Abstract
We need Phishing Awareness Tools to train employees because existing anti-phishing filters are not 100% capable of detecting phishing attacks, especially zero-day attacks. Current awareness tools can make phishing campaigns targeting the employees, but they contain an only limited number of predefined email templates. In this work, we designed a framework and built a tool generating new phishing emails automatically from a graph database perspective. Then, we conducted a three-round experiment. We sent the automatically-generated emails to some uninformed members of our community. On average, 72.85% of victims opened the emails, the click-through rate was 54.05% among who opened the emails, and all recipients who completed the survey stated that the content of emails was meaningful. In this experiment, we also showed which parts of the email are more luring and what the result might be if emails are carefully-crafted or from a person of authority.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
apwg: Apwg report. https://www.antiphishing.org/resources/apwg-reports/. Accessed 01 April 2019
APWG: Apwg report q4 (2017). https://docs.apwg.org//reports/apwg_trends_report_q4_2017.pdf. Accessed 01 April 2019
Beta, S.: Spearphisher beta. https://www.trustedsec.com/2013/09/introducing-spearphisher-simple-phishing-email-generation-tool/. Accessed 01 April 2019
Dodge Jr., R.C., Carver, C., Ferguson, A.J.: Phishing for user security awareness. Comput. Secur. 26(1), 73–80 (2007)
Downs, J.S., Holbrook, M.B., Cranor, L.F.: Decision strategies and susceptibility to phishing. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 79–90. ACM (2006)
Ferreira, A., Teles, S.: Persuasion: how phishing emails can influence users and bypass security measures. Int. J. Hum Comput Stud. 125, 19–31 (2019)
Gophish: Gophish. https://getgophish.com/. Accessed 01 April 2019
kingphisher: Knuth: computers and typesetting. https://king-phisher.readthdocs.io/en/latest/. Accessed 01 April 2019
LUCY: Lucy. https://www.lucysecurity.com/en/. Accessed 01 April 2019
neo4j: Why graph databases? https://neo4j.com/why-graph-databases/. Accessed 01 April 2019
Palka, S., McCoy, D.: Dynamic phishing content using generative grammars. In: 2015 IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW), pp. 1–8. IEEE (2015)
Palka, S., McCoy, D.: Fuzzing e-mail filters with generative grammars and n-gram analysis. In: WOOT (2015)
phishingfrenzy: phishingfrenzy. https://www.phishingfrenzy.com/. Accessed 01 April 2019
RFC: Rfc1036. https://tools.ietf.org/html/rfc1036. Accessed 01 April 2019
RFC: Rfc822. https://tools.ietf.org/html/rfc822. Accessed 01 April 2019
SecurityIQ: Securityiq phishsim. https://www.infosecinstitute.com/securityiq/phishing/. Accessed 01 April 2019
(SET), S.E.T.: Social-engineer toolkit (set). https://www.trustedsec.com/2013/09/introducing-spearphisher-simple-phishing-email-generation-tool/. Accessed 01 April 2019
SPF: Speedphish framework (spf). https://github.com/tatanus/SPF. Accessed 01 April 2019
Vicknair, C., Macias, M., Zhao, Z., Nan, X., Chen, Y., Wilkins, D.: A comparison of a graph database and a relational database: a data provenance perspective. In: Proceedings of the 48th Annual Southeast Regional Conference, p. 42. ACM (2010)
Acknowledgement
The authors generously acknowledge the funding from the Atlantic Canada Opportunity Agency (ACOA) through the Atlantic Innovation Fund (AIF) and through grant from the National Science and Engineering Research Council of Canada (NSERC) to Dr. Ghorbani.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Maleki, N., Ghorbani, A.A. (2019). Generating Phishing Emails Using Graph Database. In: Heng, SH., Lopez, J. (eds) Information Security Practice and Experience. ISPEC 2019. Lecture Notes in Computer Science(), vol 11879. Springer, Cham. https://doi.org/10.1007/978-3-030-34339-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-34339-2_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34338-5
Online ISBN: 978-3-030-34339-2
eBook Packages: Computer ScienceComputer Science (R0)