ATTENTION: The works hosted here are being migrated to a new repository that will consolidate resources, improve discoverability, and better show UTA's research impact on the global community. We will update authors as the migration progresses. Please see MavMatrix for more information.
Show simple item record
dc.contributor.author | Saha Roy, Sayak | |
dc.contributor.author | Unique, Karanjit | |
dc.contributor.author | Nilizadeh, Shirin | |
dc.date.accessioned | 2023-11-14T19:11:33Z | |
dc.date.available | 2023-11-14T19:11:33Z | |
dc.date.issued | 2023-10 | |
dc.identifier.uri | http://hdl.handle.net/10106/31886 | |
dc.description.abstract | Free Website Building services (FWBs) provide individuals with
a cost-effective and convenient way to create a website without
requiring advanced technical knowledge or coding skills. However, malicious actors often abuse these services to host phishing
websites. In this work, we propose FreePhish, a scalable framework to continuously identify phishing websites that are created
using FWBs. Using FreePhish, we were able to detect and characterize more than 31.4K phishing URLs that were created using
17 unique free website builder services and shared on Twitter and
Facebook over a period of six months. We find that FWBs provide
attackers with several features that make it easier to create and
maintain phishing websites at scale while simultaneously evading anti-phishing countermeasures. Our study indicates that antiphishing blocklists and browser protection tools have significantly
lower coverage and high detection time against FWB phishing attacks when compared to regular (self-hosted) phishing websites.
While our prompt disclosure of these attacks helped some FWBs to
remove these attacks, we found several others who were slow at
removal or did not remove them outright, with the same also being
true for Twitter and Facebook. Finally, we also provide FreePhish
as a free Chromium web extension that can be utilized to prevent
end-users from accessing potential FWB-based phishing attacks | en_US |
dc.language.iso | en_US | en_US |
dc.publisher | ACM | en_US |
dc.subject | Phishing, Cybersecurity, Social media, Abuse, Evasion, Website Builder, Online Safety, Blocklist, Measurements, Framework | en_US |
dc.title | Phishing in the Free Waters: A Study of Phishing Attacks Created using Free Website Building Services | en_US |
dc.type | Article | en_US |
dc.rights.license | Licensed under Creative Commons: CC BY 4.0 | |
Files in this item
- Name:
- 3618257.3624812.pdf
- Size:
- 4.498Mb
- Format:
- PDF
- Description:
- PDF
This item appears in the following Collection(s)
Show simple item record