Gefilte Phish: Stopping PII Phishing Campaigns with Believable Decoy
Video
Team Information
Team Members
Dennis Roellke, PhD Candidate, Department of Computer Science, Columbia Engineering
George Litvinov, Undergraduate Student in Computer Science, Columbia Engineering
Mark Seiden, Associate - Contributing Author
Shlomo Hershkop, Security Researcher - Contributing Author
Faculty Advisor: Salvatore Stolfo, Professor of Computer Science, Columbia Engineering
Abstract
Human user behavior analytics is insufficient to prevent Account Takeover (ATO) attacks enabled by phishing attacks (via email, text and voice). We propose to focus on human adversary behavior analytics by developing rigorous, systematic and scalable methods to acquire data about attackers and thwart the PII theft ecosystem. We believe this can be accomplished by using deceptive methods against attackers. We propose to automate a) the generation of synthetic, highly believable decoy PII and user profile data and b) the injection of this fake data into phishing websites to disrupt the adversary identity theft marketplace. Misuse of decoy PII is monitored by third-party collaborators to acquire detailed data to profile adversaries. Attacker profiles and injected decoy PII will improve risk-based access controls reducing ATO attacks. A key objective is the design of systems to scale the automated decoy injection to impact the world-wide PII theft ecosystem.
Contact this Team
Team Contact: Dennis Roellke (use form to send email)