[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-56179-en":3,"doc-seo-56179-105":29,"detail-sidebar-cat-0-en-105":91},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":20,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},56179,3848291630094,"Emma Wilson","https://eur-avatar.wpscdn.com/davatar_085a072bc5b1113ac321206ff7593b45",8,"Research & Report","Constructs of Deceit Exploring Nuances in Modern Social Engineering Attacks","Social engineering attacks keep expanding despite growing defense efforts, with fraudulent websites and phishing pages becoming increasingly common across academia and industry. The study evaluates website development and deployment features used for years in supervised detection, asking whether these indicators remain effective at scale in an adversarial cat-and-mouse setting. Results challenge deployment-based signals such as infrastructure providers and certificate issuers, and they analyze development-side artifacts to strengthen detection pipelines using 9.5 TB of collected data.","Constructs of Deceit: Exploring Nuances in Modern Social Engineering Attacks  \nMohammad Ali Tofighi, Behzad Ousat, Javad Zandi, Esteban Schafir, and  \nAmin Kharraz  \nFlorida International University, USA  \nAbstract. Despite the increasing effort in the defense community in developing robust security solutions, social engineering attacks are getting more prevalent every year. Detecting fraudulent websites has been a concurrent task of both academia and industry in combating this typeof attack. A common approach is to use supervised methods and labeled data to locate suspicious cases. In this paper, we evaluate a set of more common features related to the development and deployment aspects of websites that have been widely used in detecting scam and phishing websites over the years. As threat actors and the defense community are in a cat-and-mouse game, we aim to investigate whether such features are still prevalent or how to move forward in determining signs of malice when looking at the problem space at scale. Our study challenges the efficacy of deployment-based features, such as infrastructure providers or certificate issuers, in detecting fraudulent websites. Additionally, we perform an empirical analysis of the development aspects of websites that can be utilized in the detection pipeline.  \n1 Introduction  \nSocial engineering attacks persist as a significant security threat. The impact of these attacks is often deep and consequential. Modern social engineering attacks have evolved to deliver different classes of malicious code while collecting extensive financial and personal information [1–5] . Moreover, these attacks result in significant collateral damage by harming the reputation and necessitating substantial effort to mitigate abuse. Over the years the security defense community has developed various methods and tools to fight against social engineering attacks [6–10] . The core insight in a large number of prior works is that the majority of adversaries behind social engineering attacks are cost sensitive. That is, adversaries aim to minimize their costs to develop and distribute their social engineering web attacks. This observation has been translated into several detection heuristics on the defense side. For instance, prior work incorporated features that extracted the type of domain name or the network address to which they were resolved based on the intuition that adversaries are more likely cheaper domain names or network addresses or that they would use free services such as Let’s Encrypt [11] more frequently to develop realistic websites.  \nGiven that adversaries are continuously adapting their techniques to evade detection, a research question that arises is to what degree these features are still  \n2 M.A. Tofighi, B. Ousat, J. Zandi, E. Schafir, A. Kharraz  \nrelevant in today’s threat landscape. This paper aims to revisit the corresponding insights, aiming to answer what measures are still effective and can be insightful, and what measures are losing their effectiveness in this evolving landscape. Our work is guided by three primary research questions. First, we aim to investigate what has changed in network infrastructure to host fraudulent websites and if there still exists any distinguishing patterns in the usage of network addresses. Second, we investigate how premium certificate services, as a key component of the deployment mechanism, are being used in fraudulent website development. Lastly, we evaluate the adoption of software development techniques in the design and development of fraudulent websites and how they can be translated into defense mechanisms. To answer these questions, we partnered with a well-known security company and received daily access to their URL seeds for six months – from August 2022 to February 2023 . We crawled these websites using an instrumented browser, collecting development and deployment-related information when visiting these websites. In the following, we describe t","cbCaikCGBJZacaF3","https://ap.wps.com/l/cbCaikCGBJZacaF3","pdf",1846821,1,20,"English","en",105,"# Introduction\n## Research questions and methodology\n## Findings on infrastructure diversity\n## Findings on certificate services\n## Findings on web technology usage","[{\"question\":\"What problem does the paper address in defending against social engineering attacks?\",\"answer\":\"It addresses the increasing prevalence of social engineering attacks delivered through fraudulent websites and phishing, and how to detect them effectively using features derived from website infrastructure and development signals.\"},{\"question\":\"What key research questions guide the work?\",\"answer\":\"The paper asks how network infrastructure usage patterns differ for fraudulent websites, how premium certificate services are used in the deployment mechanism, and how software development techniques in fraudulent sites can inform defense.\"},{\"question\":\"What does the study conclude about deployment-based detection features?\",\"answer\":\"It challenges the efficacy of deployment-based features such as infrastructure providers and certificate issuers, showing that these signals do not retain sufficient discriminatory power as threats evolve.\"}]",1783718164,50,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":33,"description":14,"schema_data":34,"social_meta":86,"head_meta":88,"extra_data":90,"updated_unix":27},"constructs-of-deceit-exploring-nuances-in-modern-social-engineering-attacks","",{"@graph":35,"@context":85},[36,53,68],{"@type":37,"itemListElement":38},"BreadcrumbList",[39,43,47,50],{"item":40,"name":41,"@type":42,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":44,"name":45,"@type":42,"position":46},"https://docshare.wps.com/document/","Document",2,{"item":48,"name":12,"@type":42,"position":49},"https://docshare.wps.com/document/research-report/",3,{"item":51,"name":13,"@type":42,"position":52},"https://docshare.wps.com/document/constructs-of-deceit-exploring-nuances-in-modern-social-engineering-attacks/56179/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":23,"description":14,"dateModified":61,"datePublished":62,"encodingFormat":60,"isAccessibleForFree":63,"interactionStatistic":64},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":40,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-17","2026-07-10",true,{"@type":65,"interactionType":66,"userInteractionCount":20},"InteractionCounter",{"@type":67},"ViewAction",{"@type":69,"mainEntity":70},"FAQPage",[71,77,81],{"name":72,"@type":73,"acceptedAnswer":74},"What problem does the paper address in defending against social engineering attacks?","Question",{"text":75,"@type":76},"It addresses the increasing prevalence of social engineering attacks delivered through fraudulent websites and phishing, and how to detect them effectively using features derived from website infrastructure and development signals.","Answer",{"name":78,"@type":73,"acceptedAnswer":79},"What key research questions guide the work?",{"text":80,"@type":76},"The paper asks how network infrastructure usage patterns differ for fraudulent websites, how premium certificate services are used in the deployment mechanism, and how software development techniques in fraudulent sites can inform defense.",{"name":82,"@type":73,"acceptedAnswer":83},"What does the study conclude about deployment-based detection features?",{"text":84,"@type":76},"It challenges the efficacy of deployment-based features such as infrastructure providers and certificate issuers, showing that these signals do not retain sufficient discriminatory power as threats evolve.","https://schema.org",{"og:url":51,"og:type":87,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":89,"canonical":51},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":92},[93,97,101,105,110,114,119,122,126,129,133],{"id":20,"doc_module":4,"doc_module_name":45,"category_name":94,"show_sort_weight":95,"slug":96},"Story & Novel",90,"story-novel",{"id":46,"doc_module":4,"doc_module_name":45,"category_name":98,"show_sort_weight":99,"slug":100},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":45,"category_name":102,"show_sort_weight":103,"slug":104},"Exam",70,"exam",{"id":106,"doc_module":4,"doc_module_name":45,"category_name":107,"show_sort_weight":108,"slug":109},5,"Comic",60,"comic",{"id":111,"doc_module":4,"doc_module_name":45,"category_name":112,"show_sort_weight":28,"slug":113},6,"Technology","technology",{"id":115,"doc_module":4,"doc_module_name":45,"category_name":116,"show_sort_weight":117,"slug":118},7,"Healthcare",40,"healthcare",{"id":11,"doc_module":4,"doc_module_name":45,"category_name":12,"show_sort_weight":120,"slug":121},30,"research-report",{"id":123,"doc_module":4,"doc_module_name":45,"category_name":124,"show_sort_weight":21,"slug":125},9,"Religion & Spirituality","religion-spirituality",{"id":21,"doc_module":4,"doc_module_name":45,"category_name":127,"show_sort_weight":21,"slug":128},"World Cup","world-cup",{"id":130,"doc_module":4,"doc_module_name":45,"category_name":131,"show_sort_weight":130,"slug":132},10,"Lifestyle","lifestyle",{"id":134,"doc_module":4,"doc_module_name":45,"category_name":135,"show_sort_weight":106,"slug":136},19,"General","general"]