IDEAS home Printed from https://ideas.repec.org/a/idt/journl/cs8102.html
   My bibliography  Save this article

The Impact of Public Information on Phishing Attack and Defense

Author

Listed:
  • Tyler MOORE

    (Harvard University)

  • Richard CLAYTON

    (University of Cambridge)

Abstract

Attackers compromise web servers in order to host fraudulent content, such as malware and phishing websites. While the techniques used to compromise websites are widely discussed and categorized, analysis of the methods used by attackers to identify targets has remained anecdotal. In this paper, we study the use of search engines to locate potentially vulnerable hosts. We present empirical evidence from the logs of websites used for phishing to demonstrate attackers' widespread use of search terms which seek out susceptible web servers. We establish that at least 18% of website compromises are triggered by these searches. Many websites are repeatedly compromised however the root cause of the vulnerability is not addressed. We find that 17% of phishing websites are recompromised within a year, and the rate of recompromise is much higher if they have been identified through web search. By contrast, other public sources of information about phishing websites actually lower recompromise rates. We find that phishing websites placed onto a public blacklist are recompromised less often than websites only known within closed communities. Consequently, we conclude that strategic disclosure of incident information can actually aid defenders if designed properly.

Suggested Citation

  • Tyler MOORE & Richard CLAYTON, 2011. "The Impact of Public Information on Phishing Attack and Defense," Communications & Strategies, IDATE, Com&Strat dept., vol. 1(81), pages 45-68, 1st quart.
  • Handle: RePEc:idt:journl:cs8102
    as

    Download full text from publisher

    File URL: http://repec.idate.org/RePEc/idt/journl/CS8102/CS81_MOORE_CLAYTON.pdf
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Tyler Moore & Richard Clayton & Ross Anderson, 2009. "The Economics of Online Crime," Journal of Economic Perspectives, American Economic Association, vol. 23(3), pages 3-20, Summer.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Gauguier, Jean-Jacques, 2009. "L’industrialisation de l’Open Source," Economics Thesis from University Paris Dauphine, Paris Dauphine University, number 123456789/4388 edited by Toledano, Joëlle, Enero.
    2. Seo-Young Cho, 2016. "A crime 2.0 - cybercrime, e-talent, and institutions," MAGKS Papers on Economics 201608, Philipps-Universität Marburg, Faculty of Business Administration and Economics, Department of Economics (Volkswirtschaftliche Abteilung).
    3. Sanjeev Goyal & Adrien Vigier, 2014. "Attack, Defence, and Contagion in Networks," Review of Economic Studies, Oxford University Press, vol. 81(4), pages 1518-1542.
    4. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    5. Kjell Hausken, 2018. "Proactivity and Retroactivity of Firms and Information Sharing of Hackers," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 20(01), pages 1-30, March.
    6. Dan Kovenock & Brian Roberson & Roman M. Sheremeta, 2019. "The attack and defense of weakest-link networks," Public Choice, Springer, vol. 179(3), pages 175-194, June.
    7. Cloos, Janis & Mohr, Svenja, 2022. "Acceptance of data sharing in smartphone apps from key industries of the digital transformation: A representative population survey for Germany," Technological Forecasting and Social Change, Elsevier, vol. 176(C).
    8. Lam, Wing Man Wynne, 2016. "Attack-prevention and damage-control investments in cybersecurity," Information Economics and Policy, Elsevier, vol. 37(C), pages 42-51.
    9. Schmidt, Andreas, 2012. "At the boundaries of peer production: The organization of Internet security production in the cases of Estonia 2007 and Conficker," Telecommunications Policy, Elsevier, vol. 36(6), pages 451-461.
    10. Battiston, Giacomo & Daniele, Gianmarco & Le moglie, Marco & Pinotti, Paolo, 2022. "Fueling Organized Crime: The Mexican War on Drugs and Oil Thefts," CEPR Discussion Papers 16914, C.E.P.R. Discussion Papers.
    11. Lam, Wing Man Wynne, 2014. "Ex Ante and Ex Post Investments in Cybersecurity," TSE Working Papers 14-519, Toulouse School of Economics (TSE).
    12. Milena Dinkova & Ramy El-Dardiry & Bastiaan Overvest, 2020. "Cyber incidents, security measures and financial returns: Empirical evidence from Dutch firms," CPB Discussion Paper 411.rdf, CPB Netherlands Bureau for Economic Policy Analysis.
    13. Reurink, Arjan, 2016. "Financial fraud: A literature review," MPIfG Discussion Paper 16/5, Max Planck Institute for the Study of Societies.
    14. Kjell Hausken, 2017. "Information Sharing Among Cyber Hackers in Successive Attacks," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 19(02), pages 1-33, June.
    15. Kox, Henk L.M., 2013. "Cybersecurity in the perspective of Internet traffic growth," MPRA Paper 47883, University Library of Munich, Germany.
    16. Rowland, Jill & Rice, Mason & Shenoi, Sujeet, 2014. "Whither cyberpower?," International Journal of Critical Infrastructure Protection, Elsevier, vol. 7(2), pages 124-137.
    17. Malecki, Edward J., 2017. "Real people, virtual places, and the spaces in between," Socio-Economic Planning Sciences, Elsevier, vol. 58(C), pages 3-12.
    18. Lam, W., 2015. "Attack-Deterring and Damage-Control Investments in Cybersecurity," LIDAM Discussion Papers CORE 2015023, Université catholique de Louvain, Center for Operations Research and Econometrics (CORE).
    19. Zheng, Shilin & Duan, Yuwei & Ward, Michael R., 2019. "The effect of broadband internet on divorce in China," Technological Forecasting and Social Change, Elsevier, vol. 139(C), pages 99-114.
    20. Huub Meijers, 2014. "Does the internet generate economic growth, international trade, or both?," International Economics and Economic Policy, Springer, vol. 11(1), pages 137-163, February.

    More about this item

    Keywords

    security economics; online crime; phishing; transparency;
    All these keywords.

    JEL classification:

    • K42 - Law and Economics - - Legal Procedure, the Legal System, and Illegal Behavior - - - Illegal Behavior and the Enforcement of Law
    • L86 - Industrial Organization - - Industry Studies: Services - - - Information and Internet Services; Computer Software

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:idt:journl:cs8102. See general information about how to correct material in RePEc.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: . General contact details of provider: https://edirc.repec.org/data/idatefr.html .

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: BLAVIER Thomas The email address of this maintainer does not seem to be valid anymore. Please ask BLAVIER Thomas to update the entry or send us the correct address (email available below). General contact details of provider: https://edirc.repec.org/data/idatefr.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service hosted by the Research Division of the Federal Reserve Bank of St. Louis . RePEc uses bibliographic data supplied by the respective publishers.