Skip to main content
SpringerLink
Log in

Microtargeting or Microphishing? Phishing Unveiled

  • Conference paper
  • First Online:
Book cover Trust, Privacy and Security in Digital Business (TrustBus 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12395))

Included in the following conference series:

Abstract

Online advertisements delivered via social media platforms function in a similar way to phishing emails. In recent years there has been a growing awareness that political advertisements are being microtargeted and tailored to specific demographics, which is analogous to many social engineering attacks. This has led to calls for total bans on this kind of focused political advertising. Additionally, there is evidence that phishing may be entering a more developed phase using software known as Phishing as a Service to collect information on phishing or social engineering, potentially facilitating microphishing campaigns. To help understand such campaigns, a set of well-defined metrics can be borrowed from the field of digital marketing, providing novel insights which inform phishing email analysis. Our work examines in what ways digital marketing is analogous to phishing and how digital marketing metric techniques can be used to complement existing phishing email analysis. We analyse phishing email datasets collected by the University of Houston in comparison with Corporate junk email and microtargeting Facebook Ad Library datasets, thus comparing these approaches and their results using Weka, URL mismatch and visual metrics analysis. Our evaluation of the results demonstrates that phishing emails can be joined up in unexpected ways which are not revealed using traditional phishing filters. However such microphishing may have the potential to gather, store and analyse social engineering information to be used against a target at a later date in a similar way to microtargeting.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Cosentino, G.: The post-truth world order. Social Media and the Post-Truth World Order, pp. 1–31. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-43005-4_1

    Chapter  Google Scholar 

  2. Cadwalladr, C., Graham-Harrison, E.: Revealed: 50 million Facebook profiles harvested for Cambridge analytica in major data breach. Guardian 17, 22 (2018)

    Google Scholar 

  3. Gordon, B.R., Zettelmeyer, F., Bhargava, N., Chapsky, D.: A comparison of approaches to advertising measurement: evidence from big field experiments at Facebook. Market. Sci. 38(2), 193–225 (2019)

    Article  Google Scholar 

  4. Goldman, M., Rao, J.: Experiments as instruments: heterogeneous position effects in sponsored search auctions. EAI Endorsed Trans. Ser. Games 3(11), e2 (2016)

    Google Scholar 

  5. Park, G., Taylor, J.M.: Poster: Syntactic element similarity for phishing detection (2015)

    Google Scholar 

  6. Kandias, M., Stavrou, V., Bozovic, N., Mitrou, L., Gritzalis, D.: Can we trust this user? predicting insider’s attitude via Youtube usage profiling. In: IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing, pp. 347–354. IEEE (2013)

    Google Scholar 

  7. Kintis, P., et al.: Hiding in plain sight: a longitudinal study of combosquatting abuse. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 569–586. ACM (2017)

    Google Scholar 

  8. Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The WEKA data mining software: an update. ACM SIGKDD Explor. Newsl. 11(1), 10–18 (2009)

    Article  Google Scholar 

  9. Silva, M., de Oliveira, L.S., Andreou, A., de Melo, P.O.V., Goga, O., Benevenuto, F.: Facebook ads monitor: an independent auditing system for political ads on Facebook. arXiv preprint arXiv:2001.10581 (2020)

  10. Egozi, G., Verma, R.: Phishing email detection using robust NLP techniques. In: IEEE International Conference on Data Mining Workshops (ICDMW), pp. 7–12. IEEE (2018)

    Google Scholar 

  11. McDowell, M.: Avoiding social engineering and phishing attacks (2004). http://www.us-cert.gov/cas/tips/ST04-014.html

  12. Symantec, I.: Internet security threat report. Broadcom (2019)

    Google Scholar 

  13. Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Advanced social engineering attacks. J. Inf. Secur. Appl. 22, 113–122 (2015)

    Google Scholar 

  14. Das, A., Baki, S., El Aassal, A., Verma, R., Dunbar, A.: SOK: a comprehensive reexamination of phishing research from the security perspective. IEEE Commun. Surv. Tutor. 22(1), 671–708 (2019)

    Article  Google Scholar 

  15. Meijdam, K.: Phishing as a service: designing an ethical way of mimicking targeted phishing attacks to train employees (2015)

    Google Scholar 

  16. Wenyin, L., Huang, G., Xiaoyue, L., Min, Z., Deng, X.: Detection of phishing webpages based on visual similarity. In: Special Interest Tracks and Posters of the 14th International Conference on World Wide Web, pp. 1060–1061 (2005)

    Google Scholar 

  17. Vanderdoncktf, J., Ouedraogo, M.: A comparison of placement strategies for effective visual design. People Comput. IX, 125 (1994)

    Google Scholar 

  18. An, D.: Advertising visuals in global brands’ local websites: a six-country comparison. Int. J. Advert. 26(3), 303–332 (2007)

    Article  MathSciNet  Google Scholar 

  19. Myers, G.: Words in Ads. Edward Arnold, London (1994)

    Google Scholar 

  20. Stieglitz, S., Dang-Xuan, L.: Emotions and information diffusion in social media–sentiment of microblogs and sharing behavior. J. Manage. Inf. Syst. 29(4), 217–248 (2013)

    Article  Google Scholar 

  21. Halevi, T., Lewis, J., Memon, N.: Phishing, personality traits and Facebook. arXiv preprint arXiv:1301.7643 (2013)

  22. Kim, T., Barasz, K., John, L.K.: Why am i seeing this ad? The effect of ad transparency on ad effectiveness. J. Consum. Res. 45(5), 906–932 (2019)

    Article  Google Scholar 

  23. Djamasbi, S., Siegel, M., Skorinko, J., Tullis, T.: Online viewing and aesthetic preferences of generation Y and the baby boom generation: testing user web site experience through eye tracking. Int. J. Electron. Commer. 15(4), 121–158 (2011)

    Article  Google Scholar 

  24. Mao, J., Li, P., Li, K., Wei, T., Liang, Z.: BaitAlarm: detecting phishing sites using similarity in fundamental visual features. In: 5th International Conference on Intelligent Networking and Collaborative Systems, pp. 790–795. IEEE (2013)

    Google Scholar 

  25. Medvet, E., Kirda, E., Kruegel, C.: Visual-similarity-based phishing detection. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, pp. 1–6 (2008)

    Google Scholar 

  26. Fu, A.Y., Wenyin, L., Deng, X.: Detecting phishing web pages with visual similarity assessment based on earth mover’s distance (EMD). IEEE Trans. Dependable Secure Comput. 3(4), 301–311 (2006)

    Article  Google Scholar 

  27. Fette, I., Sadeh, N., Tomasic, A.: Learning to detect phishing emails. In: Proceedings of the 16th International Conference on World Wide Web, pp. 649–656 (2007)

    Google Scholar 

  28. Rzemieniak, M.: Measuring the effectiveness of online advertising campaigns in the aspect of e-entrepreneurship. Procedia Comput. Sci. 65, 980–987 (2015)

    Article  Google Scholar 

  29. Bruce, N.I., Murthi, B., Rao, R.C.: A dynamic model for digital advertising: the effects of creative format, message content, and targeting on engagement. J. Market. Res. 54(2), 202–218 (2017)

    Article  Google Scholar 

  30. Johnson, G.A., Lewis, R.A., Nubbemeyer, E.I.: Ghost ads: improving the economics of measuring online ad effectiveness. J. Market. Res. 54(6), 867–884 (2017)

    Article  Google Scholar 

  31. You, Q., Luo, J., Jin, H., Yang, J.: Robust image sentiment analysis using progressively trained and domain transferred deep networks. In: Twenty-Ninth AAAI Conference on Artificial Intelligence (2015)

    Google Scholar 

  32. Shi, L., Wang, Q., Ma, X., Weng, M., Qiao, H.: Spam email classification using decision tree ensemble. J. Comput. Inf. Syst. 8(3), 949–956 (2012)

    Google Scholar 

  33. Li, W., Meng, W., Tan, Z., Xiang, Y.: Design of multi-view based email classification for IoT systems via semi-supervised learning. J. Netw. Comput. Appl. 128, 56–63 (2019)

    Article  Google Scholar 

  34. Schroeder, W.: Testing web sites with eyetracking. Eye for design (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing, Edinburgh Napier University, Edinburgh, UK

    Bridget Khursheed, Nikolaos Pitropakis & Sean McKeown

  2. Department of Digital Systems, University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

Authors
  1. Bridget Khursheed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nikolaos Pitropakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sean McKeown
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Costas Lambrinoudakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nikolaos Pitropakis .

Editor information

Editors and Affiliations

  1. School of Engineering, University of the Aegean, Karlovassi, Samos, Greece

    Stefanos Gritzalis

  2. SBA Research, Vienna, Wien, Austria

    Edgar R. Weippl

  3. Johannes Kepler University of Linz, Linz, Oberösterreich, Austria

    Gabriele Kotsis

  4. Vienna University of Technology, Vienna, Wien, Austria

    A Min Tjoa

  5. Johannes Kepler University of Linz, Linz, Oberösterreich, Austria

    Ismail Khalil

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Khursheed, B., Pitropakis, N., McKeown, S., Lambrinoudakis, C. (2020). Microtargeting or Microphishing? Phishing Unveiled. In: Gritzalis, S., Weippl, E.R., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2020. Lecture Notes in Computer Science(), vol 12395. Springer, Cham. https://doi.org/10.1007/978-3-030-58986-8_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-58986-8_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-58985-1

  • Online ISBN: 978-3-030-58986-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation