Mitigating phishing threats

  • Yunjia Wang

Student thesis: Doctoral Thesis (PhD)

Abstract

Due to the rapid development of the Internet, modern daily behaviour has become more efficient and convenient. The Internet has become an indispensable element in our daily life, providing significant resources to people whether for play, work or education. In addition, with the increased universality of mobile devices, a magnitude of services is at our fingertips, the efficiency of our life or work has improved. However, the negative side of this is the increase in cybercrimes, with large losses for both individuals and enterprises. Phishing is currently defined as a criminal mechanism employing both social engineering and technical subterfuge to gather any useful information such as user personal data or financial account credentials. Phishing threats have been in existence for many years, since the establishment of the Internet, and they have continuously evolved and increased in application. So far, phishing attacks have accounted for a large proportion of all malicious attacks, and they are a globally growing threat with an increasing frequency of known attacks. Phishing attacks are a major current cyber threat as they are always cheap to produce and
easy to deploy, in particular, due to the development of E-commerce, either to an individual user or organization. For the individual, sensitive credentials are always of interest to phishers due to the development of E-commerce. For an enterprise, a successful phishing attack, such as a subdomain takeover attack, may affect their organization’s reputation as well as cause financial loss. Currently, most security vendors have been using different approaches to prevent phishing attacks. However, these solutions cannot keep up with the constant updating of phishing websites. In this thesis, web phishing attack types are classified into three different categories, from the shallower to the deeper. They are General Phishing Attack, Advanced Phishing Attack and Subdomain Takeover Attacks. The purpose of this thesis is to present an effective mitigation to defend against these phishing threats. From the shallower approach to a deeper, more complex approach, according to our defined categories of phishing threats, the specific
mitigations and contributions are presented.
Date of Award14 Jun 2023
Original languageEnglish
Awarding Institution
  • University of St Andrews
SupervisorIshbel Mary Macdonald Duncan (Supervisor)

Access Status

  • Full text open

Cite this

'