Doctoral Dissertations

Date of Award

8-2025

Degree Type

Dissertation

Degree Name

Doctor of Philosophy

Major

Computer Science

Major Professor

Doowon Kim

Committee Members

Doowon Kim, Jian Liu, Jinyuan Sun, Yonghwi Kwon

Abstract

Phishing attacks continue to grow in prevalence and sophistication, creating fake websites that mimic legitimate services to steal credentials from victims. This “cat-and-mouse game” sees attackers continuously evolving with new evasion techniques, making quick detection the key challenge. This defense presents a comprehensive analysis of the phishing attack lifecycle across five domains: website creation, domain registration, regional attack variations, defensive mechanisms, and post-detection behaviors. Our research spans multiple years and millions of phishing URLs. Our findings reveal that phishing websites typically use outdated resources and lack security protections. Most phishing domains are maliciously registered rather than compromised, with attackers preferring cheaper TLDs and targeting specific brands. Global detection mechanisms often miss regionally targeted campaigns, particularly those in non-English contexts. Defensive measures show significant gaps, with widely used blocklists exhibiting substantial detection delays compared to specialized services. Website security practices remain inadequate, with virtually no sites following all recommended security guidelines. After detection, phishing websites typically remain operational for approximately two days, with those employing frequent visual changes persisting longer. This research contributes actionable insights for improving phishing defenses through earlier detection, vulnerability exploitation, and enhanced security practices.

Download
Files over 3MB may be slow to open. For best results, right-click and select "save as..."

Share

COinS