FORENSIC CHARACTERISTICS OF PHISHING - Petty Theft or Organized Crime?

Stephen McCombie, Paul Watters, Alex Ng, Brett Watson

2008

Abstract

Phishing, as a means of pilfering private consumer information by deception, has become a major security concern for financial institutions and their customers. Gartner estimated losses in 2006 to phishing in the US were approximately USD$2.8 Billion. Little has been published on the forensic characteristics exhibited in phishing e-mail. We hypothesize that shared features of phishing e-mails can be used as the basis for grouping perpetrators using at least a common modus operandi, and at most, a level of criminal organization – i.e., we suggest that phishing activities are carried out by a small number of highly specialized phishing gangs, rather than a large number of random and unrelated individuals using similar techniques. Analysis of repeated phishing e-mails samples at a major Australian financial institution – using a criminal intelligence methodology - revealed that 6 groups, from a sample of 500,000 spam e-mails, could be uniquely classified by constructing simple decision rules based on observed feature sets, and that 3 groups were responsible for 86% of all incidents. These results suggest that – at least for the institution concerned – there appears to be a level of criminal organization in phishing attacks.

References

  1. Alleged Phishing and Organized Crime Group Arrests. Technology News Daily 2006.
  2. Card fraud losses continue to fall 14 March 2007 (on-line) http://www.apacs.org.uk/media_centre/press/07_14_0 3fraud.html
  3. Abad, C., The Economy of Phishing: A Survey of the Operations of the Phishing Market, 2005.
  4. Chandrasekaran, M., Narayanan, K., and Upadhyaya, S. Phishing E-mail Detection Based on Structural Properties. In Proceedings of the NYS Cyber Security Conference. 2006
  5. [de-Vel, O. Mining E-mail Authorship In Proceedings of the Workshop on Text Mining, ACM International Conference on Knowledge Discovery and Data Mining (KDD'2000). 2000
  6. de-Vel, O., Anderson, A., Corney, M., et al., Mining Email Content for Author Identification Forensics. SIGMOD: Special Section on Data Mining for Intrusion Dection and Threat ANalysis, 2001
  7. Dhamija, R., Tygar, J.D., and Hearst, M. Why Phishing Works. In Proceedings of the CHI 2006. Montréal, Québec, Canada, 2006
  8. Fette, I., Sadeh, N., and Tomasic, A. Learning to Detect Phishing E-mails. In Proceedings of the 16th international conference on World Wide Web (WWW 2007).p.649 - 656:ACM Press, 2007
  9. Jagatic, T., Johnson, N., Jakobsson, M., et al., Social Phishing, School of Informatics Indiana University, 12 December, 2005
  10. Jakobsson, M., Modeling and Preventing Phishing Attacks, School of Informatics Indiana University at Bloomington, 27 October, 2005
  11. James, L., Phishing Exposed. Rockland MA: Syngress Publishing, 2005
  12. McMillan, R. 'Rock Phish' blamed for surge in phishing, (on-line) http://www.infoworld.com /article/06/12/12/HNrockphish_1.html
  13. Naraine, R. Return of the Web Mob, April 10, 2006 (online) http://www.eweek.com/article2/0,1895,1947561,00.as p
  14. Ramzan, Z. and Wuest, C. Phishing Attacks: Analyzing Trends in 2006. In Proceedings of the Fourth Conference on E-mail and Anti-Spam (CEAS 2007). 2007
  15. Stamp, P., Penn, J., Adrian, M., et al., Increasing Organized Crime Involvement Means More Targeted Attacks, Forrester Research, October 12, 2005
  16. Watters, P.A., Discriminating English word senses using cluster analysis. Journal of Quantitative Linguistics. 9(1): 77-86,2002
Download


Paper Citation


in Harvard Style

McCombie S., Watters P., Ng A. and Watson B. (2008). FORENSIC CHARACTERISTICS OF PHISHING - Petty Theft or Organized Crime? . In Proceedings of the Fourth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-8111-26-5, pages 149-157. DOI: 10.5220/0001524401490157


in Bibtex Style

@conference{webist08,
author={Stephen McCombie and Paul Watters and Alex Ng and Brett Watson},
title={FORENSIC CHARACTERISTICS OF PHISHING - Petty Theft or Organized Crime?},
booktitle={Proceedings of the Fourth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2008},
pages={149-157},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001524401490157},
isbn={978-989-8111-26-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Fourth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - FORENSIC CHARACTERISTICS OF PHISHING - Petty Theft or Organized Crime?
SN - 978-989-8111-26-5
AU - McCombie S.
AU - Watters P.
AU - Ng A.
AU - Watson B.
PY - 2008
SP - 149
EP - 157
DO - 10.5220/0001524401490157