Phish What You Wish
Pascal Gadient, Pascal Gerig, Oscar Nierstrasz, Mohammad Ghafari
TL;DR
This paper introduces a user-friendly tool for creating realistic phishing websites to help IT professionals raise user awareness, demonstrating high functionality and low suspicion among users.
Contribution
The authors developed a simple, dynamic website mimicking tool that requires no programming skills and maintains up-to-date, functional phishing sites for awareness training.
Findings
98% hyperlink functionality in mimicked sites
Compared to 43% in competitors
Only two participants suspected phishing during tasks
Abstract
IT professionals have no simple tool to create phishing websites and raise the awareness of users. We developed a prototype that can dynamically mimic websites by using enriched screenshots, which requires no additional programming experience and is simple to set up. The generated websites are functional and remain up-to-date. We found that 98% of the hyperlinks in mimicked websites are functional with our tool, compared to 43% with the best competitor, and only two participants suspected phishing attempts at the time they were performing tasks with our prototype. This work intends to raise awareness for phishing attempts especially with local websites by providing an easy to use prototype to set up such phishing sites.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSpam and Phishing Detection · ICT in Developing Communities · Misinformation and Its Impacts