“Scaling and Effectiveness of Email Masquerade Attacks: Exploiting Natural Language Generation” by Shahryar Baki, Rakesh Verma, Arjun Mukherjee, and Omprakash Gnawali. In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS 2017), Apr. 2017.
We focus on email-based attacks, a rich field with well-publicized consequences. We show how current Natural Language Generation (NLG) technology allows an attacker to generate masquerade attacks on scale, and study their effectiveness with a within-subjects study. We also gather insights on what parts of an email do users focus on and how users identify attacks in this realm, by planting signals and also by asking them for their reasoning. We find that: (i) 17% of participants could not identify any of the signals that were inserted in emails, and (ii) Participants were unable to perform better than random guessing on these attacks. The insights gathered and the tools and techniques employed could help defenders in: (i) implementing new, customized anti-phishing solutions for Internet users including training next-generation email filters that go beyond vanilla spam filters and capable of addressing masquerade, (ii) more effectively training and upgrading the skills of email users, and (iii) understanding the dynamics of this novel attack and its ability of tricking humans.
BibTeX entry:
@inproceedings{phishing-asiaccs2017,
author = {Shahryar Baki and Rakesh Verma and Arjun Mukherjee and
Omprakash Gnawali},
title = {{Scaling and Effectiveness of Email Masquerade Attacks:
Exploiting Natural Language Generation}},
booktitle = {Proceedings of the ACM Asia Conference on Computer and
Communications Security (ASIACCS 2017)},
month = apr,
year = {2017}
}