Thumbnail
Access Restriction
Subscribed

Author Maggi, F.
Source IEEE Xplore Digital Library
Content type Text
Publisher Institute of Electrical and Electronics Engineers, Inc. (IEEE)
File Format PDF
Copyright Year ©2010
Language English
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Subject Keyword Computers ♦ phishing ♦ social engineering ♦ Humans ♦ Telephony ♦ Credit cards ♦ Software ♦ Electronic mail ♦ Security ♦ phone phishing ♦ measurements
Abstract Phishing is the practice of eliciting a person's confidential information such as name, date of birth or credit card details. Typically, the phishers use simple technologies (e.g., e-mailing) to spread social engineering attacks with the goal of persuading a large amount of victims into voluntarily disclose sensitive data. Phishing based on e-mail and web technologies is certainly the most popular form. It has indeed received ample attention and some mitigation measures have been implemented. In this paper we describe our study on \emph{vishing} (voice phishing), a form of phishing where the scammers exploit the phone channel to ask for sensitive information, rather than sending e-mails and cloning trustworthy websites. In some sense, the traditional a-l\'a-Mitnick phone scams are streamlined by attackers using techniques that are typical of modern, e-mail-based phishing. We detail our analysis of an embryonic, real-world database of vishing attacks reported by victims through a publicly-available web application that we build for this purpose. The vishing activity that we registered in our preliminary analysis is targeted against the U.S. customers. According to our samples, we analyzed to what extent the criminals rely on automated responders to streamline the vishing campaigns. In addition, we analyzed the content of the conversations and found that words such as ``credit'', ``press'' (a key) or ``account'' are fairly popular. In addition, we describe the data collection infrastructure and motivate why gathering data about vishing is more difficult than for regular e-mail phishing.
ISBN 9781424475476
Educational Role Student ♦ Teacher
Age Range above 22 year
Educational Use Research ♦ Reading
Education Level UG and PG
Learning Resource Type Article
Publisher Date 2010-06-29
Publisher Place United Kingdom
Rights Holder Institute of Electrical and Electronics Engineers, Inc. (IEEE)
e-ISBN 9781424475483
Size (in Bytes) 493.25 kB
Page Count 8
Starting Page 824
Ending Page 831


Source: IEEE Xplore Digital Library