Authors: Urva Maryam

Abstract:

Private data are more often breached by clever social engineering rather than exploiting technical vulnerabilities in the systems. Complete information security requires good data safety practices to go along with technical solutions. Hackers often begin their operation by simply sending spoofed emails or fraudulent URLs to their targets and trick them into providing sensitive information such as passwords or bank account details. This technique is called phishing. Phishing attacks can be launched on email addresses, open ports and unsecured web browsers. This study uses quantitative method of research to execute phishing experiments on the participants to test their response to the phishing emails. These experiments were run on Kali Linux distribution which came bundled with multiple open-source intelligence (OSINT) tools that were used in the study. The aim of this research is to see how successful phishing attacks can be launched using OSINT and to test the response of people to spoofed emails.

Keywords: OSINT, phishing, spear phishing, email spoofing, theHarvester, Maltego.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 125

References:

[1] Maria-Hendrike Peetz, Edgar Meij, Maarten de Rijke, and Wouter Weerkamp. 2012. “Adaptive temporal query modeling”. In Proceedings of the 34th European conference on Advances in Information Retrieval (ECIR'12). Springer-Verlag, Berlin, Heidelberg, 455–458. https://doi.org/10.1007/978-3-642-28997-2_40
[2] A. Spink, B. J. Jansen, and J. Pedersen. “Searching for people on web search engines”. Journal of Documentation, 60(3):266–278, 2004. doi: 10.1108/00220410410534176
[3] Guha, R. "Disambiguating people in search." In The Thirteenth International World Wide Web Conference, WWW2004. 2004.
[4] R. A. Norton, “Guide to Open Source Intelligence”. Intell. J. US Intell. Stud. 2011, 18, 65–67.
[5] NATO. “Open Source Intelligence Handbook”; North Atlantic Treaty Organization: Brussels, Belgium, 2001.
[6] Korkisch, F. NATO “Gets Better Intelligence; Center for Foreign and Defense Policy”: Vienna, Austria, 2010.
[7] U.S. Government Publishing Office, “Responsibilities of Secretary of Defense pertaining to National Intelligence Program”, 2006,
[8] Pastor-Galindo, J.; Nespoli, P.; Gomez Marmol, F.; Martinez Perez, G. “The not yet exploited goldmine of OSINT: Opportunities, open challenges and future trends”. IEEE Access 2020, 8, 10282–10304.
[9] Alabdan, R. “Phishing Attacks Survey: Types, Vectors, and Technical Approaches”. Future Internet 2020, 12, 168. https://doi.org/10.3390/fi12100168
[10] Symantec. “ISTR Internet Security Threat Report 2019”. Symantec 2019, 24, 61.
[11] Symantec. “ISTR Internet Security Threat Report 2015”. Symantec 2015, 20.
[12] Symantec. “ISTR Internet Security Threat Report 2018” Volume 23. 2018.
[13] J. F. Herrera-Cubides, P. A. Gaona-García, and S. Sánchez-Alonso, “Open-Source Intelligence Educational Resources: A Visual Perspective Analysis,” Applied Sciences, vol. 10, no. 21, p. 7617, Oct. 2020, doi: 10.3390/app10217617
[14] P. Finn and M. Jakobsson, "Designing ethical phishing experiments," in IEEE Technology and Society Magazine, vol. 26, no. 1, pp. 46-58, Spring 2007, doi: 10.1109/MTAS.2007.335565.
[15] Baillon A, de Bruin J, Emirmahmutoglu A, van de Veer E, van Dijk B. “Informing, simulating experience, or both: A field experiment on phishing risks”. PLoS One. 2019;14(12):e0224216. Published 2019 Dec 18. doi:10.1371/journal.pone.0224216