Educause Security Discussion mailing list archives
Re: Detecting phishing messages
From: Joseph Tam <tam () MATH UBC CA>
Date: Fri, 5 Jan 2018 23:17:06 -0800
On Fri, 5 Jan 2018, Erik D Evans wrote:
One thing we are considering is setting up a dictionary containing common words we see in phishing messages such as the one I have included below. We regularly see words such as kindly, verify, validate, important, urgent, account, etc... What we would like to do with this is if we see a message that has more than one of these words, AND a link to an external web site - prepend a warning to the message and make the URL unclickable. However, we have some concern about how many false positives we will get with this approach.
This sounds like an ad-hoc approach to Bayesian analysis. If you already
have a corpus of this type of phishing (and a corpus of legitimate mail
including real notices sent by your IT staff), you can you teach the
Bayesian system to classify mail based on these corpuses.
The benefits:
- categorizes based on both positive *and* negative correlation of
tokens.
- you can retrain on error without having to scrap keywords
Joseph Tam <tam () math ubc ca>
Current thread:
- Detecting phishing messages Erik D Evans (Jan 05)
- Re: Detecting phishing messages Keith Hartranft (Jan 05)
- Re: Detecting phishing messages Hart, Michael (Jan 05)
- Re: Detecting phishing messages Keith Hartranft (Jan 05)
- Re: Detecting phishing messages Hart, Michael (Jan 05)
- <Possible follow-ups>
- Re: Detecting phishing messages Joseph Tam (Jan 05)
- Re: Detecting phishing messages Keith Hartranft (Jan 05)