ICCII-2018

A Survey on Deceptive Phishing attacks in

Social Networking Environments
Presented by
Mohammed Mahmood Ali1, Mohammad S. Qaseem2,
Md. Ateeq ur Rahman3

Paper ID 107, Track - Networks - 29/12/2018

 Abstract
• Social Phishers continuously adapt the novel trapping techniques of prying
usernames and passwords by establishing a friendly relationship through
microblog messages using various Social Networking Environments (SNEs)
for Financial benefits.
• APWG report of 2018 shows the successive rise in phishing attacks via
URLS, fake websites, spoofed e-mail links, domain name usage and Social
media content [1].
• Innumerable defending techniques had been proposed earlier, but are still
vulnerable due to exchange of compromised microblogs in SNEs resulting
in leaking of confidential information and falling prey to phishers attack.
• To mitigate the latent fraudulent phishing mechanisms there is a scope
and an immense need to get rid from phishing attacks in SNEs.
• This paper surveys and analyzes the various Social Phishing detection and
prevention mechanisms that are developed for SNEs.
 Introduction
• Social Phishing is used to trace the privacy
information without users knowledge by sending
social messages to gain the victims
trustworthiness and confidentiality.
• Early research studies detected phishing from
emails, URLs, websites and Domain name usages.
• Much research was not done towards the
surveillance of social phishing in Social Netwoking
Environments (SNEs) Facebook, Twitter, Linkedin,
Instagram, chatbots, WhatsApp, Pinterest and
many more messaging applications.
 Current Scenario
• To open an account, the confidential data is supposed to be
uploaded willingly such as Account name, Place, Residential
address, Contact numbers, Current Job address, Educational
details, Job description and its experience, personal preferences,
hobbies, likes, dislikes, interests, Profile photo etc.
• Two-step-verification strategy of linking Mobile numbers to
accounts is embedded, email accounts are merged with Facebook
and other Social Networking accounts opening a hidden channel for
social phishing attacks.
• Google links unique mobile number with their gmail accounts for
restricting the users to limit the opening of multiple accounts upto
Ten (10), by appending a Three-Step verification of sending an OTP
(One-Time Password) in the name of high level secure security. At
one end by using OTP the Google can trace the users location,
latitudes, longitudes through google maps and can locate the
person very easily which is hidden from the users[5].
 Ultimately a virtual trap …..

• Social Networks traps out the personal and confidential

information without the users knowledge unknowingly.
• The user’s personal information is used by various
marketing and other agencies, phishers for phishing
attacks [18].

• Lesson learnt : Social users to carefully make use of

personal information while chatting with others on
various SNEs for security reasons to avoid blocking of
online banking transactions
 Modus Operandi
• Phishers may adopt various SNEs to trap social
users for leaking out confidential information.
These phishers keep track of users for certain
period of time may be for weeks or months, not
only from SNEs but also by making phone calls
pretending themselves as official authorized
personal requesting to share information such as
birth place, date, job, martial status, credit cards,
bank accounts, and PAN details through
questionnaires pattern.
 Scenario – 1
Chatmate -1 (phisher) Chatmate -2 (IM user)
I wil deposit the amount to ur account, give yes, my Account number:
ur account details 30527854265, Account name:
Raghu Vamshi, Bank: HDFC,
Branch IFSC code: 74585

Received money, Thanxs a lot…..

Pls., pay back (50%) money after 3 weeks to Ok, sure. Can u pls. send your
my account as promised by u account details

Ok. My Account number: 45565221253, Hi, 9980423222 is mobile number

Account name: Praveen, Bank name: AXIS, 20/2/1987
Branch IFSC code: 58747 …… ; whats your (Table 1)
phone number and DOB please

Table 1, that depicts how a phisher plans and forwards spoofed social messages
unanimously and then establishes a fraudulent association to deceive social users for
financial benefits in SNEs. The above information is enough to block online Bank
transactions of customers,
 Scenario 2

(Figure 1)

The elliptical marked messages represents that the account is blocked for a day i.e., 24
hours. Further, the leaked private information such as Account number, Mobile number,
and Date of birth of a particular user which is shown in Table 1, is effectively used by a
phisher that aids for generation of new password as shown in Fig. 2
 Scenario 2 contd ..

(Figure 2)
Intelligent technologies that involve Deep learning, Artificial Intelligence
and Machine learning techniques are collaboratively used by phishers and
hackers on SNEs resulting in harming and destroying online transactions in
different fields of domains which is unimaginable.
 Literature Survey
• Identifying SPIM (Semantic Personalized Information Management)
microblogs by using advanced technologies, among them one of
machine learning technique is used to detect spam bots in Twitters
is explored [6].
• Machine learning approach is effectively used in detecting and
identifying the political goons that misuse the social media [7].
• In another approach analyzing the tweets that constitutes of
malicious keywords using Bayesian approach for predicting phishers
is explored [8].
• To detect polluters from SNEs (Facebook and Twitter) a hybrid
supervised classifier is proposed that minimizes the burden for
service providers [10].
• Serious concern of various attacks and its consequences in online
Social Networks (OSN) is discussed, further to reduce OSN attacks
the solutions that exists to mitigate is pin-pointed [9] [19].
 Literature Survey Contd..
• Many of the machines learning approaches are used to detect
phishing only after committing of attacks that comprises of new
keywords, new urls, new links and new domain names which must be
frequently updated into the historical phishing database to avoid the
future attacks. A recent study suggested that use of pre-defined rules
can dynamically detect words and is bit faster showing accurate result,
further no training is required [14].
• An alternate approach implemented the surveillance of the Social
phishing attack in SNEs named as Anti-Phishing detection system
(APDs) that solely depends on pre-defined words [12].
• An enhanced APD system for detecting the social phishing words at
run-time from text and audio is developed [13].
• An integrated APD system using data mining and Wordnet Ontology
was developed to detect and then predict the deceptive phishing
words from SNEs [11].
• Other approaches use Probabilistic GSHL algorithm with pre-defined
logical rules & WordNet Ontology for predicting the phishing words in
microblogs from Social Networking Sites (SNS) [11], [12], [13].
 Generalized architecture for Phishing
Detection System in SNEs

(Figure 2)

Databases like TDB (to store user messages), TPDB (stores phishing patterns found),
SSPWDB (set of suspicious pre-defined phishing rules) & KDB (stores domain with set of
phishing words), ODB (uses OBIE model for predicting phishing words from microblogs
using WordNet, which is guided with pre-defined logical rules) [15].
 APD Algorithm
• The APD algorithm initiates the steps for capturing the phishing words
that are exchanged between the users by using GSHL and Tree Alignment
Algorithms as discussed in [15]. These messages are stored in Text
database (TDB), where unnecessary words are filtered using OBIE
technique (stemming, N-gram technique, ignore words).
• The frequently recurring words are extracted from the TDB dynamically
using Association rule mining technique and pre-defined rules guided
with Ontology database (ODB), later these words are pushed to TPDB. The
metadata stores the gist of information related to microblogs sent in SNEs.
• Once the Phishing words are detected, the message is considered as
phishing, as shown in Table 1. The KDB maintains the detected stem words
along with the domain (i.e. type of Phishing activity).
• Profile details are traced from EDB, which are provided during the creation
of an email id, with the aid of Relational Wrapper Algorithm [15].
• The SNEs user account through which the phishing words are sent is
tracked using metadata, and the victim is alerted.
Analysis of microblogs from SNS predicts the phishing words dynamically during
the chatting session at run-time and then generates an alert pop-up to the users
on which this system (APD algorithm) is configured
Comparative Analysis of Phishing detection
approaches
Title of Paper Textual Pre-defined rules WordNet Text and Audio Approach used Drawback
detection Ontology
APD [16] Yes No, but frequent Not Supported Not Supported Apriori Algorithm Excessive training
patterns
APD [12] Yes partial, but Not Supported Not Supported Apriori Algorithm & One level of
frequent patterns Updating of frequent Frequent patterns
updated patterns is reduced

APD [13] Yes Initial stage use Terminological Supported Pre-defined rules Processing time is
of Predefined Ontological mapped and then high, accuracy
Integrated with speech, reduced due to
using LPC and FFT inefficiency of pitch
technique signals of voices
APDS [11] Yes Yes Terminological Not Supported OBIE Approach used few phishing words
Ontology used are ignored
CBA [17] Yes Context based Terminological Not Supported Classification based Classifying & then
rules Ontological words Association rules & applying
are used instead of GSHL Algorithm association rules,
formal Ontology excepted tree is
not formed, time
taken is more

APD[15] Yes Yes Supported Not supported Probabilistic GSHL & Short-form words
Tree alignment are ignored
algorithms

(Table 2)
 Conclusion
• In this paper we have surveyed various earlier approaches that
were used to detect phishing from microblogs specifically in SNEs.
In all Eight (8) survey papers were thoroughly reviewed that were
related to deceptive phishing attacks in SNEs.
• One of the reasons that can be concluded from APWG reports [1]
[2], is that this report has neglected the online social phishing
attacks that are yet happening from instant messaging
applications [9].
• In Section 2, we have explored the problems faced with a detailed
scenario of tracing out confidential information from SNEs through
spoofed social messages by phishers.
• To overcome these problems, the APD algorithm is discussed in
Section 4 that can be effectively integrated into SNEs, so that an
alarming alert is given to the users of SNEs if it is configured
efficiently [15].
 Future Scope
• Phishing words that are sent using Short-form
notations are ignored by APD system.
• Multi-lingual Phishing words are not identified by
APD system.
• Understanding the Psychology of phishers is
another research area that needs to be explored.
• If deceptive social phishing messages are sent in
any other formats such as multimedia (Images,
Audio and Video) apart from textual are deferred
by APD system.
 References
1. APWG : Anti-Phishing Working Group report, 2018. (link: http://docs
.apwg.org/reports/apwg_trends_report_q1_2018.pdf) (accessed on 17th Sept 2018).
2. [Online] https://www.antiphishing.org/resources/apwg-reports/
3. Jagatic, T.: Social Phishing. In: School of Informatics, Indiana University, Bloomington (2005).
4. Joseph Bonneau, Jonathan Anderson, George Danezis.: Prying Data out of a Social Network. In:
proceedings of Advances in Social Networks Analysis and Mining (2009).
5. Yi-Bing Lin, Min-Zheng Shieh, Yun-Wei Lin & Hsin-Ya Chen.: MapTalk: mosaicking physical objects
into the cyber world. In: Cyber-Physical Systems, published by TandFonline (2018).
6. Alex Hai Wang.: Detecting Spam Bots in Online Social Networking Sites: A Machine Learning
Approach. In: proceedings of ACM (2010).
7. J. Ratkiewicz, M. D. Conover, M. Meiss, B. Gonc¸alves, A. Fla.: Detecting and Tracking Political
Abuse in Social Media. In: Proceedings of the Fifth International AAAI Conference on Weblogs and
Social Media, Association for the Advancement of Artificial (2011).
8. K. Beck.: Analyzing tweets to identify malicious messages. In: IEEE International Conference on
Electro/Information Technology (EIT), pages 1–5. IEEE (2011).
9. Imrul Kayes, Adriana Iamnitchi.: Privacy and security in online social networks: A survey In:
proceeding of Online Social Networks and Media, Vol. 3-4, pp. 1–21, Elsevier, (2017).
10. Byung Joon Park, Jin Seop Han.: Efficient decision support for detecting content polluters on
social networks: an approach based on automatic knowledge acquisition from behavioral patterns.:
Information Technology and Management, Volume 17, Number 1, (2016).
 References Contd ..
11. Mohd S. Qaseem, Nayeemuddin, et. al.: APDs: Framework for Surveillance of Phishing words in Instant
Messaging Systems Using Data Mining and Ontology. In: Symposium of TechSym, Article No. 486, IEEE. (2014).
12. Mohd Mahmood Ali, Lakshmi Rajamani.: APD: ARM Deceptive Phishing Detector System Phishing Detection in
Instant Messengers Using Data Mining Approach.: Global Trends in Computing and Communication Systems, CCIS
269, pp. 490-502, Springer (2012).
13. Mohd Mahmood Ali, Lakshmi Rajamani.: Deceptive phishing detection system: from audio and text messages
in instant messengers using data mining approach. In: Proceedings of the IEEE International Conference on Pattern
Recognition,Informatics and Medical Engineering, pp. 458-463, IEEE (2012).
14. Thelwall M.: TensiStrength: stress and relaxation magnitude detection for social media texts. : journal of
information processing & management, Vol. 53, Issue 1, pp. 106-121, Elsevier (2017).
15. Mohd Mahmood Ali, al.: An approach for deceptive phishing detection and prevention in social networking
sites using data mining and wordnet ontology. In: International conference on Electrical, Electronics, Signals
Communication and Optimization (EESCO), IEEE (2015).
16. Mohd Mahmood Ali, Lakshmi Rajamani.: APD: ARM Phishing Detector A System for Detecting Phishing in
Instant Messengers.: International Journal of Information processing, Vol. 5, Issue 2, pp. 22-30, IK publishers, India
(2011).
17. Mohammad S. Qaseem, A. Govardhan.: Phishing Detection in IMs using Domain Ontology and CBA - An
innovative Rule Generation Approach.: International Journal of Information Sciences and Techniques (IJIST) Vol.4,
No.4/5/6, India (2014).
18. Anjum N. Shaikh, Antesar M. Shabut, M.A. Hossain.: A Literature Review on Phishing Crime, Prevention
Review and Investigation of Gaps. In: 10th International Conference on Software, Knowledge, Information
Management & Applications (SKIMA), IEEE, (2016).
19. Surbhi Gupta, Abhishek Singha, Akanksha Kapoor, :A literature survey on social engineering attacks: Phishing
attack, In: International Conference on Computing, Communication and Automation (ICCCA), IEEE (2016).
Queries ????
Thank You