Nowadays, many people are losing considerable wealth due to online scams. Phishing is one of the means that a scammer can use to deceitfully obtain the victim's personal identification, bank account information, or any other sensitive data. There are a number of anti-phishing techniques and tools in place, but unfortunately phishing still works. One of the reasons is that phishers usually use human behaviour to design and then utilise a new phishing technique. Therefore, identifying the psychological and sociological factors used by scammers could help us to tackle the very root causes of fraudulent phishing attacks. This paper recognises some of those factors and creates a cause-andeffect diagram to clearly present the categories and factors which make up the root causes of phishing scams. The illustrated diagram is extendable with additional phishing causes.
Prior studies have shown that the behaviours and attitudes of Internet users influence the likelihood of being victimised by phishing attacks. Many scammers design a step-by-step approach to phishing in order to gain the potential victim's trust and convince them to take the desired actions. It is important to understand which behaviours and attitudes can influence following the attacker in each step of a phishing scam. This will enable us to identify the root causes of phishing and to develop specific mitigation plans for each step of the phishing process and to increase prevention points. This study investigates to what extent people's risk-taking and decision-making styles influence the likelihood of phishing victimisation in three specific phishing steps. We asked participants to play a risk-taking game and to answer questions related to two psychological scales to measure their behaviours, and then conducted a simulated phishing campaign to assess their phishability throughout the three phishing steps selected. We find that the attitude to risk-taking and gender can predict users' phishability in the different steps selected. There are however other possible direct and indirect behavioural factors that could be investigated in future studies. The results of this study and the model developed can be used to build a comprehensive framework to prevent the success of phishing attempts, starting from their root causes.
Ensuring the security of cloud computing is one of the most critical challenges facing the cloud services sector. Dealing with data in a cloud environment, which uses shared resources, and providing reliable and secure cloud services, requires a robust encryption solution with no or low negative impact on performance. Thus, this study proposes an effective cryptography solution to improve security in cloud computing with a very low impact on performance. A complex cryptography algorithm is not helpful in cloud computing as computing speed is essential in this environment. Therefore, this solution uses an improved Blowfish algorithm in combination with an ellipticcurve-based algorithm. Blowfish will encrypt the data, and the elliptic curve algorithm will encrypt its key, which will increase security and performance. Moreover, a digital signature technique is used to ensure data integrity. The solution is evaluated, and the results show improvements in throughput, execution time, and memory consumption parameters.
Phishing is an online scam where criminals trick users with various strategies, with the goal of obtaining sensitive information or compromising accounts, systems, and/or other personal or organisational Information Technology resources. Multiple studies have shown that human factors influence the success of phishing attempts. However, these studies were conducted before the COVID-19 pandemic, which is significant because security reports show that the numbers of phishing attacks have been rapidly increasing since the start of COVID-19. This study investigates the extent to which users' fear, anxiety and stress levels regarding COVID-19, impact falling for common and COVID-19 themed phishing scams during the outbreak period. Prior studies have depicted the effects of human behaviour on phishing attacks before the pandemic, such as risk-taking preferences and users' demographic factors, hence this study also focuses on the effects of those factors on the likelihood of phishing victimisation. More concretely, we present the results of a scenario-based roleplay experiment to study the relationship between fear, anxiety, stress, risk-taking, and demographic factors and the success of phishing attacks during the pandemic. The findings indicate that fear of COVID-19 influences the success of COVID-19 specific themed phishing scams, while anxiety, stress, and risk-taking influences the success of both the COVID-19 themed and common phishing scams. Our findings also suggest that the users' education level impacts common phishing attacks during the pandemic.
Phishing is a social engineering scam that can cause financial and reputational damage to people and organisations. Studies have demonstrated the effects of human behaviour and emotions on people's security behaviour, such as falling into a phishing scam. Moreover, several studies show the effects of the COVID-19 outbreak on human emotions, impacting phishing attempts' success. In this study, we have developed a solution using previous studies' results to identify vulnerable users (i.e., those at risk of clicking on phishing links) in organisations. The solution assigns proper mitigation actions to those high-risk users. The system contains behaviour measurement, risk scoring, and mitigation modules that can mature and develop accuracy over time. Furthermore, situations similar to a pandemic are considered in the solution. The proposed solution will help organisations focus more on protecting high-risk users and reducing successful phishing attacks. This solution should be used in combination with technical anti-phishing and cybersecurity awareness training campaigns to achieve better results. CCS CONCEPTS• Security and privacy; • Human and societal aspects of security and privacy; • Intrusion/anomaly detection and malware mitigation; • Social engineering attacks; • Phishing; • Spoofing attacks;
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.