In 2023, more than 298,000 people in the U.S. reported phishing scams, according to the FBI's Internet Crime Report. With cybercriminals finding more ways to outsmart email protections, it is increasingly easy to fall victim to phishing attacks that steal sensitive information, such as usernames, passwords and bank account numbers.
Jean Camp. Photo courtesy of the Luddy School of Informatics, Computing and Engineering Typically, cyber-attackers send authentic-looking website links to people in hopes that they click on what they perceive as a familiar link and divulge their information. But Indiana University professor Jean Camp has created a method to more easily identify misleading URLs.
Camp, who was named a fellow of the American Association for the Advancement of Science in 2017, is a professor of informatics in the Indiana University Luddy School of Informatics, Computing and Engineering and director of the Security and Privacy in Informatics, Computing and Engineering center at IU Bloomington. Her research focuses on the intersection of human and technical trust, leveraging economic models and human-centered design to create safe, secure systems.
Using customized machine learning and AI, Camp and her team can identify suspicious domain names by comparing the full domain name as seen by the user with a set of trusted domains. If the user attempts to interact with the faulty domain, a customizable warning and targeted blocking will prevent entry of information associated with the trusted domain.
Traditional approaches of identifying domains only use text matching; however, the use of symbols or numbers that appear like letters can confuse machine learning techniques and mislead users.
"It's not reasonable to expect people to know everything about computer security, especially when it is difficult to identify websites that are maliciously designed to look like a familiar trusted site the user has visited before," said Camp, who was recently recognized by Director Jen Easterly at Blackhat, an internationally known cybersecurity event series, as a top three academic in the space of security by demand. "With this technology, which will be integrated as an extension, we use text and image matching to help identify and classify deceitful domains."
The extension compares an image of the URL to the bitmap of the images of the domain that the system is protecting. By making this comparison, the risk of falling victim to phishing cyberattacks lowers drastically.
"Our goal is to help individuals engage in online activity safely and make computer security easier for users to understand to help decrease the incidence of phishing attacks and other cybersecurity attacks."
Camp has previously been awarded a patent for her technology that helps prevent router attacks. The technology identifies router updates that appear suspicious and either flags or rejects the updates to prevent attacks.
On her latest technology targeting misleading URLs, Camp has partnered with the IU Innovation and Commercialization Office, which works closely with faculty to move innovation into the marketplace, to file a patent to protect her work. She is seeking collaboration opportunities with industry partners in hopes of commercializing this technology.
