IDEAS home Printed from https://ideas.repec.org/a/idt/journl/cs8102.html
   My bibliography  Save this article

The Impact of Public Information on Phishing Attack and Defense

Author

Listed:
  • Tyler MOORE

    (Harvard University)

  • Richard CLAYTON

    (University of Cambridge)

Abstract

Attackers compromise web servers in order to host fraudulent content, such as malware and phishing websites. While the techniques used to compromise websites are widely discussed and categorized, analysis of the methods used by attackers to identify targets has remained anecdotal. In this paper, we study the use of search engines to locate potentially vulnerable hosts. We present empirical evidence from the logs of websites used for phishing to demonstrate attackers' widespread use of search terms which seek out susceptible web servers. We establish that at least 18% of website compromises are triggered by these searches. Many websites are repeatedly compromised however the root cause of the vulnerability is not addressed. We find that 17% of phishing websites are recompromised within a year, and the rate of recompromise is much higher if they have been identified through web search. By contrast, other public sources of information about phishing websites actually lower recompromise rates. We find that phishing websites placed onto a public blacklist are recompromised less often than websites only known within closed communities. Consequently, we conclude that strategic disclosure of incident information can actually aid defenders if designed properly.

Suggested Citation

  • Tyler MOORE & Richard CLAYTON, 2011. "The Impact of Public Information on Phishing Attack and Defense," Communications & Strategies, IDATE, Com&Strat dept., vol. 1(81), pages 45-68, 1st quart.
    • Handle: RePEc:idt:journl:cs8102
    as

    Download full text from publisher

    File URL: http://repec.idate.org/RePEc/idt/journl/CS8102/CS81_MOORE_CLAYTON.pdf
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Moore, Tyler, 2010. "The economics of cybersecurity: Principles and policy options," International Journal of Critical Infrastructure Protection, Elsevier, vol. 3(3), pages 103-117.
    2. Tyler Moore & Richard Clayton & Ross Anderson, 2009. "The Economics of Online Crime," Journal of Economic Perspectives, American Economic Association, vol. 23(3), pages 3-20, Summer.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Gauguier, Jean-Jacques, 2009. "L’industrialisation de l’Open Source," Economics Thesis from University Paris Dauphine, Paris Dauphine University, number 123456789/4388 edited by Toledano, Joëlle.
    2. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    3. Seo-Young Cho, 2016. "A crime 2.0 - cybercrime, e-talent, and institutions," MAGKS Papers on Economics 201608, Philipps-Universität Marburg, Faculty of Business Administration and Economics, Department of Economics (Volkswirtschaftliche Abteilung).
    4. Sanjeev Goyal & Adrien Vigier, 2014. "Attack, Defence, and Contagion in Networks," Review of Economic Studies, Oxford University Press, vol. 81(4), pages 1518-1542.
    5. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    6. Kjell Hausken, 2018. "Proactivity and Retroactivity of Firms and Information Sharing of Hackers," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 20(01), pages 1-30, March.
    7. Dan Kovenock & Brian Roberson & Roman M. Sheremeta, 2019. "The attack and defense of weakest-link networks," Public Choice, Springer, vol. 179(3), pages 175-194, June.
    8. Cloos, Janis & Mohr, Svenja, 2022. "Acceptance of data sharing in smartphone apps from key industries of the digital transformation: A representative population survey for Germany," Technological Forecasting and Social Change, Elsevier, vol. 176(C).
    9. Lam, Wing Man Wynne, 2016. "Attack-prevention and damage-control investments in cybersecurity," Information Economics and Policy, Elsevier, vol. 37(C), pages 42-51.
    10. Alexander A. Ganin & Phuoc Quach & Mahesh Panwar & Zachary A. Collier & Jeffrey M. Keisler & Dayton Marchese & Igor Linkov, 2020. "Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management," Risk Analysis, John Wiley & Sons, vol. 40(1), pages 183-199, January.
    11. Schmidt, Andreas, 2012. "At the boundaries of peer production: The organization of Internet security production in the cases of Estonia 2007 and Conficker," Telecommunications Policy, Elsevier, vol. 36(6), pages 451-461.
    12. Rajan, Rishabh & Rana, Nripendra P. & Parameswar, Nakul & Dhir, Sanjay & Sushil, & Dwivedi, Yogesh K., 2021. "Developing a modified total interpretive structural model (M-TISM) for organizational strategic cybersecurity management," Technological Forecasting and Social Change, Elsevier, vol. 170(C).
    13. Andjelka Kelic & Zachary A. Collier & Christopher Brown & Walter E. Beyeler & Alexander V. Outkin & Vanessa N. Vargas & Mark A. Ehlen & Christopher Judson & Ali Zaidi & Billy Leung & Igor Linkov, 2013. "Decision framework for evaluating the macroeconomic risks and policy impacts of cyber attacks," Environment Systems and Decisions, Springer, vol. 33(4), pages 544-560, December.
    14. Giacomo Battiston & Gianmarco Daniele & Marco Le Moglie & Paolo Pinotti, 2022. "Fueling Organized Crime: The Mexican War on Drugs and Oil Thefts," "Marco Fanno" Working Papers 0286, Dipartimento di Scienze Economiche "Marco Fanno".
    15. Lam, Wing Man Wynne, 2014. "Ex Ante and Ex Post Investments in Cybersecurity," TSE Working Papers 14-519, Toulouse School of Economics (TSE).
    16. Ahnert, Toni & Brolley, Michael & Cimon, David & Riordan, Ryan, 2022. "Cyber Risk and Security Investment," CEPR Discussion Papers 17403, C.E.P.R. Discussion Papers.
    17. Galbraith, John W. & Iuliani, Luca, 2019. "Measures of robustness for networked critical infrastructure: An empirical comparison on four electrical grids," International Journal of Critical Infrastructure Protection, Elsevier, vol. 27(C).
    18. Milena Dinkova & Ramy El-Dardiry & Bastiaan Overvest, 2020. "Cyber incidents, security measures and financial returns: Empirical evidence from Dutch firms," CPB Discussion Paper 411.rdf, CPB Netherlands Bureau for Economic Policy Analysis.
    19. Mezei, Péter & Verteș-Olteanu, Andreea, 2020. "Editorial: From trust in the system to trust in the content," Internet Policy Review: Journal on Internet Regulation, Alexander von Humboldt Institute for Internet and Society (HIIG), Berlin, vol. 9(4), pages 1-28.
    20. Reurink, Arjan, 2016. "Financial fraud: A literature review," MPIfG Discussion Paper 16/5, Max Planck Institute for the Study of Societies.

    More about this item

    Keywords

    security economics; online crime; phishing; transparency;
    All these keywords.

    JEL classification:

    • K42 - Law and Economics - - Legal Procedure, the Legal System, and Illegal Behavior - - - Illegal Behavior and the Enforcement of Law
    • L86 - Industrial Organization - - Industry Studies: Services - - - Information and Internet Services; Computer Software

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:idt:journl:cs8102. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: BLAVIER Thomas (email available below). General contact details of provider: https://edirc.repec.org/data/idatefr.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.