Phishing on the web is a model of social engineering and an attack vector for getting access to sensitive and financial data of individuals and corporations. Phishing has been identified as one of the prime cyber threats in recent years. With the goal to effectively identifying and combating phishing as early as possible, we present in this paper a longitudinal analysis of phishing attacks from the vantage point of three country-code top-level domain (ccTLD) registries that manage more than 8 million active domains – namely the Netherlands’ .nl, Ireland’s .ie, and Belgium’s .be. We perform a longitudinal analysis on phishing attacks spanning up to 10 years, based on more than 28 thousand phishing domains. Our results show two major attack strategies: national companies and organizations are far more often impersonated using malicious registered domains under their country own ccTLD, which enables better mimicry of the impersonated company. In stark contrast, international companies are impersonated using whatever domains that can be compromised, reducing overall mimicry but bearing no registration and financial costs. We show that 80% of phishing attacks in the studied ccTLDs employ compromised domain names and that most research works focus on detecting new domain names instead. We find banks, financial institutions, and high-tech giant companies at the top of the most impersonated targets. We also show the impact of ccTLD’s registration and abuse handling policies on preventing and mitigating phishing attacks, and that mitigation is complex and performed at both web and DNS level at different intermediaries. Last, our results provide a unique opportunity for ccTLDs to compare and revisit their policies and impacts, with the goal of improving mitigation procedures. @en

Logos give a website a familiar feel and promote trust. Scammers take advantage of that by using well-known organizations’ logos on malicious websites. Unsuspecting Internet users see these logos and think they are looking at a government website or legitimate webshop, when it is a phishing site, a counterfeit webshop, or a site set up to spread misinformation. We present the largest logo detection study on websites to date. We analyze 6.2M domain names from the Netherlands ’ country-code top-level domain.nl, in two case studies to detect logo misuse for two organizations: the Dutch national government and Thuiswinkel Waarborg, an organization that issues certified webshop trust marks. We show how we can detect phishing, spear phishing, dormant phishing attacks, and brand misuse. To that end, we developed LogoMotive, an application that crawls domain names, generates screenshots, and detects logos using supervised machine learning. LogoMotive is operational in the.nl registry, and it is generalizable to detect any other logo in any DNS zone to help identify abuse.

@en

Luxury goods such as sneakers and bags are in high demand. Many websites offer them at high discounts, which, in many cases, are simply cheap counterfeit versions of the original product. Online shoppers, however, may be unaware they are buying a counterfeit product and end up being scammed and having to deal with financial losses, as has been widely reported by various news outlets. This work presents a multiyear effort of The Netherlands’.nl country-code top-level domain (ccTLD) in detecting and removing counterfeit online shops from the.nl DNS zone. We have developed two detection systems and partnered with registrars and a large credit card issuer, which ultimately led to more than 4,400 counterfeit online shops being taken down.

@en

Recent advances in wearable sensor technology and smartphones enable simple and affordable collection of personal analytics. This paper reflects on the lessons learned in the SWELL project that addressed the design of user-centered ICT applications for self-management of vitality in the domain of knowledge workers. These workers often have a sedentary lifestyle and are susceptible to mental health effects due to a high workload. We present the sense–reason–act framework that is the basis of the SWELL approach and we provide an overview of the individual studies carried out in SWELL. In this paper, we revisit our work on reasoning: interpreting raw heterogeneous sensor data, and acting: providing personalized feedback to support behavioural change. We conclude that simple affordable sensors can be used to classify user behaviour and heath status in a physically non-intrusive way. The interpreted data can be used to inform personalized feedback strategies. Further longitudinal studies can now be initiated to assess the effectiveness of m-Health interventions using the SWELL methods.

@en