Fig 2 - uploaded by Hossein Siadati
Content may be subject to copyright.
The typical spam flow. A bot creates and submits an email to a Mail Submission Agent (MSA) using Simple Mail Transfer Protocol (SMTP). The MSA finds the IP address of the domain's Mail Transfer Agent (MTA) by looking up the domain's DNS server and sends the spam. The spam may route through several other MTAs and pass through spam filters. If detected as spam in spots 1-3, it gets discarded or sent to the spam box. The spam often sent out using botnets managed from a command and control (C&C) node.
Source publication
This chapter delivers an overview of traditional mechanisms to detect and stop unwanted emails. These mechanisms include email authentication (e.g., DKIM, SPF, DMARC), blacklisting (e.g., DNSBL), and content-based spam filtering (e.g., Naive Bayes Classifier). We explain the extent to which they can be useful to block scam, and point out evasion te...
Context in source publication
Context 1
... peer-to-peer botnet Kelihos itself was responsible for 52% of all spam traffic. Figure 2 depicts a simplified flow of a spam message from source to destination. In this journey, a compromised machine uses a delivery list, spam template, and name dictionary to generate the spam message and send it to a mail submission agent (MSA). ...
Similar publications
Citations
... Adopting single sign-on (SSO) or better Multi-Factor Authentication (MFA) [55] to guarantee that only authorized users have access to ChatGPT is a good enterprise security practice. Besides, to protect against the emerging dangerous class of AI-enabled attacks such as WormGPT or FraudGPT, it is essential to utilize robust email authentication such as DMARC [56] to avoid spoofing [57]. Additionally, keeping ChatGPT and all other software up to date with the newest security patches and upgrades is essential. ...
ChatGPT has been acknowledged as a powerful tool that can radically boost productivity across a wide range of industries. It reveals potential in cybersecurity-related tasks such as social engineering. Nevertheless, this possibility raises important concerns regarding the thin line separating moral use of this technology from its harmful usage. It is imperative to address the challenges of distinguishing between legitimate and malevolent use of ChatGPT. This research paper investigates the many concerns of ChatGPT in cybersecurity, privacy and enterprise settings. It covers harmful attacker uses such as injecting malicious prompts, testing brute force attacks, preparing and developing ransomware attacks, etc. Defenders’ proactive activities are also addressed, highlighting ChatGPT’s significance in security operations and threat intelligence. These defensive operations are classified based on the National Institute of Standards and Technology cybersecurity framework. They involve analyzing configuration files, inquiring about authoritative server, improving security in various systems, etc. Moreover, secure enterprise practices and mitigations spread through five classes are proposed, with an emphasis on clear usage standards and guidelines establishment, personally identifiable information protection, adversarial attack prevention, watermarking generated content, etc. An integrated discussion digs into the interaction of offensive and defensive applications, covering ethical and practical concerns. Future attacks are also discussed, along with potential solutions such as content filtering and collaboration. Finally, a comparative analysis with recent research on ChatGPT security concerns is directed. The paper provides a thorough framework to comprehend the range of implications associated with ChatGPT, enabling the navigation of cybersecurity and privacy challenges.
... Presently, almost everybody accepts spam in their mailboxes/ spam boxes. Recently, no real solution has been seen to remedy it because now the spam is not transmitted from one host but from multiple hosts, which makes it challenging to block them with anti-spam software [35]. The problem then comes effectively from the point that to damage an E-commerce, an attacker who would have managed to gain the list of clients, for instance, by attacking the server or the SQL database, can spam the clients of this E-commerce shop. ...
The researcher aimed to define the significance of artificial intelligence approaches against cyber security threats. The researcher has opted for a quantitative study design approach along with preliminary data. The researcher gathered data from workers working in this IT industry. The example size for this study was 468, and it confirmed element study, discriminant validity, fundamental analysis of the model, and hypothesis assessment. The P-values of all variables were gained as necessary apart from the expert method, which had no vital connection with artificial intelligence and cyber security. The main issue was the geographical area, sample size, fewer variables, and accessibility. 2021 Elsevier Ltd. All rights reserved-selection and peer-review under responsibility of the Emerging Trends in Materials Science, Technology and Engineering scientific committee.
... Software, such as blacklists and whitelists, may also protect businesses from BEC fraud. A blacklist enables an email account holder to restrict communication from undesirable sources (Siadati et al., 2016). More specifically, "[. . ...
... For example, the use of filtering emails, to remove suspicious emails from one's inbox is a popular measure used across both individual and organisational email systems. Filtering relies on the combination of words in emails to differentiate between legitimate Overview of business email compromise communications and phishing attacks (Siadati et al., 2016). Although this may be useful to prevent conventional phishing attacks, which typically involve offenders sending identical emails en masse, highly customised BEC fraud emails that target specific businesses are unlikely to be detected by spam and phishing filters. ...
Purpose
This paper aims to explore current knowledge of business email compromise (BEC) fraud, or approaches that specifically target organisations for financial gain, through the exploitation of trusted relationships. BEC fraud affects organisations globally and is estimated to have netted offenders over US$26bn since 2016. Despite the sheer magnitude of these losses, there is a dearth of academic research seeking to better understand this crime type, and prevent it from occurring.
Design/methodology/approach
This review summarises the known literature on BEC fraud. It uses a variety of academic and industry sources to ascertain the current state of knowledge, including how it is perpetrated, its impact (on businesses and individuals), how law enforcement have responded and its prevention.
Findings
This review highlights many gaps in knowledge surrounding BEC fraud. There has been a large focus on the technical aspects of BEC fraud, to the detriment of the human elements. Often, BEC fraud is successful through targeted and effective use of social engineering techniques and is able to overcome any technical solutions through the manipulation of personal relationships. Further, while the financial impacts of BEC fraud are obvious, there is no known research which has explored the non-financial harms of BEC fraud (across organisational and individual perspectives). With companies starting to (unsuccessfully) take legal action against those who have responded, there is a clear need to understand how organisations can better respond to incidents when they occur. Finally, there are gaps in knowledge on what is the best combination of both technical and human measures to prevent BEC fraud.
Research limitations/implications
This review is based on information presently available, and as indicated, there are significant gaps in what is currently known.
Practical implications
This review highlights the need to undertake research into the current gaps, with a view to improving best practice knowledge on prevention and response.
Social implications
Currently unknown, BEC fraud is posited to have significant impacts at both personal and collective levels. Increased knowledge of these non-financial impacts will improve how organisations respond to BEC fraud and how employees can be supported before and after an incident occurs.
Originality/value
Despite the magnitude of the problem, there is limited academic scholarship on BEC fraud. This literature review offers a summary of current knowledge and advocates a strong research agenda moving forward.
... Some techniques are well known, such as tokenization (splitting spam words/features; e.g., "free" can be converted to "f r 3 3") and obfuscation (hiding feature information by adding HTML code; e.g., "FREE" coded as "frexee"). These attacks are used to change the information of particular spam features/words [3][4][5]. ...
... Table 13 and Fig. 7 show the results of the FP rate. After creating an ensemble of 25 classifiers, MGP was found to outperform BSVM and RF in predicting spam emails, with a low FP rate 5 Percentage accuracy for ML classifiers of 5.6% (compared to 6.6% for BSVM and 6.8% for RF). However, BB and BNB performed better than MGP, with an FP rate of 3.5% and 3.8%, respectively, versus 6.1% for MGP. ...
Abstract—This computational research seeks to classify unsolicited versus legitimate emails. A modified version of an existing genetic programming (GP) classifier—i.e., modified genetic programming (MGP)—is implemented to build an ensemble of classifiers to identify unsolicited emails. The proposed classifier is assessed using informative features extracted from two corpora (Enron and SpamAssassin) with the help of the greedy stepwise feature search method. Further, a comparative study is performed with other popular classifiers, such as Bayesian network, naïve Bayes, decision tree, random forest (RF), support vector machine (SVM), and GP. Further the results are validated with 20 fold cross validation and paired T-Test. The results prove that the proposed classifier performs better in terms of accuracy and false positive detection in comparison to the other machine learning classifiers tested in this study. Using different training and testing a set of email files from the Enron corpus, ensemble-based classifiers, such as boosted SVM, boosted Bayesian, boosted naïve Bayesian, RF, and the proposed MGP classifier are tested and compared on all metrics, including training and testing time. The findings suggest that the MGP classifier with the greedy stepwise feature search method offers an improvement over alternative methods in detecting unsolicited emails.
... In a phishing attack, cybercriminals create fake websites similar to the authentic sites, and then try to direct users to their fake websites. When users enter their information in these websites, cybercriminals steal that information [27]. We are not going to discuss phishing attacks and their detection techniques, because there is plenty written on that topic in academic journals and elsewhere. ...
... IPs will not add them to any blacklist. Also, in such attacks, cybercriminals personalize email content and use stolen credentials to disguise their malicious character [22,27]. Another way that attackers use to send malicious emails to editors and researchers is email spoofing. ...
At the moment, scholarly publishing is faced with much academic misconduct and threats such as predatory journals, hijacked journals, phishing, and other scams. In response, we have been discussing this misconduct and trying to increase the awareness of researchers, but it seems that there is a lack of research that presents guidelines for editors to help them protect themselves against these threats. It seems that information security is missing in some parts of scholarly publishing that particularly involves medical journals. In this paper, we explain different types of cyber-attacks that especially threaten editors and academic journals. We then explain the details involved in each type of attack. Finally, we present general guidelines for detection and prevention of the attacks. In some cases, we use small experiments to show that our claim is true. Finally, we conclude the paper with a prioritization of these attacks.
Phishing attacks are human-targeted attacks, and it may not always be possible to counter them with technical measures alone. By their nature, humans have a natural weakness of desiring to believe. Cyber attackers who analyze this vulnerability well have been exploiting this in order to achieve success in their respective attack targets. This study focuses on reviewing the benefits of information security awareness training against phishing attacks and aims to provide insight on this through the results of a field study. The field work was carried out in Turkey on four different scenarios on the success of information security trainings against phishing attacks. The data obtained as a result of the field study were compared with the data obtained in international studies, and the maturity of the non-regulated institutions in Turkey against phishing attacks was measured. When the data obtained as a result of the field study were compared with the international results, it was evident that the test group subject to the study exhibited a success below the international values.
Increased use of email in daily transactions for many businesses or general communication due to its cost-effectiveness has made emails vulnerable to attacks, including spam. Spam emails are unsolicited messages that are very similar to each other and sent to multiple recipients randomly. This study analyzes the Rotation Forest model and modifies it for spam classification problem. Also, the aim of this study is to create a better classifier. To improve classifier stability, the experiments were carried out on Enron spam, Ling spam, and SpamAssasin datasets and evaluated for accuracy, f-measure, precision, and recall.
This paper introduces Business Email Compromise (BEC) and why it is becoming a major issue to businesses worldwide. It also presents a case study of a BEC incident against Unatrac Holding Ltd and analyses the techniques used by the cybercriminals to defraud the company. A critical analysis of the psychological and sociotechnical impacts of BEC to both the company and employees are conducted, and potential risk mitigations strategies and recommendations are provided to prevent future attacks.
The goal of anti-phishing techniques is to reduce the delivery rate of phishemails, and anti-phishing training aims to decrease the phishing click-through rates. This paper presents the X-Platform Phishing Attack, a deceptive phishing attack with an alarmingly high delivery and click-through rates, and highlights a subclass of phishing attacks that existing anti-phishing methods do not seem to be able to address. The main characteristic of this attack is that an attacker is able to embed a malicious link within a legitimate message generated by service providers (e.g., Github, Google, Amazon) and sends it using their infrastructure to his targets. This technique results in the bypassing of existing anti-phishing filters because it utilizes reputable service providers to generate seemingly legitimate emails. This also makes it highly likely for the targets of the attack to click on the phishing link as the email id of a legitimate provider is being used. An X-Platform Phishing attack can use email-based messaging and notification mechanisms such as friend requests, membership invitations, status updates, and customizable gift cards to embed and deliver phishing links to their targets. We have tested the delivery and click-through rates of this attack experimentally, based on a customized phishing email tunneled through GitHub’s pull-request mechanism. We observed that 100% of X-Platform Phishing emails passed the anti-phishing systems and were delivered to the inbox of the target subjects. All of the participants clicked on phishing messages, and in some cases, forwarded the message to other project collaborators who also clicked on the phishing links.
