HomeNewsAward for paper presented at the APWG Symposium on eCrime

Award for paper presented at the APWG Symposium on eCrime

Ass. Prof. Giovanni Apruzzese von der Professur Data & Application Security präsentierte am "APWG Symposium on Electronic Crime research (eCrime)" in Barcelona das Paper "Do users fall for real adversarial phishing? Investigating the human response to evasive webpages", das von ihm gemeinsam mit Ajka Draganovic, Javier Aldana Iuit (Avast Software), Savono Dambra und Kevin Roundy (beide Norton Research Group) verfasst wurde.

Phishing websites are ubiquitous, and countermeasures based on static blocklists have little to offer against such a threat. The latest machine learning (ML) methods are therefore being used to detect phishing websites. These techniques have achieved promising results when used in phishing detection systems (PDS). However, ML methods are not perfect and some sample versions of phishing websites can even outsmart production-ready PDSs.

In their paper, the researchers investigated whether real phishing websites that evade commercial ML-based PDSs are a real problem or just a nuisance. They found that some well-designed phishing websites can fool most participants - even IT experts - while others are easily recognized by most users. The study is relevant for practitioners as it allows to prioritize phishing websites that fool machines and humans at the same time and also supports the contribution of world-renowned cybersecurity companies (Avast and Norton).

The paper is based on the thesis of Ajka Draganovic, a student of the Master's program in Information Systems at the University of Liechtenstein, and was awarded second place in the "Best Paper" competition by the eCrime'23 committee. The symposium was attended by over 100 people from academia and industry.

Further information about the lecture and the event can be found at: https://apwg.org/event/ecrime2023/