The advent of Internet technologies has resulted in the proliferation of electronic trading and the use of the Internet for electronic transactions, leading to a rise in unauthorized access to sensitive user information and the depletion of resources for enterprises. As a consequence, there has been a marked increase in phishing, which is now considered one of the most common types of online theft. Phishing attacks are typically directed towards obtaining confidential information, such as login credentials for online banking platforms and sensitive systems. The primary objective of such attacks is to acquire specific personal information to either use for financial gain or commit identity theft. Recent studies have been conducted to combat phishing attacks by examining domain characteristics such as website addresses, content on websites, and combinations of both approaches for the website and its source code. However, businesses require more effective anti-phishing technologies to identify phishing URLs and safeguard their users. The present research aims to evaluate the effectiveness of eight machine learning (ML) and deep learning (DL) algorithms, including support vector machine (SVM), k-nearest neighbors (KNN), random forest (RF), Decision Tree (DT), Extreme Gradient Boosting (XGBoost), logistic regression (LR), convolutional neural network (CNN), and DL model and assess their performances in identifying phishing. This study utilizes two real datasets, Mendeley and UCI, employing performance metrics such as accuracy, precision, recall, false positive rate (FPR), and F-1 score. Notably, CNN exhibits superior accuracy, emphasizing its efficacy. Contributions include using purpose-specific datasets, meticulous feature engineering, introducing SMOTE for class imbalance, incorporating the novel CNN model, and rigorous hyperparameter tuning. The study demonstrates consistent model performance across both datasets, highlighting stability and reliability.

OBJECTIVE: Radiology faculty across various specialties have been reported to receive an average of 20.7 invitations to submit manuscripts to bogus journals and 4.1 invitations to speak at unsuitable events over a two-week span. Radiology trainees also receive a fair number of unsolicited invitations from unknown senders to submit manuscripts and speak at meetings. Trainees can be more vulnerable to predatory invitations due to potential naivety. We aimed to determine the prevalence of these spam invitations received by radiology trainees.
METHODS: The designed survey for evaluating the experience of radiology trainees regarding phishing scams of predatory publications and conferences was sent to radiology residency and neuroradiology fellowship program leadership to redistribute amongst their trainees, and was advertised on social media platforms. The survey was first sent out on September 28, 2023, and was closed two weeks later October 12, 2023. Spearman\'s correlation, univariable and multivariable linear regression analyses were performed.
RESULTS: Our study included 151 respondents who completed the survey. Of the survey respondents, 53 % reported receiving unsolicited emails from predatory publications (mean = 6.76 ± 7.29), and 32 % reported receiving emails from fraudulent conferences (mean = 5.61 ± 5.77). Significant positive correlation was observed between number of unsolicited email invitations with number of PubMed indexed publications, number as corresponding author, number in open access journals and number of abstract presentations.
CONCLUSIONS: Trainees in radiology receive many unsolicited invitations to publish papers as well as to present at meetings that are not accredited. This could lead to wasted time and financial resources for unsuspecting trainees.

This study investigated the roles of phishing knowledge, cue utilization, and decision styles in contributing to phishing email detection. Participants (N = 145) completed an online email sorting task, and measures of phishing knowledge, email decision styles, cue utilization, and email security awareness. Cue utilization was the only factor that uniquely predicted the capacity to discriminate phishing from genuine emails. Phishing knowledge was associated with greater phishing detection and a bias towards classifying all emails as phishing. A preference for intuitive decision making predicted lower detection of phishing emails, driven by a greater tendency to classify emails as genuine. These findings support the proposition that cue utilization is a distinct cognitive process that enables expert performance. The outcomes indicate that, in addition to increasing phishing knowledge and developing safe behavioral patterns, anti-phishing training needs to provide opportunities for trainees to develop meaningful cue associations.

While the second wave of the Covid-19 pandemic is keeping the world on tenterhooks, the last few months have also led to a new wave of cybercrime. The following article analyzes the background and manifestations of pandemic-related cybercrimes and shows how our criminal law systems are able to deal with current challenges in the age of the coronavirus.

Malicious uniform resource locators (URLs) are prevalent in cyberattacks, particularly in phishing attempts aimed at stealing sensitive information or distributing malware. Therefore, it is of paramount importance to accurately detect malicious URLs. Prior research has explored the use of deep-learning models to identify malicious URLs, using the segmentation of URL strings into character-level or word-level tokens, and embedding and employing trained models to differentiate between URLs. In this study, a bidirectional encoder representation from a transformers-based (BERT) model was devised to tokenize URL strings, employing its self-attention mechanism to enhance the understanding of correlations among tokens. Subsequently, a classifier was employed to determine whether a given URL was malicious. In evaluating the proposed methods, three different types of public datasets were utilized: a dataset consisting solely of URL strings from Kaggle, a dataset containing only URL features from GitHub, and a dataset including both types of data from the University of New Brunswick, namely, ISCX 2016. The proposed system achieved accuracy rates of 98.78%, 96.71%, and 99.98% on the three datasets, respectively. Additionally, experiments were conducted on two datasets from different domains-the Internet of Things (IoT) and Domain Name System over HTTPS (DoH)-to demonstrate the versatility of the proposed model.

Cybersecurity has seen an increasing frequency and impact of cyberattacks and exposure of Protected Health Information (PHI). The uptake of an Electronic Medical Record (EMR), the exponential adoption of Internet of Things (IoT) devices, and the impact of the COVID-19 pandemic has increased the threat surface presented for cyberattack by the healthcare sector. Within healthcare generally and, more specifically, within anaesthesia and Intensive Care, there has been an explosion in wired and wireless devices used daily in the care of almost every patient-the Internet of Medical Things (IoMT); ventilators, anaesthetic machines, infusion pumps, pacing devices, organ support and a plethora of monitoring modalities. All of these devices, once connected to a hospital network, present another opportunity for a malevolent party to access the hospital systems, either to gain PHI for financial, political or other gain or to attack the systems directly to cause erroneous monitoring, altered settings of any device and even to access the EMR via this IoMT window. This exponential increase in the IoMT and the increasing wireless connectivity of anaesthesia and ICU devices as well as implantable devices presents a real and present danger to patient safety. There has, at the same time, been a chronic underfunding of cybersecurity in healthcare. This lack of cybersecurity investment has left the sector exposed, and with the monetisation of PHI, the introduction of technically unsecure IoT devices for monitoring and direct patient care, the healthcare sector is presenting itself for further devastating cyberattacks or breaches of PHI. Coupled with the immense strain that the COVID-19 pandemic has placed on healthcare and the changes in working patterns of many caregivers, this has further amplified the exposure of the sector to cyberattacks.

To design preventive policy measures for email phishing, it is helpful to be aware of the phishing schemes and trends that are currently applied. How phishing schemes and patterns emerge and adapt is an ongoing field of study. Existing phishing works already reveal a rich set of phishing schemes, patterns, and trends that provide insight into the mechanisms used. However, there seems to be limited knowledge about how email phishing is affected in periods of social disturbance, such as COVID-19 in which phishing numbers have quadrupled. Therefore, we investigate how the COVID-19 pandemic influences the phishing emails sent during the first year of the pandemic. The email content (header data and html body, excl. attachments) is evaluated to assess how the pandemic influences the topics of phishing emails over time (peaks and trends), whether email campaigns correlate with momentous events and trends of the COVID-19 pandemic, and what hidden content revealed. This is studied through an in-depth analysis of the body of 500.000 phishing emails addressed to Dutch registered top-level domains collected during the start of the pandemic. The study reveals that most COVID-19 related phishing emails follow known patterns indicating that perpetrators are more likely to adapt than to reinvent their schemes.

The post-attendee Uniform Resource Locator (URL) feature within the video conferencing application known as Zoom is often overlooked by digital forensic experts as a potential risk for malware transmission. However, with the ability to redirect webinar participants to any URL set by the host for the webinar, the post-attendee URL can be abused by bad actors to expose webinar participants to malicious websites or, in the worst-case scenario, force participants to download a file through the use of a direct download link URL. This study aims to showcase how this exploit can be replicated by creating an experimental environment involving four Windows 10 desktops running Zoom version 5.7.5 and creating a webinar with four user accounts acting as webinar participants and setting the post-attendee URL value to the URL of a website that contained a keylogger. In another trial, the same experimental environment was utilized, with the only difference being the post-attendee URL that was set to redirect webinar participants to a download link for a .jpg file. In both instances, every user account that joined the webinar via clicking on the invitation link that was emailed to each user account after registering for the webinar was redirected to the post-attendee URL regardless of their user account role. These results not only prove that the post-attendee URL can be exploited, but also provide insight as to how this type of attack can be prevented.

In today\'s email dependent world, cyber criminals often target organizations using a variety of social engineering techniques and specially crafted malicious emails. When successful, such attacks can result in significant harm to physical and digital systems and assets, the leakage of sensitive information, reputation damage, and financial loss. Despite the plethora of studies on the detection of phishing attacks and malicious links in emails, there are no solutions capable of effectively, quickly, and accurately coping with more complex email-based attacks, such as malicious email attachments. This paper presents the first fully automated malicious email detection framework using deep ensemble learning to analyze all email segments (body, header, and attachments); this eliminates the need for human expert intervention for feature engineering. In this paper, we also demonstrate how an ensemble framework of deep learning classifiers each of which are trained on specific portions of an email (thereby independently utilizing the entire email) can generalize better than popular email analysis methods that analyze just a specific portion of the email for analysis. The proposed framework is evaluated comprehensively and with an AUC of 0.993, the proposed framework\'s results surpass state-of-the-art malicious email detection methods, including human expert feature-based machine learning models by a TPR of 5%.

This study was designed to examine the roles of cue utilization, phishing features and time pressure in the detection of phishing emails. During two experiments, participants completed an email sorting task containing both phishing and genuine emails. Participants were allocated to either a high or low time pressure condition. Performance was assessed via detection sensitivity and response bias. Participants were classified with either higher or lower cue utilization and completed a measure of phishing knowledge. When participants were blind to the nature of the study (N = 191), participants with higher cue utilization were better able to discriminate phishing from genuine emails. However, they also recorded a stronger bias towards classifying emails as phishing, compared to participants with lower cue utilization. When notified of phishing base rates prior to the email sorting task (N = 191), participants with higher cue utilization were better able to discriminate phishing from genuine emails without recording an increase in rate of false alarms, compared to participants with lower cue utilization. Sensitivity increased with a reduction in time pressure, while response bias was influenced by the number of phishing-related features in each email. The outcomes support the proposition that cue-based processing of critical features is associated with an increase in the capacity of individuals to discriminate phishing from genuine emails, above and beyond phishing-related knowledge. From an applied perspective, these outcomes suggest that cue-based training may be beneficial for improving detection of phishing emails.