Breaching the Human Firewall: Social engineering in Phishing and Spear-Phishing Emails
نویسندگان
چکیده
We examined the influence of three social engineering strategies on users’ judgments of how safe it is to click on a link in an email. The three strategies examined were authority, scarcity and social proof, and the emails were either genuine, phishing or spear-phishing. Of the three strategies, the use of authority was the most effective strategy in convincing users that a link in an email was safe. When detecting phishing and spear-phishing emails, users performed the worst when the emails used the authority principle and performed best when social proof was present. Overall, users struggled to distinguish between genuine and spear-phishing emails. Finally, users who were less impulsive in making decisions generally were less likely to judge a link as safe in the fraudulent emails. Implications for education and training are discussed.
منابع مشابه
Understanding susceptibility to phishing emails: Assessing the impact of individual differences and culture
In a lab-based empirical study, we examined how individual differences and an aspect of national culture impacted on participants’ responses to phishing and spear-phishing emails. Results showed that the strongest predictor of the participants’ ability to detect these malicious emails was cultural orientation towards the needs of the individual rather than the needs of society. For both types o...
متن کاملAn interdiscplinary study of phishing and spear-phishing attacks
In a world where spear-phishing is one of the most common attacks used to steal confidential data, it is necessary to instruct technical and non-technical users about new mechanisms attackers can use to generate these attacks. We want to focus on phishing attacks, where a social engineer communicates a deceitful message to their victims in order to obtain some confidential information, because ...
متن کاملArtificial Immune System Based Classification Approach for Detecting Phishing Mails
Phishing/Spam is an attack that deals with social engineering methodology to illegally acquire and use someone else’s data on behalf of legitimate website for own benefits. Phishing emails are messages designed to fool the recipient into handing over personal information, such as login names, passwords, credit card numbers, account credentials, social security numbers etc. Fraudulent emails har...
متن کاملPhishing Attacks in a Mobile Environment
There is no agreed upon definition for Phishing. Although, the medium of attack may vary, the goal is to steal confidential information from an individual. Classical Phishing attacks via mass mailing have a low return of investment rate. Generally, one mass mailing of 100,000 emails may collect between 10 to 100 victims. On the contrary, Phishing scams targeted to a specific group of people in ...
متن کاملTesting PhishGuru in the Real World
In real world testing of PhishGuru, an embedded training system that teaches people how to protect themselves from phishing attacks, we found (a) PhishGuru is effective in training people in the real world; (b) users retained knowledge when trained with PhishGuru in the real world; (c) a large percentage of people who clicked on links in simulated emails proceeded to give some form of personal ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1606.00887 شماره
صفحات -
تاریخ انتشار 2016