Adam Doupé

Since the dawn of the web miscreants have used this new communication medium to defraud unsuspecting users. The most common of these attacks is phishing: creating a fake login form to steal username/passwords for high-value targets such as email, social networking, or financial services. This seemingly low-skill attack still, to this day, is responsible for vast amounts of fraud and harm.

In this talk, I will cover the history of the cat-and-mouse game of phishing, touching on why, after more than a decade of research, phishing attacks are still the most common ways that end-users are directly victimized and attacked. We will discuss the advanced nature of server-side cloaking employed by phishers, as well as the PhishFarm framework which allows us to empirically measure the effect of cloaking techniques on browser-based blocking. Then, we will discuss the first end-to-end measurement of a phishing timeline: from a phishing website being deployed to credentials being used fraudulently. Finally, we'll discuss how phishers have adapted to the COVID-19 pandemic and the next generation of sophisticated phishing attacks.

View More Papers

Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile...

Zhuoran Liu (Radboud university), Niels Samwel (Radboud University), Léo Weissbart (Radboud University), Zhengyu Zhao (Radboud University), Dirk Lauret (Radboud University),...

Read More

Mondrian: Comprehensive Inter-domain Network Zoning Architecture

Jonghoon Kwon (ETH Zürich), Claude Hähni (ETH Zürich), Patrick Bamert (Zürcher Kantonalbank), Adrian Perrig (ETH Zürich)

Read More

Panel – Experiment Artifact Sharing: Challenges and Solutions

Moderator: Laura Tinnel (SRI International) Panelists: Clémentine Maurice (CNRS, IRIS); Martin Rosso (Eindhoven University of Technology); Eric Eide (U. Utah)

Read More

(Short) Object Removal Attacks on LiDAR-based 3D Object Detectors

Zhongyuan Hau, Kenneth Co, Soteris Demetriou, and Emil Lupu (Imperial College London) Best Short Paper Award Runner-up!

Read More