Mitigating phishing threats
MetadataShow full item record
Due to the rapid development of the Internet, modern daily behaviour has become more efficient and convenient. The Internet has become an indispensable element in our daily life, providing significant resources to people whether for play, work or education. In addition, with the increased universality of mobile devices, a magnitude of services is at our fingertips, the efficiency of our life or work has improved. However, the negative side of this is the increase in cybercrimes, with large losses for both individuals and enterprises. Phishing is currently defined as a criminal mechanism employing both social engineering and technical subterfuge to gather any useful information such as user personal data or financial account credentials. Phishing threats have been in existence for many years, since the establishment of the Internet, and they have continuously evolved and increased in application. So far, phishing attacks have accounted for a large proportion of all malicious attacks, and they are a globally growing threat with an increasing frequency of known attacks. Phishing attacks are a major current cyber threat as they are always cheap to produce and easy to deploy, in particular, due to the development of E-commerce, either to an individual user or organization. For the individual, sensitive credentials are always of interest to phishers due to the development of E-commerce. For an enterprise, a successful phishing attack, such as a subdomain takeover attack, may affect their organization’s reputation as well as cause financial loss. Currently, most security vendors have been using different approaches to prevent phishing attacks. However, these solutions cannot keep up with the constant updating of phishing websites. In this thesis, web phishing attack types are classified into three different categories, from the shallower to the deeper. They are General Phishing Attack, Advanced Phishing Attack and Subdomain Takeover Attacks. The purpose of this thesis is to present an effective mitigation to defend against these phishing threats. From the shallower approach to a deeper, more complex approach, according to our defined categories of phishing threats, the specific mitigations and contributions are presented.
Thesis, PhD Doctor of Philosophy
Creative Commons Attribution 4.0 Internationalhttp://creativecommons.org/licenses/by/4.0/
Except where otherwise noted within the work, this item's licence for re-use is described as Creative Commons Attribution 4.0 International
Items in the St Andrews Research Repository are protected by copyright, with all rights reserved, unless otherwise indicated.