Ecole d'ingénieur et centre de recherche en Sciences du numérique

PhishEye: Live monitoring of sandboxed phishing kits

Han, Xiao; Kheir, Nizar; Balzarotti, Davide

CCS 2016, 23rd ACM conference on Computer and communications security, October 24-28, 2016, Vienna, Austria

ACM Europe Student Best Paper Award

Phishing is a form of online identity theft that deceives unaware users into disclosing their confidential information. While significant effort has been devoted to the mitigation of phishing attacks, much less is known about the entire life-cycle of these attacks in the wild, which constitutes, however, a main step toward devising comprehensive anti-phishing techniques. In this paper, we present a novel approach to sandbox live phishing kits that completely protects the privacy of victims. By using this technique, we perform a comprehensive real-world assessment of phishing attacks, their mechanisms, and the behavior of the criminals, their victims, and the security community involved in the process -- based on data collected over a period of five months. Our infrastructure allowed us to draw the first comprehensive picture of a phishing attack, from the time in which the attacker installs and tests the phishing pages on a compromised host, until the last interaction with real victims and with security researchers. Our study presents accurate measurements of the duration and effectiveness of this popular threat, and discusses many new and interesting aspects we observed by monitoring hundreds of phishing campaigns.

Document Doi Bibtex

Titre:PhishEye: Live monitoring of sandboxed phishing kits
Département:Sécurité numérique
Eurecom ref:4991
Copyright: © ACM, 2016. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CCS 2016, 23rd ACM conference on Computer and communications security, October 24-28, 2016, Vienna, Austria
Bibtex: @inproceedings{EURECOM+4991, doi = {}, year = {2016}, title = {{P}hish{E}ye: {L}ive monitoring of sandboxed phishing kits}, author = {{H}an, {X}iao and {K}heir, {N}izar and {B}alzarotti, {D}avide}, booktitle = {{CCS} 2016, 23rd {ACM} conference on {C}omputer and communications security, {O}ctober 24-28, 2016, {V}ienna, {A}ustria}, address = {{V}ienna, {AUTRICHE}}, month = {10}, url = {} }
Voir aussi: