University of Illinois Urbana-Champaign

Modeling Deception for Identifying and Protecting against Advanced Email Phishing

Almoqbil, Abdullah

Permalink

https://hdl.handle.net/2142/108840

Description

Title
Modeling Deception for Identifying and Protecting against Advanced Email Phishing
Author(s)
Almoqbil, Abdullah
Issue Date
2020-10-13
Keyword(s)
  • Information security
  • Deception
  • Phishing emails
  • Functional ontology construction
  • Reinforcement
Abstract
Cheating, beguiling, and misleading information exist all around us; understanding deception and its consequences is crucial in our information environment. This study investigates deception in phishing emails that successfully bypassed Microsoft 365 filtering system. We devised a model that explains why some people are deceived and how the target individuals and organizations can understand the motivation behind deception and how to prevent or counter attacks. The theoretical framework used in this study was Anderson’s Functional Ontology Construction (FOC). The methodology of the study involves quantitative and qualitative descriptive design, where the data source for this study is the phishing emails archived from an educational organization. We looked for term frequency inverse document frequency (Tf-idf) and the distribution of words over documents (topic modeling) and found the subjects of phishing emails that targeted educational organizations are related to banks, jobs, and technologies. Also, our analysis shows the phishing emails in the dataset come under six categories; reward, urgency, curiosity, fear, job, and entertainment. Results indicate that staff and students were primarily targeted, and a list of the most used verbs for deception was compiled. We uncovered the stimuli being used by scammers and types of reinforcements used to misinform the target to ensure successful trapping via phishing emails. We identified how scammers pick their targets and how they tailor and systematically orchestrate individual attack on targets. The limitations of this study pertain to the sample size and the collection method. Future work will focus on implementing the derived model into building a software that can perform deception identification, target alerting and protection against advanced email phishing.
Series/Report Name or Number
  • Information Security
  • Data Visualization
  • Ontologies
  • Sociology of Information
Type of Resource
text
Permalink
http://hdl.handle.net/2142/108840

Owning Collections

ALISE 2020 Jean Tague-Sutcliffe Doctoral Poster Competition PRIMARY