Mitigation and Detection of Spear Phishing Attacks

Abstract

Phishing has been a threat from a decade now, and still is one of the most sought out ways for the attackers to gain initial access on the target in an attack, according to MITRE ATTCK®. More so, previous phishing taxonomies have their focus on existing phishing techniques ignoring the more recent and emerging threat landscape of advanced phishing techniques. Over the years, phishers are becoming technically advanced in their process of designing targeted phishing emails for a particular individual, group and organization such targeted phishing attacks are known as spear phishing. This provokes the need for comprehensive and systematic research of advanced phishing techniques. In this thesis, modern phish ing approaches are briefly discussed in terms of their technicality. This thesis will serve the purpose for creating awareness of technically advanced phishing techniques and will assist too in the development of advanced anti-phishing solutions. Furthermore, advanced Spear Phishing Links, that masquerades their corresponding legitimate Links in terms of their web content and apparently the link is designed to trap technically aware people, are taken as a problem statement and their analysis/detection technique is presented in this thesis.