@inproceedings{efcad0a41c68456a98253f7f0124ee33,
title = "X-Platform phishing: Abusing trust for targeted attacks short paper",
abstract = "The goal of anti-phishing techniques is to reduce the delivery rate of phishemails, and anti-phishing training aims to decrease the phishing click-through rates. This paper presents the X-Platform Phishing Attack, a deceptive phishing attack with an alarmingly high delivery and click-through rates, and highlights a subclass of phishing attacks that existing anti-phishing methods do not seem to be able to address. The main characteristic of this attack is that an attacker is able to embed a malicious link within a legitimate message generated by service providers (e.g., Github, Google, Amazon) and sends it using their infrastructure to his targets. This technique results in the bypassing of existing anti-phishing filters because it utilizes reputable service providers to generate seemingly legitimate emails. This also makes it highly likely for the targets of the attack to click on the phishing link as the email id of a legitimate provider is being used. An X-Platform Phishing attack can use email-based messaging and notification mechanisms such as friend requests, membership invitations, status updates, and customizable gift cards to embed and deliver phishing links to their targets. We have tested the delivery and click-through rates of this attack experimentally, based on a customized phishing email tunneled through GitHub{\textquoteright}s pull-request mechanism. We observed that 100% of X-Platform Phishing emails passed the anti-phishing systems and were delivered to the inbox of the target subjects. All of the participants clicked on phishing messages, and in some cases, forwarded the message to other project collaborators who also clicked on the phishing links.",
keywords = "Cross-platform attack, Phishing, Targeted attack",
author = "Hossein Siadati and Toan Nguyen and Nasir Memon",
year = "2017",
doi = "10.1007/978-3-319-70278-0_37",
language = "English (US)",
isbn = "9783319702773",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "587--596",
editor = "Andrew Miller and Michael Brenner and Kurt Rohloff and Joseph Bonneau and Vanessa Teague and Andrea Bracciali and Massimiliano Sala and Federico Pintore and Markus Jakobsson and Ryan, {Peter Y.A.}",
booktitle = "Financial Cryptography and Data Security - FC 2017 International Workshops, WAHC, BITCOIN, VOTING, WTSC, and TA, Revised Selected Papers",
note = "21st International Workshops on Financial Cryptography and Data Security, FC 2017 held in conjuction with 5th Workshop on Encrypted Computing and Applied Homomorphic Cryptography, WAHC 2017, 4th Workshop on Bitcoin and Blockchain Research, BITCOIN 2017, 2nd Workshop on Advances in Secure Electronic Voting Schemes, VOTING 2017, 1st Workshop on Trusted Smart Contracts, WTSC 2017 and 1st Workshop on Targeted Attacks, TA 2017 ; Conference date: 07-04-2017 Through 07-04-2017",
}