Users are inveigled into visiting a malicious website in a phishing or malware-distribution scam through the use of a `lure' - a superficially valid reason for their interest. We examine real world data from some `worms' that spread over the social graph of Instant Messenger users. We find that over 14 million distinct users clicked on these lures over a two year period from Spring 2010. Furthermore, we present evidence that 95% of users who clicked on the lures became infected with malware. In one four week period spanning May-June 2010, near the worm's peak, we estimate that at least 1.67 million users were infected. We measure the extent to which small variations in lure URLs and the short pieces of text that accompany these URLs affects the likelihood of users clicking on the malicious URL. We show that the hostnames containing recognizable brand names were more effective than the terse random strings employed by URL shortening systems; and that brief Portuguese phrases were more effective in luring in Brazilians than more generic `language independent' text.
[1]
P. Lalitha,et al.
New Filtering Approaches for Phishing Email
,
2013
.
[2]
Minaxi Gupta,et al.
Behind Phishing: An Examination of Phisher Modi Operandi
,
2008,
LEET.
[3]
Ponnurangam Kumaraguru,et al.
Emerging phishing trends and effectiveness of the anti-phishing landing page
,
2014,
2014 APWG Symposium on Electronic Crime Research (eCrime).
[4]
Lorrie Faith Cranor,et al.
School of phish: a real-world evaluation of anti-phishing training
,
2009,
SOUPS.
[5]
L. Cranor,et al.
Anti-Phishing Landing Page : Turning a 404 into a Teachable Moment for End Users
,
2009
.
[6]
Tyler Moore,et al.
Fashion crimes: trending-term exploitation on the web
,
2011,
CCS '11.