Don’t Forget the Human: a Crowdsourced Approach to Automate Response and Containment Against Spear Phishing Attacks

Burda, Pavlo; Allodi, Luca; Zannone, Nicola

doi:10.1109/eurospw51379.2020.00069

Cited by 15 publications

(7 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One of the main contributions of this paper is that we demonstrate experimentally that crowdsourced phishing detection can be efficient and sustainable in large organizations. The idea of crowd-sourcing phishing detection to employees has been suggested in previous papers [25], [23]. Our contribution is that we are the first to evaluate this idea over a long period of time in the context of a real large organization.…”

Section: B Summary Of Main Findingsmentioning

confidence: 99%

“…Prior to our work, it was not known if employees as a crowdsourcing mechanism in a closed scenario, such as a corporation that manages reported phishing in-house, works effectively with acceptable operational workload. Few recent works also suggest this concept, but do not evaluate it [25], [61].…”

Section: # Of Dangerous Actionsmentioning

confidence: 99%

“…And fourth, we explore whether the employees can collectively help the organization in phishing prevention. Regarding this question, we focus on using the employees as a collective phishing detection sensor -an idea that has been previously suggested [25], [23], but prior to our work, its effectiveness and feasibility has not been publicly evaluated in a real large organization.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Phishing in Organizations: Findings from a Large-Scale and Long-Term Study

Lain

Kostiainen

Čapkun

2022

2022 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

In this paper, we present findings from a largescale and long-term phishing experiment that we conducted in collaboration with a partner company. Our experiment ran for 15 months during which time more than 14,000 study participants (employees of the company) received different simulated phishing emails in their normal working context. We also deployed a reporting button to the company's email client which allowed the participants to report suspicious emails they received. We measured click rates for phishing emails, dangerous actions such as submitting credentials, and reported suspicious emails.The results of our experiment provide three types of contributions. First, some of our findings support previous literature with improved ecological validity. One example of such results is good effectiveness of warnings on emails. Second, some of our results contradict prior literature and common industry practices. Surprisingly, we find that embedded training during simulated phishing exercises, as commonly deployed in the industry today, does not make employees more resilient to phishing, but instead it can have unexpected side effects that can make employees even more susceptible to phishing. And third, we report new findings. In particular, we are the first to demonstrate that using the employees as a collective phishing detection mechanism is practical in large organizations. Our results show that such crowd-sourcing allows fast detection of new phishing campaigns, the operational load for the organization is acceptable, and the employees remain active over long periods of time.

show abstract

Section: B Summary Of Main Findingsmentioning

confidence: 99%

Section: # Of Dangerous Actionsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Phishing in Organizations: Findings from a Large-Scale and Long-Term Study

Lain

Kostiainen

Čapkun

2022

2022 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…User Studies of this literature review can viewed in the following papers: [4], [10], [13], [14], [16], [19], [23], [42]- [44]. Albladi & Weir [14] used the influence factors of users' proficiency in threat detection and developing susceptible user profiling.…”

Section: ) User Studiesmentioning

confidence: 99%

Social Engineering Attacks Prevention: A Systematic Literature Review

et al. 2022

View full text Add to dashboard Cite

Social engineering is an attack on information security for accessing systems or networks. Social engineering attacks occur when victims do not recognize methods, models, and frameworks to prevent them. The current research explains user studies, constructs, evaluation, concepts, frameworks, models, and methods to prevent social engineering attacks. Unfortunately, there is no specific previous research on preventing social engineering attacks that effectively and systematically analyze it. Current prevention methods, models, and frameworks of social engineering attacks include health campaigns, human as security sensor frameworks, user-centric frameworks, and user vulnerability models. The human as a security sensor framework needs guidance that will explore cybersecurity as super-recognizers, likely policing act for a secure system. This paper intends to critically and rigorously review prior literature on the prevention methods, models, and frameworks of social engineering attacks. We conducted a systematic literature review based on Bryman & Bell's literature review method. We found a new approach in addition to methods, frameworks, models and evaluations to prevent social engineering attacks based on our review, which is using a protocol. We found the protocol to effectively prevent social engineering attacks, such as health campaigns, the vulnerability of social engineering victims, and co-utile protocol, which can manage information sharing on a social network. We present this systematic literature review to recommend ways to prevent social engineering attacks.INDEX TERMS Social engineering attacks prevention, systematic literature review.

show abstract

“…Phishing is a form of cyberattack that aims at obtaining the victim's sensitive information and credentials (such as social security number and bank details) or execute malicious code by deceiving the user to perform specific actions such as clicking on the embedded links, downloading, or executing the attached files. Spear-phishing and whaling [1] are dangerous because they target a specific group of people and can result in a higher phishing success rate [2,3]. The most common form of phishing is to imitate a legitimate email's visual presentation and content to make users believe that it comes from a trusted source, thus deceiving the target into performing actions that attackers desire (usually clicking an embedded link) [4].…”

Section: Introductionmentioning

confidence: 99%

SoK: Human-Centered Phishing Susceptibility

Zhuo¹,

Biddle²,

Koh³

et al. 2022

Preprint

View full text Add to dashboard Cite

Phishing is recognised as a serious threat to organisations and individuals. While there have been significant technical advances in blocking phishing attacks, people remain the last line of defence after phishing emails reach their email client. Most of the existing literature on this subject has focused on the technical aspects related to phishing. However, the factors that cause humans to be susceptible to phishing attacks are still not well-understood. To fill this gap, we reviewed the available literature and we propose a three-stage Phishing Susceptibility Model (PSM) for explaining how humans are involved in phishing detection and prevention, and we systematically investigate the phishing susceptibility variables studied in the literature and taxonomize them using our model. This model reveals several research gaps that need to be addressed to improve users' detection performance. We also propose a practical impact assessment of the value of studying the phishing susceptibility variables, and quality of evidence criteria. These can serve as guidelines for future research to improve experiment design, result quality, and increase the reliability and generalizability of findings.

show abstract

Don’t Forget the Human: a Crowdsourced Approach to Automate Response and Containment Against Spear Phishing Attacks

Cited by 15 publications

References 19 publications

Phishing in Organizations: Findings from a Large-Scale and Long-Term Study

Phishing in Organizations: Findings from a Large-Scale and Long-Term Study

Social Engineering Attacks Prevention: A Systematic Literature Review

SoK: Human-Centered Phishing Susceptibility

Contact Info

Product

Resources

About