Abstract
Phishing attacks are one of the most common and damaging threats to cybersecurity, and consist of targeting an individual with an email to lure them into revealing personal information. Past studies focused on identifying phishing attacks based on the contents of emails. The nature of phishing attacks have evolved in complexity, as both attackers and those trying to defend from attacks have increasingly sophisticated methods. This project aims to identify network-level characteristics of phishing attacks, an area that we hypothesize will be harder for attackers to evolve their characteristics and may be more robust for detection. Through analysis of email headers, we are able to characterize where phishing attacks are coming from and temporal patterns of phishing behavior. With our understanding of these behaviors, we hope to further the understanding of phishing behavior and implement a feature-based detection system that will improve current efforts.