Generating Phishing Emails Using Graph Database

Maleki, Nasim; Ghorbani, Ali A.

doi:10.1007/978-3-030-34339-2_25

Generating Phishing Emails Using Graph Database

Nasim Maleki¹⁰ &
Ali A. Ghorbani¹⁰

Conference paper
First Online: 06 November 2019

1049 Accesses
2 Citations

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11879))

Abstract

We need Phishing Awareness Tools to train employees because existing anti-phishing filters are not 100% capable of detecting phishing attacks, especially zero-day attacks. Current awareness tools can make phishing campaigns targeting the employees, but they contain an only limited number of predefined email templates. In this work, we designed a framework and built a tool generating new phishing emails automatically from a graph database perspective. Then, we conducted a three-round experiment. We sent the automatically-generated emails to some uninformed members of our community. On average, 72.85% of victims opened the emails, the click-through rate was 54.05% among who opened the emails, and all recipients who completed the survey stated that the content of emails was meaningful. In this experiment, we also showed which parts of the email are more luring and what the result might be if emails are carefully-crafted or from a person of authority.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

1.
https://emkei.cz/.
2.
https://www.smtp2go.com/.

References

apwg: Apwg report. https://www.antiphishing.org/resources/apwg-reports/. Accessed 01 April 2019
APWG: Apwg report q4 (2017). https://docs.apwg.org//reports/apwg_trends_report_q4_2017.pdf. Accessed 01 April 2019
Beta, S.: Spearphisher beta. https://www.trustedsec.com/2013/09/introducing-spearphisher-simple-phishing-email-generation-tool/. Accessed 01 April 2019
Dodge Jr., R.C., Carver, C., Ferguson, A.J.: Phishing for user security awareness. Comput. Secur. 26(1), 73–80 (2007)
Article Google Scholar
Downs, J.S., Holbrook, M.B., Cranor, L.F.: Decision strategies and susceptibility to phishing. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 79–90. ACM (2006)
Google Scholar
Ferreira, A., Teles, S.: Persuasion: how phishing emails can influence users and bypass security measures. Int. J. Hum Comput Stud. 125, 19–31 (2019)
Article Google Scholar
Gophish: Gophish. https://getgophish.com/. Accessed 01 April 2019
kingphisher: Knuth: computers and typesetting. https://king-phisher.readthdocs.io/en/latest/. Accessed 01 April 2019
LUCY: Lucy. https://www.lucysecurity.com/en/. Accessed 01 April 2019
neo4j: Why graph databases? https://neo4j.com/why-graph-databases/. Accessed 01 April 2019
Palka, S., McCoy, D.: Dynamic phishing content using generative grammars. In: 2015 IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW), pp. 1–8. IEEE (2015)
Google Scholar
Palka, S., McCoy, D.: Fuzzing e-mail filters with generative grammars and n-gram analysis. In: WOOT (2015)
Google Scholar
phishingfrenzy: phishingfrenzy. https://www.phishingfrenzy.com/. Accessed 01 April 2019
RFC: Rfc1036. https://tools.ietf.org/html/rfc1036. Accessed 01 April 2019
RFC: Rfc822. https://tools.ietf.org/html/rfc822. Accessed 01 April 2019
SecurityIQ: Securityiq phishsim. https://www.infosecinstitute.com/securityiq/phishing/. Accessed 01 April 2019
(SET), S.E.T.: Social-engineer toolkit (set). https://www.trustedsec.com/2013/09/introducing-spearphisher-simple-phishing-email-generation-tool/. Accessed 01 April 2019
SPF: Speedphish framework (spf). https://github.com/tatanus/SPF. Accessed 01 April 2019
Vicknair, C., Macias, M., Zhao, Z., Nan, X., Chen, Y., Wilkins, D.: A comparison of a graph database and a relational database: a data provenance perspective. In: Proceedings of the 48th Annual Southeast Regional Conference, p. 42. ACM (2010)
Google Scholar

Download references

Acknowledgement

The authors generously acknowledge the funding from the Atlantic Canada Opportunity Agency (ACOA) through the Atlantic Innovation Fund (AIF) and through grant from the National Science and Engineering Research Council of Canada (NSERC) to Dr. Ghorbani.

Author information

Authors and Affiliations

Canadian Institute for Cybersecurity, Faculty of Computer Science, University of New Brunswick, 46 Dineen Drive, Fredericton, NB, Canada
Nasim Maleki & Ali A. Ghorbani

Authors

Nasim Maleki
View author publications
You can also search for this author in PubMed Google Scholar
Ali A. Ghorbani
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nasim Maleki .

Editor information

Editors and Affiliations

Multimedia University, Malacca, Malaysia
Swee-Huay Heng
University of Malaga, Malaga, Spain
Javier Lopez

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Maleki, N., Ghorbani, A.A. (2019). Generating Phishing Emails Using Graph Database. In: Heng, SH., Lopez, J. (eds) Information Security Practice and Experience. ISPEC 2019. Lecture Notes in Computer Science(), vol 11879. Springer, Cham. https://doi.org/10.1007/978-3-030-34339-2_25

Download citation

DOI: https://doi.org/10.1007/978-3-030-34339-2_25
Published: 06 November 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34338-5
Online ISBN: 978-3-030-34339-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics