What happens after you leak your password: Understanding credential sharing on phishing sites

Peng Peng, Chao Xu, Luke Quinn, Hang Hu, Bimal Viswanath, Gang Wang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Phishing has been a big concern due to its active roles in recent data breaches and state-sponsored attacks. While existing works have extensively analyzed phishing websites and their operations, there is still a limited understanding of the information sharing flows throughout the end-to-end phishing process. In this paper, we perform an empirical measurement on the transmission and sharing of stolen login credentials. Over 5 months, our measurement covers more than 179,000 phishing URLs (47,000 live phishing sites). First, we build a measurement tool to feed fake credentials to live phishing sites. The goal is to monitor how the credential information is shared with the phishing server and potentially third-party collectors on the client side. Second, we obtain phishing kits from a subset of phishing sites to analyze how credentials are sent to attackers and third-parties on the server side. Third, we set up honey accounts to monitor the post-phishing exploitation activities from attackers. Our study reveals the key mechanisms for information sharing during phishing, particularly with third-parties. We also discuss the implications of our results for phishing defenses.

Original languageEnglish (US)
Title of host publicationAsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages181-192
Number of pages12
ISBN (Electronic)9781450367523
DOIs
StatePublished - Jul 2 2019
Externally publishedYes
Event2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019 - Auckland, New Zealand
Duration: Jul 9 2019Jul 12 2019

Publication series

NameAsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

Conference

Conference2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019
CountryNew Zealand
CityAuckland
Period7/9/197/12/19

Keywords

  • Honey Account
  • Measurement
  • Phishing

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Computer Science Applications

Fingerprint Dive into the research topics of 'What happens after you leak your password: Understanding credential sharing on phishing sites'. Together they form a unique fingerprint.

Cite this