Technology for the Formation of an Integrated Anti-phishing System in a Digital Society

The problem of phishing in the Internet space is considered in this paper. The reasons for the urgency of the phishing problem, considered through the prism of an attacker, are also analyzed. Furthermore, the concept of a communication channel and its correlation with the phenomenon of phishing is defined by the example of mail attacks. The technology of the formation of an anti-phishing system is developed on the example of a model of interaction between an attacker and a user. The measures of protection against mail phishing are analyzed. PufferPhish software has been developed, which offers the integration of a security system into the process of delivering mail messages.

1. Alghenaim, M. F., Abu Bakar N.A., Abdul Rahim F. Anti-Phishing Tools: State of the Art and Detection Efficiencies. Applied Mathematics & Information Sciences, vol. 16, no. 6 (November. 2022), pp:929-934.

2. Arkhipova A. B. Multisociometrical readiness characteristics in information security management. Advanced in Information Security Management and Applications, proc. of the intern. workshop on advanced in information security management and applications (AISMA 2021), Stavropol–Krasnoyarsk, 1 October, 2021, pp. 25-34.

3. Ivan Blagojević. Phishing Statistics. available at: https://99firms.com/blog/phishingstatistics/.

4. Karagiannis S. An Analysis and Evaluation of Open Source Capture the Flag Platforms as Cybersecurity e-Learning Tools. IFIP World Conference on Information Security Education, 2020. 5. Krokhaleva A. B., Belov V. M. The human factor in the system of socially significant activity. Mathematical structures and modeling, 2017, no. 4(44), pp. 85-99.

5. Kucek, S., Leitner, M.: An Empirical survey of functions and configurations of open source capture the Flag (CTF) environments. Journal of Network and Computer Applications, 102470 (2019).

6. Sinha Raj, Hemant Kumar. A Study on Preventive Measures of Cyber Crime, Internationai Journal of Research in Social Sciences, vol. 8, iss. 11(1), November 2018, DOI: 10.13140/RG.2.2.14212.04480.

7. Snyman D.P., Kruger H.A. Information Security Behavioural Threshold Analysis in Practice: An Implementation Framework. Human Aspects of Information Security and Assurance. HAISA 2020. IFIP Advances in Information and Communication Technology, vol 593. Springer.

8. Somepalli S. H. Information Security Management. Journal of Business and Public Administration, vol. 11, iss. 2, 2020. pp. 1-16. DOI: 10.2478/hjbpa-2020-0015.

9. Sri Harsha Somepalli, Sai Kishore Reddy Tangella, Santosh Yalamanchili. Information Security Management. Journal of Business and Public Administration, vol. 11, iss. 2, pp.1-16, 2020. DOI: 10.2478/hjbpa-2020-0015.

10. Zolotarev V. V., Arkhipova A. B., Parotkin N. Y., Lvova A. P. Strategies of social engineering attacks on information resources of gamified online education projects. International Scientific Conference on Innovative Approaches to the Application of Digital Technologies in Education (SLET–2020), Stavropol, 12-13 Novemder, 2020, pp. 386-391.

11. Arhipova A. B. K voprosu postroeniya modeli fishingovoj ataki na baze teorii nekooperativnyh igr [On the issue of constructing a phishing attack model based on the theory of non-cooperative games]. Perspektiva- 2021, Materialy IX Vserossijskoj molodezhnoj shkoly-seminara po problemam informacionnoj bezopas-nosti, Krasnoyarsk, 30 September – 03 October, 2021, pp. 6-12.

12. BDU – Ugrozy [DBU – Threats]. Federal'naya sluzhba po tekhnicheskomu i eksportnomu kontrolyu, available at: https://bdu.fstec.ru/threat/ubi.175 (accessed 01.10.2022).

13. Grachev A. V. Istoriya vozniknoveniya kiberprestuplenij [The history of cybercrime]. Informacionnaya bezopasnost' i voprosy profilaktiki kiberekstremizma sredi molodezhi, Materialy vnutrivuzovskoj konferencii, Magnitogorsk, Magnitogorskij gosudarstvennyj tekhnicheskij universitet, 09-12 October, 2015, pp. 162-175.

14. Komarov A. A. Kriminologicheskie aspekty moshennichestva v global'noj seti Internet: special'nost' 12.00.08 "Ugolovnoe pravo i kriminologiya; ugolovno-ispolnitel'noe pravo" [Criminological aspects of fraud in the global Internet: specialty 12.00.08 "Criminal law and criminology; penal enforcement law"]. Abstract of Ph. D. thesis. Saratov, 2011. 262 p.

15. Maskirovka virusov [Virus masking], available at: https://ilyarm.ru/txt-maskirovkavirusov-exe-to-txt-zamaskirovat-exe-pod-jpg.html (accessed 03.10.2022)

16. Men'shakov S. Razminiruem pochtu. Prostoe rukovodstvo po vyyavleniyu fishinga. [We clear the mail. A simple guide to detecting phishing], available at: https://xakep.ru/2021/06/16/mailphishing/ (accessed 04.10.2022).

17. Plotnikova T. V., Harin V. V. Kiberprestupnost' - ugroza XXI veka [Cybercrime - the threat of the XXI century]. Vestnik obshchestvennoj nauchno-issledovatel'skoj laboratorii «Vzaimodejstvie ugo-lovnoispolnitel'noj sistemy s institutami grazhdanskogo obshchestva: istoriko-pravovye i teoretikometodologicheskie aspekty», 2018, no. 12, pp. 153-161.

18. Samye opasnye vlozhennye fajly [The most dangerous attachments], available at: http://security.mosmetod.ru/moshennichestvo-v-seti/152-opasnye-vlozhennyefajly (accessed 07.10.2022).

19. Fomina, N. A. Ispol'zovanie metodov social'noj inzhenerii pri moshennichestve v so-cial'nyh setyah [The use of social engineering methods in fraud in social networks]. Informacionnaya bezopasnost' i voprosy profilak-tiki kiberekstremizma sredi molodezhi, Materialy vnutrivuzovskoj konferencii, Magnitogorsk, Magnitogorskij gosudarstvennyj tekhnicheskij universitet, 09-12 October, 2015, pp. 443-453.