Research in the International Journal of Electronic Security and Digital Forensics offers a new approach to combating phishing attacks in order to enhance online security and reduce cybercrime against individuals and businesses and attacks on governments so improving national security.
Phishing is a deceptive technique in which a web page, email or message is used to impersonate a trusted entity and to deceive individuals into clicking malicious links, revealing sensitive information such as usernames and passwords, bank details, and other such details. It has caused significant harm to countless victims, resulting in compromised data, identity theft, and even national security breaches.
Those propagating phishing attacks can use very sophisticated methods to make a message or page look authentic and even highly skilled and security-aware users are sometimes duped into accessing a malicious resource. Such resources might steal information directly as the user enters it or lead to them unwittingly downloading malware or another payload that then compromises their computer system, whether a personal computer or a network. Computer security systems are constantly challenged by the development of more sophisticated phishing attacks which may also exploit social engineering in subtle ways as well as malware to dupe users.
T. Kalaichelvi of the Panimalar Engineering College in Chennai, India, and colleagues have proposed a new threat-modelling technique that can pinpoint and eliminate vulnerabilities that make a computer system more susceptible to a phishing attack. The team’s approach uses the STRIDE threat design methodology, a potent tool that demonstrates an impressive 96.3% accuracy rate in detecting phishing web addresses. The work offers a real solution for individuals and organizations alike to defeat the phishing threat.
The implications of the research extend beyond individual victims and encompass businesses and the world of the Internet of Things. For cybersecurity experts, developers, and IoT device manufacturers, the proposed threat modelling technique could help in securing vulnerabilities proactively at the design stage rather than reactively when vulnerabilities have been identified and exploited. Fundamentally, a multi-faceted anti-phishing approach is needed that takes into account both the technological vulnerabilities and the human factor.
Kalaichelvi, T., Mane, S.B., Dhanalakshmi, K.M. and Prasad, S.N. (2023) ‘The detection of phishing attempts in communications systems’, Int. J. Electronic Security and Digital Forensics, Vol. 15, No. 5, pp.541–553.