How to safely communicate with a phishing attacker by email?

Ladislav Burita, Aneta Coufalikova, Kamil Halouzka
{"title":"How to safely communicate with a phishing attacker by email?","authors":"Ladislav Burita, Aneta Coufalikova, Kamil Halouzka","doi":"10.34190/eccws.22.1.1013","DOIUrl":null,"url":null,"abstract":"The published study is a part of the long-term research of emails with phishing attacks against the article's author. In the previous three years, 3 experiments were carried out to analyze phishing emails. The result is their detailed classification. The subsequent experiment was focused on defense against phishing attacks using the rules of the MS Outlook email client. The last experiment, which is the article's content, is devoted to analyzing communications with phishing attackers. A fake identity was created for the experiment and security rules were set up. A total of 100 phishing emails were answered, with a preference for those whose content was not aimed at fulfilling any request; that was clarified during the communications. The conducted literature search confirmed the assumption that no one is engaged in similar research, so the results of the research may be more interesting for the cybersecurity community. The articles of the literary research are focused on the issue of social engineering from an interdisciplinary perspective. A great deal of attention has also been oriented on the influence of social networks on people information perception or on their exploitation in cyber-attacks. The result of the study is a statistical analysis of communications and a detailed analysis of its content. Out of 100 replies to the phishing email, 32 (32%) were answered by the phisher. The longest communications had 6 cycles. If the phisher insisted aggressively on personal information, the communications was terminated. From the content of the communications, the attacker's procedures and his argumentation to obtain the required information were primarily examined. A detailed analysis of the texts from the communications aimed to answer the question of whether the phisher is a robot or a person. Further considerations are being made within the team on how to continue researching phishing attacks.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"European Conference on Cyber Warfare and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34190/eccws.22.1.1013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

The published study is a part of the long-term research of emails with phishing attacks against the article's author. In the previous three years, 3 experiments were carried out to analyze phishing emails. The result is their detailed classification. The subsequent experiment was focused on defense against phishing attacks using the rules of the MS Outlook email client. The last experiment, which is the article's content, is devoted to analyzing communications with phishing attackers. A fake identity was created for the experiment and security rules were set up. A total of 100 phishing emails were answered, with a preference for those whose content was not aimed at fulfilling any request; that was clarified during the communications. The conducted literature search confirmed the assumption that no one is engaged in similar research, so the results of the research may be more interesting for the cybersecurity community. The articles of the literary research are focused on the issue of social engineering from an interdisciplinary perspective. A great deal of attention has also been oriented on the influence of social networks on people information perception or on their exploitation in cyber-attacks. The result of the study is a statistical analysis of communications and a detailed analysis of its content. Out of 100 replies to the phishing email, 32 (32%) were answered by the phisher. The longest communications had 6 cycles. If the phisher insisted aggressively on personal information, the communications was terminated. From the content of the communications, the attacker's procedures and his argumentation to obtain the required information were primarily examined. A detailed analysis of the texts from the communications aimed to answer the question of whether the phisher is a robot or a person. Further considerations are being made within the team on how to continue researching phishing attacks.
如何安全地通过电子邮件与网络钓鱼攻击者通信?
发表的研究是针对文章作者的网络钓鱼攻击电子邮件的长期研究的一部分。在过去的三年里,我们进行了3次实验来分析网络钓鱼邮件。结果是它们的详细分类。随后的实验重点是使用MS Outlook电子邮件客户端的规则来防御网络钓鱼攻击。最后一个实验,也就是本文的内容,致力于分析与网络钓鱼攻击者的通信。他们为实验创建了一个假身份,并建立了安全规则。总共有100封网络钓鱼邮件得到了回复,这些邮件的内容并非旨在满足任何要求;这一点在通信中得到澄清。所进行的文献检索证实了没有人从事类似研究的假设,因此研究结果对于网络安全社区来说可能更有趣。文学研究的文章主要是从跨学科的角度来研究社会工程问题。社交网络对人们信息感知的影响以及利用社交网络进行网络攻击的问题也引起了人们的极大关注。研究的结果是对传播的统计分析和对传播内容的详细分析。在100封回复的钓鱼邮件中,有32封(32%)是由钓鱼者回复的。最长的通信周期为6个周期。如果网络钓鱼者坚持索要个人信息,通信就会终止。从通信内容来看,主要审查了攻击者获取所需信息的程序和论证。对通信文本的详细分析旨在回答钓鱼者是机器人还是人的问题。团队内部正在进一步考虑如何继续研究网络钓鱼攻击。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信