Adam Doupé

Since the dawn of the web miscreants have used this new communication medium to defraud unsuspecting users. The most common of these attacks is phishing: creating a fake login form to steal username/passwords for high-value targets such as email, social networking, or financial services. This seemingly low-skill attack still, to this day, is responsible for vast amounts of fraud and harm.

In this talk, I will cover the history of the cat-and-mouse game of phishing, touching on why, after more than a decade of research, phishing attacks are still the most common ways that end-users are directly victimized and attacked. We will discuss the advanced nature of server-side cloaking employed by phishers, as well as the PhishFarm framework which allows us to empirically measure the effect of cloaking techniques on browser-based blocking. Then, we will discuss the first end-to-end measurement of a phishing timeline: from a phishing website being deployed to credentials being used fraudulently. Finally, we'll discuss how phishers have adapted to the COVID-19 pandemic and the next generation of sophisticated phishing attacks.

View More Papers

Can You Tell Me the Time? Security Implications of...

Vik Vanderlinden, Wouter Joosen, Mathy Vanhoef (imec-DistriNet, KU Leuven)

Read More

Demo #5: Securing Heavy Vehicle Diagnostics

Jeremy Daily, David Nnaji, and Ben Ettlinger (Colorado State University)

Read More

Low-risk Privacy-preserving Electric Vehicle Charging with Payments

Andreas Unterweger, Fabian Knirsch, Clemens Brunner and Dominik Engel (Center for Secure Energy Informatics, Salzburg University of Applied Sciences, Puch bei Hallein, Austria)

Read More

Why do Internet Devices Remain Vulnerable? A Survey with...

Tamara Bondar, Hala Assal, AbdelRahman Abdou (Carleton University)

Read More