Files and links (1)
Published, Version of Record (VoR)Open Access via Drexel Libraries Read and Publish Program 2024CC BY V4.0, Open
Conference proceeding
From Victims to Defenders: An Exploration of the Phishing Attack Reporting Ecosystem
Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses, pp 49-64
30 Sep 2024
Featured in Collection : Research Supported by Drexel Libraries' OA Programs
Abstract
Reporting phishing attacks can significantly shorten the time required to take down their operations and deter further victimization by the same phishing websites. However, little research has been conducted to understand the phishing reporting ecosystem and its effectiveness. In this paper, we comprehensively evaluate the phishing reporting ecosystem to identify the critical challenges people face and their concerns when reporting smishing, vishing, and phishing email attacks. First, we analyze the existing security advice and channels for reporting phishing attacks in both the public and private sectors. Then, we conduct a scenario-based experiment involving 89 participants to investigate what factors affect a participant’s decision to report a phishing attack and what challenges they face in preparing the report. Third, we report phishing attacks ourselves and monitor the status of the reported phishing websites to empirically measure how reports are acted upon and how that affects the reported phishing websites. Finally, we propose approaches under five major concern categories to mitigate the challenges that we discover in the phishing reporting ecosystem.
Metrics
22 Record Views
Details
- Title
- From Victims to Defenders: An Exploration of the Phishing Attack Reporting Ecosystem
- Creators
- Zhibo Sun (Corresponding Author) - Drexel UniversityFaris Bugra Kokulu - Arizona State UniversityPenghui Zhang - Arizona State UniversityAdam Oest - Arizona State UniversityGianluca Stringhini - Boston UniversityTiffany Bao - Arizona State UniversityRuoyu Wang - Arizona State UniversityYan Shoshitaishvili - Arizona State UniversityAdam Doupé - Arizona State UniversityGail-Joon Ahn - Arizona State University
- Contributors
- Eleonora Losiouk (Editor)Alessandro Brighente (Editor)Mauro Conti (Editor)Yousra Aafer (Editor)Yanick Fratantonio (Editor)
- Publication Details
- Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses, pp 49-64
- Conference
- RAID '24: The 27th International Symposium on Research in Attacks, Intrusions and Defenses
- Series
- ACM Other Conferences
- Publisher
- Association for Computing Machinery
- Number of pages
- 16
- Grant note
- National Science Foundation: CNS-1942610, CNS-2127232, CNS-2346845, CNS-2419829, CICI-2232911, DGE-1663651, N00014-23-1-2563 Office of Naval Research
We thank our shepherd, and the anonymous reviewers for their helpful suggestions. This work was supported by the National Science Foundation grants CNS-1942610, CNS-2127232, CNS-2346845, CNS-2419829, CICI-2232911 and DGE-1663651. Additionally, this work is sponsored by, and related to, Department of Navy award N00014-23-1-2563 issued by the Office of Naval Research. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of any funding agencies.
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science
- Web of Science ID
- WOS:001331944800004
- Scopus ID
- 2-s2.0-85206560675
- Other Identifier
- 991021906080004721
InCites Highlights
Data related to this publication, from InCites Benchmarking & Analytics tool:
- Collaboration types
- Domestic collaboration
- Web of Science research areas
- Computer Science, Information Systems
- Computer Science, Software Engineering