AT&T Releases Top Phishing Keywords

June 17, 2015 at 4:33 pm By

Lebron James and Kobe Bryant might be your favorite players in the NBA, but they can also their names in a URL may suggest the possibility of malicious security breaches in many top-level domains according to a recent AT&T study.

The research, produced by the AT&T Security Research Center and AT&T Labs Research, showed that certain words appearing in URLs were more likely than others to signal bad intentions. The report, Breaking Bad: Detecting malicious domains using word segmentation highlights how to detect a malicious domain from the lingual makeup of the domain names.

“Experiments on a sample of real-world data from a large cellular network show that using word segmentation improves our ability to detect malicious domains relative to approaches without segmentation, as measured by misclassification rates and areas under the ROC curve,” reported Wei Wang and Kenneth E. Shirley of AT&T. “Furthermore, the results are interpretable, allowing one to discover (with little supervision or tuning required) which words are used most often to attract users to malicious domains.”

The research was done in light of the increased attacks on mobile devices particularly smartphones. The attacks come from poorly managed hosting sites or newly registered domains, command-and-control (aka C&C) servers or to host malware binaries [3]–[5] according to the report.

The top-level domains with the most malicious content happened to be “.co, .us and .eu.” Naturally .gov was among the safest domains along with .de. Meanwhile there are also a number of popular names that researchers found to be associated with phishing campaigns.

For the sneaker-head coders out there when associated with sneakers, popular names like Kobe, Jordans, Jordan or Lebron were among some of the names that were associated with phishing campaigns.

Brand names like Ray-Ban, Oakley, Nike, Vuitton, Hollister, Timberland, Tiffany and Ugg raised red flags as well. Shopping, financing, medical needs, sportswear and adult geared website terms all have quite a list of widely used search terms that are used in phishing campaigns according to Wang and Shirley.

In essence the most popular terms are becoming targets for phishing campaigns making it quite difficult for the mobile online community to figure out what sites are safe to visit on their mobile devices.

“Given the growing popularity of social media and blogs, as well as the ubiquitousness of smartphones, it is of great interest for users and cellular network providers to be able to proactively identify malicious domains,” concludes Wang and Shirley.

“We find that word segmentation applied to domain names adds substantial predictive power to a logistic regression model that classifies domain names based on their lexical features. In our experiments on real-word data, models that used word segmentation decreased relative misclassification rates and increased relative AUC rates by roughly 10% compared to similar models that didn’t use word segmentation.”

In a 2014 Kaspersky Security Bulletin, the company reported 295,539 new malicious mobile programs. The dangers of mobile browsing are growing every year so you might want to think twice when developing your domains.