Title :
Phishing by form: The abuse of form sites
Author :
Gonzalez, Hugo ; Nance, Kara ; Nazario, Jose
Abstract :
The evolution of phishing methods has resulted in a plethora of new tools and techniques to coerce users into providing credentials, generally for nefarious purposes. This paper discusses the relatively recent emergence of an evolutionary phishing technique called phishing by form that relies on the abuse of online forms to elicit information from the target population. We evaluate a phishing corpus of emails and over a year´s worth of phishing URLs to investigate the methodology, history, spread, origins, and life cycle as well as identifying directions for future research in this area. Our analysis finds that these hosted sites represent less than 1% of all phishing URLs, appear to have shorter active lifetimes, and focus mainly on email account credential theft. We also provide defensive recommendations for these free application sites and users.
Keywords :
computer crime; unsolicited e-mail; URL phishing; email account credential theft; evolutionary phishing technique; form sites; information elicitation; phishing corpus evaluation; phishing method evolution; phishing-by-form; Communities; Electronic mail; Face; Google; Organizations; Security; Software;
Conference_Titel :
Malicious and Unwanted Software (MALWARE), 2011 6th International Conference on
Conference_Location :
Fajardo
Print_ISBN :
978-1-4673-0031-5
DOI :
10.1109/MALWARE.2011.6112332
