The State of Phishing An Analysis on The Indicators of Phishing Attacks

Tämän Pro Gradu -tutkielman tavoitteena oli analysoida kalasteluviestinnän sisältöä ja määritellä ne viestinnän piirteet, jotka viestinnän vastaanottava käyttäjä pystyy tunnistamaan kalastelun indikaattoreiksi. Tätä työtä ohjasi laajalti hyväksytty ajatus siitä, että käyttäjä on tietoturvallisuud...

Full description

Bibliographic Details
Main Author: Airaksinen, Miku
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:eng
Published: 2022
Subjects:
Online Access: https://jyx.jyu.fi/handle/123456789/81773
_version_ 1826225754942210048
author Airaksinen, Miku
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Airaksinen, Miku Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Airaksinen, Miku Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Airaksinen, Miku
datasource_str_mv jyx
description Tämän Pro Gradu -tutkielman tavoitteena oli analysoida kalasteluviestinnän sisältöä ja määritellä ne viestinnän piirteet, jotka viestinnän vastaanottava käyttäjä pystyy tunnistamaan kalastelun indikaattoreiksi. Tätä työtä ohjasi laajalti hyväksytty ajatus siitä, että käyttäjä on tietoturvallisuuden heikoin lenkki. Tämän vuoksi työ keskittyikin tarkastelemaan viestintää nimenomaan sellaisten tavanomaisten käyttäjien näkökulmasta, jotka eivät ole erityisen perehtyneitä tietoturvallisuuteen. Tämä rajaus johti myös siihen, että työtä varteen kehitettiin kokeellinen viitekehys, jonka avulla viestintää arvioitiin käyttäjän kontekstin näkökulmasta tarkastelemalla viestinnässä ilmeneviä kontekstuaalisia kalastelun indikaattoreita. Tutkimus toteutettiin keräämällä otos erilaisista kalasteluhyökkäyksistä jotka hyödyntävät erilaisia hyökkäysvektoreita. Näitä hyökkäyksiä analysoitiin työtä varten luodulla viitekehyksellä, jotta eri hyökkäyksien sisältämien sosiaalisten-, teknisten- ja kontekstuaalisten indikaattoreiden määrät saatiin selvitettyä. Tutkimuksen tulokset osoittavat, että käyttäjäkontekstiin liittyvät tekijät voivat toimia merkittävinä kalasteluindikaattoreina. Tämä on kuitenkin vain alustava löydös, jota pitää tutkia lisää. Tutkimuksessa osoitettiin myös se, että kalastelusivuilla ilmenevä merkittävä trendi on se, että sivut ovat useimmiten täydellisiä tai lähes täydellisiä väärennöksiä aidoista verkkosivuista. Tämä voi johtaa siihen, että käyttäjillä voi olla vaikeuksia tunnistaa sivustot kalastelusivuiksi. Lopuksi, tämän tutkielman tulokset viittaavat siihen, että kalasteluhyökkäyksissä ilmenevät indikaattorit voivat vaihdella merkittävästi riippuen siitä, mitä hyökkäysvektoria hyökkäyksessä käytetään. The goal of this thesis was to analyze the contents of phishing communications and determine the features within those communications that can be recognized as indicators of phishing by the users that receive the communications. This thesis was heavily influenced by the largely established notion of users being the weak link of information security. It was because of this idea that the approach of this thesis was focused on the common users that are generally not deeply knowledgeable on information security matters. The focus on how common users evaluate the communications also led to the idea of developing an experimental framework for recognizing phishing communications as such by evaluating user context by analyzing contextual phishing indicators. The research was conducted by collecting a sample of different phishing communications that utilize various attack vectors. These communications were then analyzed by using the developed experimental framework to discover the rate of occurrence of different social, technical, and contextual indicators within each phishing communication. The results of the research suggest that factors related to user context can be highly significant phishing indicators. This is still merely a preliminary finding that demands more research. It was also shown that a prominent trend within phishing websites is that the websites are most often perfect or nearly perfect fabrications of legitimate websites, which can make it difficult for users to recognize them as phishing sites. Lastly, the results of this thesis indicate that the set of indicators found in each attack can vary depending on which attack vector is utilized in the attack.
first_indexed 2022-06-16T20:00:53Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Vuorinen, Jukka", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Airaksinen, Miku", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2022-06-16T05:59:16Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2022-06-16T05:59:16Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2022", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/81773", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4m\u00e4n Pro Gradu -tutkielman tavoitteena oli analysoida kalasteluviestinn\u00e4n \nsis\u00e4lt\u00f6\u00e4 ja m\u00e4\u00e4ritell\u00e4 ne viestinn\u00e4n piirteet, jotka viestinn\u00e4n vastaanottava \nk\u00e4ytt\u00e4j\u00e4 pystyy tunnistamaan kalastelun indikaattoreiksi. T\u00e4t\u00e4 ty\u00f6t\u00e4 ohjasi \nlaajalti hyv\u00e4ksytty ajatus siit\u00e4, ett\u00e4 k\u00e4ytt\u00e4j\u00e4 on tietoturvallisuuden heikoin lenkki. \nT\u00e4m\u00e4n vuoksi ty\u00f6 keskittyikin tarkastelemaan viestint\u00e4\u00e4 nimenomaan sellaisten \ntavanomaisten k\u00e4ytt\u00e4jien n\u00e4k\u00f6kulmasta, jotka eiv\u00e4t ole erityisen perehtyneit\u00e4 \ntietoturvallisuuteen. T\u00e4m\u00e4 rajaus johti my\u00f6s siihen, ett\u00e4 ty\u00f6t\u00e4 varteen kehitettiin\nkokeellinen viitekehys, jonka avulla viestint\u00e4\u00e4 arvioitiin k\u00e4ytt\u00e4j\u00e4n kontekstin \nn\u00e4k\u00f6kulmasta tarkastelemalla viestinn\u00e4ss\u00e4 ilmenevi\u00e4 kontekstuaalisia \nkalastelun indikaattoreita.\n\nTutkimus toteutettiin ker\u00e4\u00e4m\u00e4ll\u00e4 otos erilaisista kalasteluhy\u00f6kk\u00e4yksist\u00e4 \njotka hy\u00f6dynt\u00e4v\u00e4t erilaisia hy\u00f6kk\u00e4ysvektoreita. N\u00e4it\u00e4 hy\u00f6kk\u00e4yksi\u00e4 analysoitiin \nty\u00f6t\u00e4 varten luodulla viitekehyksell\u00e4, jotta eri hy\u00f6kk\u00e4yksien sis\u00e4lt\u00e4mien \nsosiaalisten-, teknisten- ja kontekstuaalisten indikaattoreiden m\u00e4\u00e4r\u00e4t saatiin \nselvitetty\u00e4.\n\nTutkimuksen tulokset osoittavat, ett\u00e4 k\u00e4ytt\u00e4j\u00e4kontekstiin liittyv\u00e4t tekij\u00e4t \nvoivat toimia merkitt\u00e4vin\u00e4 kalasteluindikaattoreina. T\u00e4m\u00e4 on kuitenkin vain \nalustava l\u00f6yd\u00f6s, jota pit\u00e4\u00e4 tutkia lis\u00e4\u00e4. Tutkimuksessa osoitettiin my\u00f6s se, ett\u00e4 \nkalastelusivuilla ilmenev\u00e4 merkitt\u00e4v\u00e4 trendi on se, ett\u00e4 sivut ovat useimmiten \nt\u00e4ydellisi\u00e4 tai l\u00e4hes t\u00e4ydellisi\u00e4 v\u00e4\u00e4renn\u00f6ksi\u00e4 aidoista verkkosivuista. T\u00e4m\u00e4 voi \njohtaa siihen, ett\u00e4 k\u00e4ytt\u00e4jill\u00e4 voi olla vaikeuksia tunnistaa sivustot \nkalastelusivuiksi. Lopuksi, t\u00e4m\u00e4n tutkielman tulokset viittaavat siihen, ett\u00e4 \nkalasteluhy\u00f6kk\u00e4yksiss\u00e4 ilmenev\u00e4t indikaattorit voivat vaihdella merkitt\u00e4v\u00e4sti \nriippuen siit\u00e4, mit\u00e4 hy\u00f6kk\u00e4ysvektoria hy\u00f6kk\u00e4yksess\u00e4 k\u00e4ytet\u00e4\u00e4n.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The goal of this thesis was to analyze the contents of phishing communications \nand determine the features within those communications that can be recognized \nas indicators of phishing by the users that receive the communications. This thesis \nwas heavily influenced by the largely established notion of users being the \nweak link of information security. It was because of this idea that the approach \nof this thesis was focused on the common users that are generally not deeply \nknowledgeable on information security matters. The focus on how common users evaluate \nthe communications also led to the idea of developing an experimental framework for \nrecognizing phishing communications as such by evaluating user context by analyzing \ncontextual phishing indicators.\n\nThe research was conducted by collecting a sample of different phishing \ncommunications that utilize various attack vectors. These communications were \nthen analyzed by using the developed experimental framework to discover the \nrate of occurrence of different social, technical, and contextual indicators within \neach phishing communication.\n\nThe results of the research suggest that factors related to user context can \nbe highly significant phishing indicators. This is still merely a preliminary finding that \ndemands more research. It was also shown that a prominent trend within \nphishing websites is that the websites are most often perfect or nearly perfect \nfabrications of legitimate websites, which can make it difficult for users to recognize \nthem as phishing sites. Lastly, the results of this thesis indicate that the set \nof indicators found in each attack can vary depending on which attack vector is \nutilized in the attack.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Miia Hakanen (mihakane@jyu.fi) on 2022-06-16T05:59:16Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2022-06-16T05:59:16Z (GMT). No. of bitstreams: 0\n Previous issue date: 2022", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "68", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "Social Engineering", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "Information Security", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "The State of Phishing : An Analysis on The Indicators of Phishing Attacks", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202206163382", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "indikaattorit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "konteksti", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkourkinta", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "k\u00e4ytt\u00e4j\u00e4t", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "huijaus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkohy\u00f6kk\u00e4ykset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "indicators", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "context", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "phishing", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "users", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "scam", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber attacks", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_81773
language eng
last_indexed 2025-02-18T10:54:27Z
main_date 2022-01-01T00:00:00Z
main_date_str 2022
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/b4de3111-d326-4cc7-b9ae-79f1cd55f89e\/download","text":"URN:NBN:fi:jyu-202206163382.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2022
record_format qdc
source_str_mv jyx
spellingShingle Airaksinen, Miku The State of Phishing : An Analysis on The Indicators of Phishing Attacks Social Engineering Information Security Kyberturvallisuus 601 indikaattorit konteksti verkkourkinta käyttäjät huijaus kyberturvallisuus verkkohyökkäykset indicators context phishing users scam cyber security cyber attacks
title The State of Phishing : An Analysis on The Indicators of Phishing Attacks
title_full The State of Phishing : An Analysis on The Indicators of Phishing Attacks
title_fullStr The State of Phishing : An Analysis on The Indicators of Phishing Attacks The State of Phishing : An Analysis on The Indicators of Phishing Attacks
title_full_unstemmed The State of Phishing : An Analysis on The Indicators of Phishing Attacks The State of Phishing : An Analysis on The Indicators of Phishing Attacks
title_short The State of Phishing
title_sort state of phishing an analysis on the indicators of phishing attacks
title_sub An Analysis on The Indicators of Phishing Attacks
title_txtP The State of Phishing : An Analysis on The Indicators of Phishing Attacks
topic Social Engineering Information Security Kyberturvallisuus 601 indikaattorit konteksti verkkourkinta käyttäjät huijaus kyberturvallisuus verkkohyökkäykset indicators context phishing users scam cyber security cyber attacks
topic_facet 601 Information Security Kyberturvallisuus Social Engineering context cyber attacks cyber security huijaus indicators indikaattorit konteksti kyberturvallisuus käyttäjät phishing scam users verkkohyökkäykset verkkourkinta
url https://jyx.jyu.fi/handle/123456789/81773 http://www.urn.fi/URN:NBN:fi:jyu-202206163382
work_keys_str_mv AT airaksinenmiku stateofphishingananalysisontheindicatorsofphishingattacks AT airaksinenmiku thestateofphishingananalysisontheindicatorsofphishingattacks