Markus Jakobsson | Qualcomm inc (original) (raw)
Uploads
Papers by Markus Jakobsson
Springer eBooks, 2020
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
John Wiley & Sons, Inc. eBooks, Jul 9, 2012
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
2017 APWG Symposium on Electronic Crime Research (eCrime), 2017
We demonstrate a vulnerability in existing content-based message filtering methods, showing how a... more We demonstrate a vulnerability in existing content-based message filtering methods, showing how an attacker can use a simple obfuscator to modify any message to a homograph version of the same message, thereby avoiding digest and signature based detection methods. We measure the success of this potential attack against Hotmail, Gmail and Yahoo mail. While the attack is bothersome both in terms of its simplicity and its success, it is also easily countered. We describe some computationally practical countermeasures.
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
IEEE Spectrum, 2016
SAY YOU RECEIVE an email saying, "We have kidnapped your child. To verify that we are tellin... more SAY YOU RECEIVE an email saying, "We have kidnapped your child. To verify that we are telling the truth, just call your child's cellphone. To get your child back, you need to send us $10,000 within one hour. We will send instructions in a separate email. Do not tell anybody–or else." · Chances are you'd pick up the phone and call your child. Imagine the chill along your spine when a stranger answers, "We have your child." · And yet this is such a simple scam. Attempting it requires just two things: your email address and the online account password associated with your child's phone number. With that information, a scammer can forward your calls to your child's phone number to his own prepaid phone. There's no need for him to have your child's phone, or even know what country you or your child are in.
Bookmarks Related papers MentionsView impact
Understanding Social Engineering Based Scams, 2016
In this chapter, we demonstrate a vulnerability in existing content-based message filtering metho... more In this chapter, we demonstrate a vulnerability in existing content-based message filtering methods, showing how an attacker can use a simple obfuscator to modify any message to a homograph version of the same message, thereby avoiding digest and signature based detection methods. We measure the success of this potential attack, showing a total success against Hotmail, Gmail and Yahoo mail. While the attack is bothersome both in terms of its simplicity and its success, it is also easily countered. We describe some computationally practical countermeasures.
Bookmarks Related papers MentionsView impact
Understanding Social Engineering Based Scams, 2016
This chapter identifies and analyzes trends in the terms and expressions used in the content of s... more This chapter identifies and analyzes trends in the terms and expressions used in the content of scam emails and associates those with the principles of human persuasion that they integrate. We discuss and compare both the terms and principles used over time within a sample of scam emails collected between 2006 and 2014. Our analyses shows that different scam email categories use various principles of persuasion and that it is possible to observe distinct trends in their usage. We argue that with a better understanding of how scammers work at a psychological level, one could devise new techniques to detect persuasion in scam emails and build tools that more closely emulate human interaction with those emails.
Bookmarks Related papers MentionsView impact
Understanding Social Engineering Based Scams, 2016
This short chapter focuses on targeting. Targeting increases the yield of attacks, i.e., the resp... more This short chapter focuses on targeting. Targeting increases the yield of attacks, i.e., the response rate. Targeting also reduces the efficacy of spam filters and related technologies, and as such, vastly improves the profits scammers reap. We overview how to estimate the yield of attacks, and how to identify scams that are likely to become more common.
Bookmarks Related papers MentionsView impact
Phishing and Countermeasures
Bookmarks Related papers MentionsView impact
Phishing and Countermeasures
Bookmarks Related papers MentionsView impact
Phishing and Countermeasures
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Mobile Authentication: Problems and Solutions looks at human-to-machine authentication, with a ke... more Mobile Authentication: Problems and Solutions looks at human-to-machine authentication, with a keen focus on the mobile scenario. Human-to-machine authentication is a startlingly complex issue. In the old days of computer security-before 2000, the human component was all but disregarded. It was either assumed that people should and would be able to follow instructions, or that end users were hopeless and would always make mistakes. The truth, of course, is somewhere in between, which is exactly what makes this topic so enticing. We cannot make progress with human-to-machine authentication without understanding both humans and machines. Mobile security is not simply security ported to a handset. Handsets have different constraints than traditional computers, and are used in a different way. Text entry is more frustrating, and therefore, it is tempting to use shorter and less complex passwords. It is also harder to detect spoofing. We need to design with this in mind. We also need to determine how exactly to integrate biometric readers to reap the maximum benefits from them. This book addresses all of these issues, and more.
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Springer eBooks, 2020
Bookmarks Related papers MentionsView impact
John Wiley & Sons, Inc. eBooks, Feb 15, 2007
Bookmarks Related papers MentionsView impact
Springer eBooks, 2020
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
John Wiley & Sons, Inc. eBooks, Jul 9, 2012
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
2017 APWG Symposium on Electronic Crime Research (eCrime), 2017
We demonstrate a vulnerability in existing content-based message filtering methods, showing how a... more We demonstrate a vulnerability in existing content-based message filtering methods, showing how an attacker can use a simple obfuscator to modify any message to a homograph version of the same message, thereby avoiding digest and signature based detection methods. We measure the success of this potential attack against Hotmail, Gmail and Yahoo mail. While the attack is bothersome both in terms of its simplicity and its success, it is also easily countered. We describe some computationally practical countermeasures.
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
IEEE Spectrum, 2016
SAY YOU RECEIVE an email saying, "We have kidnapped your child. To verify that we are tellin... more SAY YOU RECEIVE an email saying, "We have kidnapped your child. To verify that we are telling the truth, just call your child's cellphone. To get your child back, you need to send us $10,000 within one hour. We will send instructions in a separate email. Do not tell anybody–or else." · Chances are you'd pick up the phone and call your child. Imagine the chill along your spine when a stranger answers, "We have your child." · And yet this is such a simple scam. Attempting it requires just two things: your email address and the online account password associated with your child's phone number. With that information, a scammer can forward your calls to your child's phone number to his own prepaid phone. There's no need for him to have your child's phone, or even know what country you or your child are in.
Bookmarks Related papers MentionsView impact
Understanding Social Engineering Based Scams, 2016
In this chapter, we demonstrate a vulnerability in existing content-based message filtering metho... more In this chapter, we demonstrate a vulnerability in existing content-based message filtering methods, showing how an attacker can use a simple obfuscator to modify any message to a homograph version of the same message, thereby avoiding digest and signature based detection methods. We measure the success of this potential attack, showing a total success against Hotmail, Gmail and Yahoo mail. While the attack is bothersome both in terms of its simplicity and its success, it is also easily countered. We describe some computationally practical countermeasures.
Bookmarks Related papers MentionsView impact
Understanding Social Engineering Based Scams, 2016
This chapter identifies and analyzes trends in the terms and expressions used in the content of s... more This chapter identifies and analyzes trends in the terms and expressions used in the content of scam emails and associates those with the principles of human persuasion that they integrate. We discuss and compare both the terms and principles used over time within a sample of scam emails collected between 2006 and 2014. Our analyses shows that different scam email categories use various principles of persuasion and that it is possible to observe distinct trends in their usage. We argue that with a better understanding of how scammers work at a psychological level, one could devise new techniques to detect persuasion in scam emails and build tools that more closely emulate human interaction with those emails.
Bookmarks Related papers MentionsView impact
Understanding Social Engineering Based Scams, 2016
This short chapter focuses on targeting. Targeting increases the yield of attacks, i.e., the resp... more This short chapter focuses on targeting. Targeting increases the yield of attacks, i.e., the response rate. Targeting also reduces the efficacy of spam filters and related technologies, and as such, vastly improves the profits scammers reap. We overview how to estimate the yield of attacks, and how to identify scams that are likely to become more common.
Bookmarks Related papers MentionsView impact
Phishing and Countermeasures
Bookmarks Related papers MentionsView impact
Phishing and Countermeasures
Bookmarks Related papers MentionsView impact
Phishing and Countermeasures
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Mobile Authentication: Problems and Solutions looks at human-to-machine authentication, with a ke... more Mobile Authentication: Problems and Solutions looks at human-to-machine authentication, with a keen focus on the mobile scenario. Human-to-machine authentication is a startlingly complex issue. In the old days of computer security-before 2000, the human component was all but disregarded. It was either assumed that people should and would be able to follow instructions, or that end users were hopeless and would always make mistakes. The truth, of course, is somewhere in between, which is exactly what makes this topic so enticing. We cannot make progress with human-to-machine authentication without understanding both humans and machines. Mobile security is not simply security ported to a handset. Handsets have different constraints than traditional computers, and are used in a different way. Text entry is more frustrating, and therefore, it is tempting to use shorter and less complex passwords. It is also harder to detect spoofing. We need to design with this in mind. We also need to determine how exactly to integrate biometric readers to reap the maximum benefits from them. This book addresses all of these issues, and more.
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Springer eBooks, 2020
Bookmarks Related papers MentionsView impact
John Wiley & Sons, Inc. eBooks, Feb 15, 2007
Bookmarks Related papers MentionsView impact