“It may take ages”: Understanding Human-Centred Lateral Phishing Attack Detection in Organisations

Abstract: Lateral phishing attacks can be devastating for users and organisational IT teams as these originate from legitimate, but compromised, email accounts that benefit from the implicit trust between sender and recipients. In this paper, we begin to explore the human-centred space of lateral phishing attacks through interviews with 5 security practitioners and 17 employees from the UK and India. We report how security practitioners predominantly rely on employees to alert them to compromised accounts, and how this … Show more