Abstract
We argue that as email attacks continue to increase in sophistication, error rates and filter processing times are both likely to increase. We address the problem at its root by introducing the notion of open quarantine, an approach that avoids tradeoffs between filtering precision and delivery delays. This is achieved using a multi-phase filtering approach, combined with the neutralization of messages with undetermined security posture.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note, however, that the confirmation request would not be sent to a potential reply-to address.
- 2.
This does not mean a character-by-character equivalence, but rather, a match according to one of the common user name conventions.
- 3.
This corresponds to typical enterprise, government and university accounts, for example, but not to typical webmail accounts or domains that may have been created by a potential attacker.
References
Alperovitch, D.: Bears in the midst: intrusion into the Democratic National Committee. CrowdStrike Blog, 15 June 2016
Anderson, N.: Massive DDoS attacks target Estonia; Russia accused. Arstechnica, 14 May 2007
Barrett, D., Yadron, D., Paletta, D.: U.S. suspects hackers in china breached about four (4) million people’s records, official say. Wall Street J., 5 June 2015
Bird, C., Gourley, A., Devanbu, P., Gertz, M., Swaminathan, A.: Mining email social networks. In: Proceedings of the 2006 International Workshop on Mining Software Repositories, MSR 2006, pp. 137–143. ACM, New York (2006)
E-ISAC and SANS. Analysis of the Cyber Attack on the Ukrainian Power Grid Defense, 18 March 2016
Franceshi-Bicchierai, L.: How hackers broke into John Podesta and Colin Powell’s Gmail accounts. Motherboard, 20 October 2016
Hadnagy, C.: Social Engineering: The Art of Human Hacking. Wiley, Indianapolis (2010). ISBN-13: 978–0470639535
Irani, D., Balduzzi, M., Balzarotti, D., Kirda, E., Pu, C.: Reverse social engineering attacks in online social networks. In: Holz, T., Bos, H. (eds.) DIMVA 2011. LNCS, vol. 6739, pp. 55–74. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22424-9_4
Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Commun. ACM 50(10), 94–100 (2007)
Jakobsson, M.: Understanding Social Engineering Based Scams. Springer, New York (2016). ISBN 978-1-4939-6457-4
Jakobsson, M.: User trust assessment: a new approach to combat deception. In: STAST (2016)
Jakobsson, M.: Addressing sophisticated email attacks. In: Proceedings of Financial Cryptography (2017). Full version of paper at http://www.markus-jakobsson.com/publications
Jakobsson, M., Leddy, W.: Fighting today’s targeted email scams. IEEE Spectr., April 2016
Kushner, D.: The real story of Stuxnet-How Kaspersky Lab tracked down the malware that stymied Iran’s nuclear-fuel enrichment program. IEEE Spectr., 26 February 2013
Manly, L., Salvador, M., Maglalang, A.: From RAR to JavaScript: ransomware figures in the fluctuations of email attachments. Trendmicro blog, 22 September 2016
Olivarez-Giles, N.: To fight trolls, periscope puts users in flash juries. Wall Street J., 31 May 2016
Shevchenko, S.: Two Bytes To $951M, BAE Systems Threat Research Blog, 25 April 2016
Snider, M., Weise, E.: 500 Million Yahoo accounts breached. USA Today, 22 September 2016
Turton, W.: YahooMail is so bad that congress just banned it. Gizmodo, 10 May 2016
Zwicky, E., Martin, F., Lear, E., Draegen, T., Andersen, K.: Interoperability issues between DMARC and indirect email flows. Internet-Draft draft-ietf-dmarc-interoperability-18, Internet Engineering Task Force, September 2016. Work in Progress
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 International Financial Cryptography Association
About this paper
Cite this paper
Jakobsson, M. (2017). Short Paper: Addressing Sophisticated Email Attacks. In: Kiayias, A. (eds) Financial Cryptography and Data Security. FC 2017. Lecture Notes in Computer Science(), vol 10322. Springer, Cham. https://doi.org/10.1007/978-3-319-70972-7_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-70972-7_17
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70971-0
Online ISBN: 978-3-319-70972-7
eBook Packages: Computer ScienceComputer Science (R0)