TY - GEN
T1 - What happens after you leak your password
T2 - 2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019
AU - Peng, Peng
AU - Xu, Chao
AU - Quinn, Luke
AU - Hu, Hang
AU - Viswanath, Bimal
AU - Wang, Gang
N1 - Funding Information:
We would like to thank the anonymous reviewers for their helpful feedback. This project was supported in part by NSF grants CNS- 1750101 and CNS-1717028, and Google Research. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of any funding agencies.
Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/7/2
Y1 - 2019/7/2
N2 - Phishing has been a big concern due to its active roles in recent data breaches and state-sponsored attacks. While existing works have extensively analyzed phishing websites and their operations, there is still a limited understanding of the information sharing flows throughout the end-to-end phishing process. In this paper, we perform an empirical measurement on the transmission and sharing of stolen login credentials. Over 5 months, our measurement covers more than 179,000 phishing URLs (47,000 live phishing sites). First, we build a measurement tool to feed fake credentials to live phishing sites. The goal is to monitor how the credential information is shared with the phishing server and potentially third-party collectors on the client side. Second, we obtain phishing kits from a subset of phishing sites to analyze how credentials are sent to attackers and third-parties on the server side. Third, we set up honey accounts to monitor the post-phishing exploitation activities from attackers. Our study reveals the key mechanisms for information sharing during phishing, particularly with third-parties. We also discuss the implications of our results for phishing defenses.
AB - Phishing has been a big concern due to its active roles in recent data breaches and state-sponsored attacks. While existing works have extensively analyzed phishing websites and their operations, there is still a limited understanding of the information sharing flows throughout the end-to-end phishing process. In this paper, we perform an empirical measurement on the transmission and sharing of stolen login credentials. Over 5 months, our measurement covers more than 179,000 phishing URLs (47,000 live phishing sites). First, we build a measurement tool to feed fake credentials to live phishing sites. The goal is to monitor how the credential information is shared with the phishing server and potentially third-party collectors on the client side. Second, we obtain phishing kits from a subset of phishing sites to analyze how credentials are sent to attackers and third-parties on the server side. Third, we set up honey accounts to monitor the post-phishing exploitation activities from attackers. Our study reveals the key mechanisms for information sharing during phishing, particularly with third-parties. We also discuss the implications of our results for phishing defenses.
KW - Honey Account
KW - Measurement
KW - Phishing
UR - http://www.scopus.com/inward/record.url?scp=85069973650&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85069973650&partnerID=8YFLogxK
U2 - 10.1145/3321705.3329818
DO - 10.1145/3321705.3329818
M3 - Conference contribution
AN - SCOPUS:85069973650
T3 - AsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security
SP - 181
EP - 192
BT - AsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 9 July 2019 through 12 July 2019
ER -