FORENSIC CHARACTERISTICS OF PHISHING - Petty Theft or Organized Crime?

Stephen McCombie; Paul Watters; Alex Ng; Brett Watson

doi:10.5220/0001524401490157

FORENSIC CHARACTERISTICS OF PHISHING - Petty Theft or Organized Crime?

Stephen McCombie, Paul Watters, Alex Ng, Brett Watson

2008

Abstract

Phishing, as a means of pilfering private consumer information by deception, has become a major security concern for financial institutions and their customers. Gartner estimated losses in 2006 to phishing in the US were approximately USD$2.8 Billion. Little has been published on the forensic characteristics exhibited in phishing e-mail. We hypothesize that shared features of phishing e-mails can be used as the basis for grouping perpetrators using at least a common modus operandi, and at most, a level of criminal organization – i.e., we suggest that phishing activities are carried out by a small number of highly specialized phishing gangs, rather than a large number of random and unrelated individuals using similar techniques. Analysis of repeated phishing e-mails samples at a major Australian financial institution – using a criminal intelligence methodology - revealed that 6 groups, from a sample of 500,000 spam e-mails, could be uniquely classified by constructing simple decision rules based on observed feature sets, and that 3 groups were responsible for 86% of all incidents. These results suggest that – at least for the institution concerned – there appears to be a level of criminal organization in phishing attacks.

Download

Paper Citation

in Harvard Style

McCombie S., Watters P., Ng A. and Watson B. (2008). FORENSIC CHARACTERISTICS OF PHISHING - Petty Theft or Organized Crime? . In Proceedings of the Fourth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-8111-26-5, pages 149-157. DOI: 10.5220/0001524401490157

in Bibtex Style

@conference{webist08,
author={Stephen McCombie and Paul Watters and Alex Ng and Brett Watson},
title={FORENSIC CHARACTERISTICS OF PHISHING - Petty Theft or Organized Crime?},
booktitle={Proceedings of the Fourth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2008},
pages={149-157},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001524401490157},
isbn={978-989-8111-26-5},
}

in EndNote Style

TY - CONF
JO - Proceedings of the Fourth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - FORENSIC CHARACTERISTICS OF PHISHING - Petty Theft or Organized Crime?
SN - 978-989-8111-26-5
AU - McCombie S.
AU - Watters P.
AU - Ng A.
AU - Watson B.
PY - 2008
SP - 149
EP - 157
DO - 10.5220/0001524401490157