineering-centric,
  title     = {{A Social-Engineering-centric Data Collection Initiative to Study Phishing}},
  author    = {Maggi, Federico and Sisto, Alessandro and Zanero, Stefano},
  booktitle = {Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security},
  series    = {BADGERS},
  month     = {April},
  year      = {2011},
  address   = {New York, NY, USA},
  isbn      = {978-1-4503-0768-0},
  pages     = {107--108},
  publisher = {ACM}
}