Gefilte Phish: Stopping PII Phishing Campaigns with Believable Decoy

Video

Team Information

Team Members

• Dennis Roellke, PhD Candidate, Department of Computer Science, Columbia Engineering

• George Litvinov, Undergraduate Student in Computer Science, Columbia Engineering

• Mark Seiden, Associate - Contributing Author

• Shlomo Hershkop, Security Researcher - Contributing Author

• Faculty Advisor: Salvatore Stolfo, Professor of Computer Science, Columbia Engineering

Abstract

Human user behavior analytics is insufficient to prevent Account Takeover (ATO) attacks enabled by phishing attacks (via email, text and voice). We propose to focus on human adversary behavior analytics by developing rigorous, systematic and scalable methods to acquire data about attackers and thwart the PII theft ecosystem. We believe this can be accomplished by using deceptive methods against attackers. We propose to automate a) the generation of synthetic, highly believable decoy PII and user profile data and b) the injection of this fake data into phishing websites to disrupt the adversary identity theft marketplace. Misuse of decoy PII is monitored by third-party collaborators to acquire detailed data to profile adversaries. Attacker profiles and injected decoy PII will improve risk-based access controls reducing ATO attacks. A key objective is the design of systems to scale the automated decoy injection to impact the world-wide PII theft ecosystem.

Contact this Team

Team Contact: Dennis Roellke (use form to send email)