Spear phishing is an email or electronic communications scam which aims to target an organization or a specific individual to steal their private data for wrong purposes often. The cybercriminals achieve their targets by installing the malware on the target machines through the internet; they often deceive the targets by looking like a trustworthy source and transmit a bogus code to the computers. The double attack email to deceive people by sharing their perceptive information; These types of attacks lead to huge losses of important data and sensitive information. The phishing attack easily misleads the security measures of an organization through double attack email. There are three major phases of phishing: fake phishing emails, setting up fake websites and fabricating stolen information (Sharma, 2014).
Many attackers and cybercriminals in these attacks are sponsored by the government who have an objective to resell the information obtained illegal or stolen from the target computers. It is difficult to detect the phishing emails and save the sensitive information from falling into wrong hands. The employers of today need awareness of these threats with education and technology. Which is creating an adverse effect on the government and private organizations data. Various classification of spear phishing attacks that includes lure and exploit payload. However, to make the data safe, there are various security systems such as threat model, impersonation model, etc. (Ho et al., 2014).
Spear phishing is one of the social engineering attacks that cause dangerous effects to company’s sensitive data. Organization’s data is much more important to them and to secure that data is their core responsibility. The analysis of credential of spear phishing is important for enterprise setting to alert the security models to avoid huge data loss. However, organizations need a model that could effectively prevent the attack (Ho et al., 2014).
1. What are the approaches to detect credential spear phishing attacks?
2. What is the taxonomy for spear phishing attacks?
3. Which security system could address safer mode to company’s data?
4. What are the features and technology in the proposed security system?
Significance and methods for the Research:
This thesis will introduce a novel system, which can identify phishing emails using its algorithm. The proposed system would be able to identify phishing emails using a big data intelligence mechanism. The system will identify phishing emails using the patterns and behaviors. The proposed system will work as a filter for all the emails of an organization. A specially crafted algorithm will use to identify the phishing emails through its behavior. Further front end of the system will be implemented to control the email flow by a system administrator. The administrator can blacklist or whitelist special domains if the system identifies false positive incidents. The goal of this research is to develop a platform, which can efficiently identify the phishing emails. (Frank, 2017)
More Read: Visual effects courses in Mumbai
The thesis will rely on qualitative, which will be done through the collection of literature review from past authentic research papers. However, the research strategy, philosophy, and approach will be analyzed through research onion by Saunders.
The LBNL’s detection data is presented in the following table which contains the real-time detection results for phishing emails from Sept 1, 2013, to June 14, 2017.
Alert Classification Name spoofer Previously unseen attacker Lateral attacker Total Count
Spearfish: known 2 2 2 6/7
+ successful attack
Spearphish: 1 1 0 2/2
+ successful attack
Spearphish: failed attack 3 6 0 9/10
Total Spearphish Detected 6 9 2 17/19
The limitation of LBNL NDS was that Dropbox allowed users to host the static HTML pages which were not visible to the organization and is a limitation of the detector. The following table shows the results of the detection by using the algorithm. (Ho, 2014)
Groom, Frank M, Kevin M Groom, and Stephan Jones. Network And Data Security For Non-Engineers. Boca Raton: CRC Press, Taylor & Francis Group, an Informa Business, 2017. Print.
Jakobsson, Markus, and Steven Myers. Phishing And Countermeasures. Hoboken, N.J: Wiley-Interscience, 2007. Print.
“Phishing Security Test | Knowbe4.” Knowbe4.com. N.p., 2017. Web. 21 Oct. 2017.
Sharma, Ashish, and Grant Ho. Detecting Credential Spearphising Attacks In Enterprise Settings. 1st ed. 2014. Print.
Sood, Aditya K, and Richard J Enbody. Targeted Cyber Attacks. Waltham, MA: Syngress, 2014. Print.