Going Spear Phishing: Exploring Embedded Training and Awareness

Caputo, Deanna D.; Pfleeger, Shari Lawrence; Freeman, Jesse D.; Johnson, M. Eric

doi:10.1109/msp.2013.106

Cited by 191 publications

(147 citation statements)

References 4 publications

Supporting

Mentioning

129

Contrasting

Order By: Relevance

“…There are only a few studies in the literature using embedded, simulated phishing in the user's normal computing environment during their normal work day: [4], [8], [16], and [17]. These studies were set in the real world using operationally-situated study settings, but were focused on investigating training materials and click rates, not on participant click-decision factors.…”

Section: A Background Researchmentioning

confidence: 99%

“…These studies were set in the real world using operationally-situated study settings, but were focused on investigating training materials and click rates, not on participant click-decision factors. The studies described in [4] and [16] primarily looked at the efficacy of embedded awareness training. Those reported in [8] and [17] focused on the startling number of users who clicked in their respective operational environments.…”

Section: A Background Researchmentioning

confidence: 99%

“…The workplace-situated study reported in [4] is the most similar study to our work of those cited, although the focus of that study was to examine the effect of training materials on click decisions rather than other factors surrounding these decisions. Caputo et al describe three phishing training exercises over the course of eight months.…”

Section: A Background Researchmentioning

confidence: 99%

See 2 more Smart Citations

User Context: An Explanatory Variable in Phishing Susceptibility

Greene¹,

Steves²,

Theofanos³

et al. 2018

Proceedings 2018 Workshop on Usable Security

View full text Add to dashboard Cite

Abstract-Extensive research has been performed to examine the effectiveness of phishing defenses, but much of this research was performed in laboratory settings. In contrast, this work presents 4.5 years of workplace-situated, embedded phishing email training exercise data, focusing on the last three phishing exercises with participant feedback. The sample was an operating unit consisting of approximately 70 staff members within a U.S. government research institution. A multiple methods assessment approach revealed that the individual's work context is the lens through which email cues are interpreted. Not only do clickers and non-clickers attend to different cues, they interpret the same cues differently depending on the alignment of the user's work context and the premise of the phishing email. Clickers were concerned over consequences arising from not clicking, such as failing to be responsive. In contrast, non-clickers were concerned with consequences from clicking, such as downloading malware. This finding firmly identifies the alignment of user context and the phishing attack premise as a significant explanatory factor in phishing susceptibility. We present additional findings that have actionable operational security implications. The long-term, embedded and ecologically valid conditions surrounding these phishing exercises provided the crucial elements necessary for these findings to surface and be confirmed.

show abstract

Section: A Background Researchmentioning

confidence: 99%

Section: A Background Researchmentioning

confidence: 99%

Section: A Background Researchmentioning

confidence: 99%

See 1 more Smart Citation

User Context: An Explanatory Variable in Phishing Susceptibility

Greene¹,

Steves²,

Theofanos³

et al. 2018

Proceedings 2018 Workshop on Usable Security

View full text Add to dashboard Cite

show abstract

“…This work focuses on context aware attacks and introduces a strategy for educating users by combining phishing IQ tests and class discussions. However not all potential victims have the advantage of formal classroom training and simply presenting the information in an email or a webpage is of limited effectiveness [14] To explore the effectiveness of embedded training, researchers conducted a large-scale experiment that tracked workers' reactions to a series of carefully crafted spear phishing emails and a variety of immediate training and awareness activities [15]. Based on behavioral science findings, the experiment included four different training conditions, each of which used a different type of message framing.…”

Section: Human Detectionmentioning

confidence: 99%

Phishing Attacks and Defenses

Chaudhry¹,

Chaudhry²,

Rittenhouse³

2016

IJSIA

View full text Add to dashboard Cite

show abstract

“…All the related works [6][7][8][9][10][11][12][13][14] show the effect of phishing and the need to counterattack this security threat. In fact, detecting phishing websites through visual similarity works well in general.…”

Section: Related Workmentioning

confidence: 99%

A mobile sensing method to counteract social media website impersonation

ElMassry

Almogren

2016

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

Phishing is a serious threat to online users, especially since attackers have tremendously improved their techniques in impersonating important websites. With websites looking visually the same, users are fooled more easily. Visual similarity algorithms may help to detect and counteract some phished websites. Through similarity algorithms, the phishers play with the colors and visual properties of the website in a way that cannot be noticed by the users. However, the phishers make the unnoticed changes to fool the similarity algorithms as well. In this article, we propose an efficient phishing website detection algorithm using three-step checking. The performance results are compared to the state-of-the-art approaches that show new kinds of phishing warnings with better outcomes and less false positives. Our approach provides similar accuracy to the blacklisting methods with the advantage that it can easily classify the phishing websites with less overhead and without being victimized.

show abstract

Going Spear Phishing: Exploring Embedded Training and Awareness

Cited by 191 publications

References 4 publications

User Context: An Explanatory Variable in Phishing Susceptibility

User Context: An Explanatory Variable in Phishing Susceptibility

Phishing Attacks and Defenses

A mobile sensing method to counteract social media website impersonation

Contact Info

Product

Resources

About