"Reminder: please update your details": Phishing Trends

TL;DR

This study analyzes a large dataset of spam over a year to understand phishing tactics, revealing their social engineering focus and the need for adaptive anti-phishing strategies.

Contribution

It provides a detailed characterization of phishing scams and their evolving methods based on extensive real-world data collection.

Findings

Phishers rely more on social engineering than software vulnerabilities.

Phishing tactics are highly dynamic and adaptable.

The study offers insights for developing improved anti-phishing techniques.

Abstract

Spam messes up users inbox, consumes resources and spread attacks like DDoS, MiM, Phishing etc., Phishing is a byproduct of email and causes financial loss to users and loss of reputation to financial institutions. In this paper we study the characteristics of phishing and technology used by phishers. In order to counter anti phishing technology, phishers change their mode of operation; therefore continuous evaluation of phishing helps us to combat phishers effectively. We have collected seven hundred thousand spam from a corporate server for a period of 13 months from February 2008 to February 2009. From the collected date, we identified different kinds of phishing scams and mode of their operation. Our observation shows that phishers are dynamic and depend more on social engineering techniques rather than software vulnerabilities. We believe that this study would be useful to develop more efficient anti phishing methodologies.