Abstract
Online advertisements delivered via social media platforms function in a similar way to phishing emails. In recent years there has been a growing awareness that political advertisements are being microtargeted and tailored to specific demographics, which is analogous to many social engineering attacks. This has led to calls for total bans on this kind of focused political advertising. Additionally, there is evidence that phishing may be entering a more developed phase using software known as Phishing as a Service to collect information on phishing or social engineering, potentially facilitating microphishing campaigns. To help understand such campaigns, a set of well-defined metrics can be borrowed from the field of digital marketing, providing novel insights which inform phishing email analysis. Our work examines in what ways digital marketing is analogous to phishing and how digital marketing metric techniques can be used to complement existing phishing email analysis. We analyse phishing email datasets collected by the University of Houston in comparison with Corporate junk email and microtargeting Facebook Ad Library datasets, thus comparing these approaches and their results using Weka, URL mismatch and visual metrics analysis. Our evaluation of the results demonstrates that phishing emails can be joined up in unexpected ways which are not revealed using traditional phishing filters. However such microphishing may have the potential to gather, store and analyse social engineering information to be used against a target at a later date in a similar way to microtargeting.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Cosentino, G.: The post-truth world order. Social Media and the Post-Truth World Order, pp. 1–31. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-43005-4_1
Cadwalladr, C., Graham-Harrison, E.: Revealed: 50 million Facebook profiles harvested for Cambridge analytica in major data breach. Guardian 17, 22 (2018)
Gordon, B.R., Zettelmeyer, F., Bhargava, N., Chapsky, D.: A comparison of approaches to advertising measurement: evidence from big field experiments at Facebook. Market. Sci. 38(2), 193–225 (2019)
Goldman, M., Rao, J.: Experiments as instruments: heterogeneous position effects in sponsored search auctions. EAI Endorsed Trans. Ser. Games 3(11), e2 (2016)
Park, G., Taylor, J.M.: Poster: Syntactic element similarity for phishing detection (2015)
Kandias, M., Stavrou, V., Bozovic, N., Mitrou, L., Gritzalis, D.: Can we trust this user? predicting insider’s attitude via Youtube usage profiling. In: IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing, pp. 347–354. IEEE (2013)
Kintis, P., et al.: Hiding in plain sight: a longitudinal study of combosquatting abuse. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 569–586. ACM (2017)
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The WEKA data mining software: an update. ACM SIGKDD Explor. Newsl. 11(1), 10–18 (2009)
Silva, M., de Oliveira, L.S., Andreou, A., de Melo, P.O.V., Goga, O., Benevenuto, F.: Facebook ads monitor: an independent auditing system for political ads on Facebook. arXiv preprint arXiv:2001.10581 (2020)
Egozi, G., Verma, R.: Phishing email detection using robust NLP techniques. In: IEEE International Conference on Data Mining Workshops (ICDMW), pp. 7–12. IEEE (2018)
McDowell, M.: Avoiding social engineering and phishing attacks (2004). http://www.us-cert.gov/cas/tips/ST04-014.html
Symantec, I.: Internet security threat report. Broadcom (2019)
Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Advanced social engineering attacks. J. Inf. Secur. Appl. 22, 113–122 (2015)
Das, A., Baki, S., El Aassal, A., Verma, R., Dunbar, A.: SOK: a comprehensive reexamination of phishing research from the security perspective. IEEE Commun. Surv. Tutor. 22(1), 671–708 (2019)
Meijdam, K.: Phishing as a service: designing an ethical way of mimicking targeted phishing attacks to train employees (2015)
Wenyin, L., Huang, G., Xiaoyue, L., Min, Z., Deng, X.: Detection of phishing webpages based on visual similarity. In: Special Interest Tracks and Posters of the 14th International Conference on World Wide Web, pp. 1060–1061 (2005)
Vanderdoncktf, J., Ouedraogo, M.: A comparison of placement strategies for effective visual design. People Comput. IX, 125 (1994)
An, D.: Advertising visuals in global brands’ local websites: a six-country comparison. Int. J. Advert. 26(3), 303–332 (2007)
Myers, G.: Words in Ads. Edward Arnold, London (1994)
Stieglitz, S., Dang-Xuan, L.: Emotions and information diffusion in social media–sentiment of microblogs and sharing behavior. J. Manage. Inf. Syst. 29(4), 217–248 (2013)
Halevi, T., Lewis, J., Memon, N.: Phishing, personality traits and Facebook. arXiv preprint arXiv:1301.7643 (2013)
Kim, T., Barasz, K., John, L.K.: Why am i seeing this ad? The effect of ad transparency on ad effectiveness. J. Consum. Res. 45(5), 906–932 (2019)
Djamasbi, S., Siegel, M., Skorinko, J., Tullis, T.: Online viewing and aesthetic preferences of generation Y and the baby boom generation: testing user web site experience through eye tracking. Int. J. Electron. Commer. 15(4), 121–158 (2011)
Mao, J., Li, P., Li, K., Wei, T., Liang, Z.: BaitAlarm: detecting phishing sites using similarity in fundamental visual features. In: 5th International Conference on Intelligent Networking and Collaborative Systems, pp. 790–795. IEEE (2013)
Medvet, E., Kirda, E., Kruegel, C.: Visual-similarity-based phishing detection. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, pp. 1–6 (2008)
Fu, A.Y., Wenyin, L., Deng, X.: Detecting phishing web pages with visual similarity assessment based on earth mover’s distance (EMD). IEEE Trans. Dependable Secure Comput. 3(4), 301–311 (2006)
Fette, I., Sadeh, N., Tomasic, A.: Learning to detect phishing emails. In: Proceedings of the 16th International Conference on World Wide Web, pp. 649–656 (2007)
Rzemieniak, M.: Measuring the effectiveness of online advertising campaigns in the aspect of e-entrepreneurship. Procedia Comput. Sci. 65, 980–987 (2015)
Bruce, N.I., Murthi, B., Rao, R.C.: A dynamic model for digital advertising: the effects of creative format, message content, and targeting on engagement. J. Market. Res. 54(2), 202–218 (2017)
Johnson, G.A., Lewis, R.A., Nubbemeyer, E.I.: Ghost ads: improving the economics of measuring online ad effectiveness. J. Market. Res. 54(6), 867–884 (2017)
You, Q., Luo, J., Jin, H., Yang, J.: Robust image sentiment analysis using progressively trained and domain transferred deep networks. In: Twenty-Ninth AAAI Conference on Artificial Intelligence (2015)
Shi, L., Wang, Q., Ma, X., Weng, M., Qiao, H.: Spam email classification using decision tree ensemble. J. Comput. Inf. Syst. 8(3), 949–956 (2012)
Li, W., Meng, W., Tan, Z., Xiang, Y.: Design of multi-view based email classification for IoT systems via semi-supervised learning. J. Netw. Comput. Appl. 128, 56–63 (2019)
Schroeder, W.: Testing web sites with eyetracking. Eye for design (1998)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Khursheed, B., Pitropakis, N., McKeown, S., Lambrinoudakis, C. (2020). Microtargeting or Microphishing? Phishing Unveiled. In: Gritzalis, S., Weippl, E.R., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2020. Lecture Notes in Computer Science(), vol 12395. Springer, Cham. https://doi.org/10.1007/978-3-030-58986-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-58986-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58985-1
Online ISBN: 978-3-030-58986-8
eBook Packages: Computer ScienceComputer Science (R0)