Authors:
Stephen McCombie
;
Paul Watters
;
Alex Ng
and
Brett Watson
Affiliation:
Cybercrime Research Lab, Macquarie University, Australia
Keyword(s):
Phishing, Attack Grouping, Organized Crime, Computer Crime, eCrime Forensics.
Related
Ontology
Subjects/Areas/Topics:
Internet Technology
;
Intrusion Detection and Response
;
Web Information Systems and Technologies
;
Web Security and Privacy
Abstract:
Phishing, as a means of pilfering private consumer information by deception, has become a major security concern for financial institutions and their customers. Gartner estimated losses in 2006 to phishing in the US were approximately USD$2.8 Billion. Little has been published on the forensic characteristics exhibited in phishing e-mail. We hypothesize that shared features of phishing e-mails can be used as the basis for grouping perpetrators using at least a common modus operandi, and at most, a level of criminal organization – i.e., we suggest that phishing activities are carried out by a small number of highly specialized phishing gangs, rather than a large number of random and unrelated individuals using similar techniques. Analysis of repeated phishing e-mails samples at a major Australian financial institution – using a criminal intelligence methodology - revealed that 6 groups, from a sample of 500,000 spam e-mails, could be uniquely classified by constructing simple decision
rules based on observed feature sets, and that 3 groups were responsible for 86% of all incidents. These results suggest that – at least for the institution concerned – there appears to be a level of criminal organization in phishing attacks.
(More)