A Design for an Anti-spear-phishing System Aycock
نویسنده
چکیده
Phishing is a widespread and effective computer-mediated social attack. Phishers have proven highly adaptable in terms of exploiting new communications channels – witness ‘vishing’ and ‘SMiShing’ – and are becoming increasingly sophisticated. At the same time, research has shown that current anti-phishing measures are less than adequate. One concern in terms of malicious software is targeted attacks; the phishing equivalent is ‘spear phishing’, where a phishing attack is directed at a specific organization or even individuals. Spear phishing may present users with some difficult decisions regarding the authenticity of messages. We propose a design for an anti-spear-phishing system to help users in this regard, which will take advantage of the characteristics of spear phishing to detect such targeted attacks. The system we propose would work at two levels: a global level and an institutional level. We conjecture that taking these indicators together will yield an effective defence against spear phishing.
منابع مشابه
Defending against Spear Phishing: Motivating Users through Fear appeal Manipulations
Phishing is a pervasive form of online fraud that causes billions in losses annually. Spear phishing is a highly targeted and successful type of phishing that uses socially engineered emails to defraud most of its recipients. Unfortunately, anti-phishing training campaigns struggle with effectively fighting this threat— partially because users see security as a secondary priority, and partially...
متن کاملFusing system design and social science to reduce susceptibility to online influence
Spear phishing and other forms of online scams are having an increasing impact on society. This paper overviews our current work exploring individual differences in susceptibility to malicious influence online from a social science perspective and asks how fusion with adaptive and collaborative system approaches could be harnessed to reduce differential susceptibility across individuals via sys...
متن کاملImprovement Of Email Threats Detection By User Training
With the generalization of mobile communication systems, solicitations of all kinds in the form of messages and emails are received by users with increasing proportion of malicious ones. They are customized to pass anti-spam filters and ask the person to click or to open the joined dangerous attachment. Current filters are very inefficient against spear phishing emails. It is proposed to improv...
متن کاملBreaching the Human Firewall: Social engineering in Phishing and Spear-Phishing Emails
We examined the influence of three social engineering strategies on users’ judgments of how safe it is to click on a link in an email. The three strategies examined were authority, scarcity and social proof, and the emails were either genuine, phishing or spear-phishing. Of the three strategies, the use of authority was the most effective strategy in convincing users that a link in an email was...
متن کاملTesting PhishGuru in the Real World
In real world testing of PhishGuru, an embedded training system that teaches people how to protect themselves from phishing attacks, we found (a) PhishGuru is effective in training people in the real world; (b) users retained knowledge when trained with PhishGuru in the real world; (c) a large percentage of people who clicked on links in simulated emails proceeded to give some form of personal ...
متن کامل