Spear phishing in organisations explained

Bullee, Jan-Willem; Montoya, Lorena; Junger, Marianne; Hartel, Pieter H.

doi:10.1108/ics-03-2017-0009

Cited by 41 publications

(23 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A phishing email, for example, is unlikely to be effective if the message violates norms of the target's culture. We also consider the more specific case of organizational culture in the workplace because it is highly relevant to employee behavior as it applies to cyber security (Bullee et al, 2017 ). As with all of the other short-and long-term variables that we consider, culture is assumed to interact with the other variables, with particularly large interactions with age, gender, and perhaps personality.…”

Section: Overview Of Human Cognitionmentioning

confidence: 99%

“…Rocha Flores et al ( 2014 ) finds that there is no significant correlation between phishing resiliency and gender. Bullee et al ( 2017 ) finds that gender does not contribute to phishing message responses. Abbasi et al ( 2016 ) finds (i) women with a high self-efficacy have a low susceptibility to social engineering cyberattacks, and that women without awareness of the social engineering cyberattack threat have a high susceptibility to these attacks; and (ii) men with previous costly experiences with phishing attacks have a low susceptibility to these attacks, while overconfidence increases the susceptibility to these attacks.…”

Section: Victim Cognition Through the Lens Of Social Engineering Cmentioning

confidence: 99%

“…Purkait et al ( 2014 ) find that the detection of phishing messages decreases with the age and frequency of online transactions. Bullee et al ( 2017 ) find that age has no effect on spear-phishing responses and that Years of Service (YoS) is a better indicator of victimization (i.e., a greater YoS means less likely susceptible to social engineering cyberattacks). Gavett et al ( 2017 ) examine the effect of age on phishing susceptibility and showed that processing speed and planning executive functions affect phishing suspicion, hinting a relationship between phishing susceptibility and cognitive degradation from aging.…”

Section: Victim Cognition Through the Lens Of Social Engineering Cmentioning

confidence: 99%

See 2 more Smart Citations

Human Cognition Through the Lens of Social Engineering Cyberattacks

Montañez

Golob

2020

Front. Psychol.

View full text Add to dashboard Cite

Social engineering cyberattacks are a major threat because they often prelude sophisticated and devastating cyberattacks. Social engineering cyberattacks are a kind of psychological attack that exploits weaknesses in human cognitive functions. Adequate defense against social engineering cyberattacks requires a deeper understanding of what aspects of human cognition are exploited by these cyberattacks, why humans are susceptible to these cyberattacks, and how we can minimize or at least mitigate their damage. These questions have received some amount of attention, but the state-of-the-art understanding is superficial and scattered in the literature. In this paper, we review human cognition through the lens of social engineering cyberattacks. Then, we propose an extended framework of human cognitive functions to accommodate social engineering cyberattacks. We cast existing studies on various aspects of social engineering cyberattacks into the extended framework, while drawing a number of insights that represent the current understanding and shed light on future research directions. The extended framework might inspire future research endeavor toward a new sub-field that can be called Cybersecurity Cognitive Psychology , which tailors or adapts principles of Cognitive Psychology to the cybersecurity domain while embracing new notions and concepts that are unique to the cybersecurity domain.

show abstract

Section: Overview Of Human Cognitionmentioning

confidence: 99%

Section: Victim Cognition Through the Lens Of Social Engineering Cmentioning

confidence: 99%

Section: Victim Cognition Through the Lens Of Social Engineering Cmentioning

confidence: 99%

See 1 more Smart Citation

Human Cognition Through the Lens of Social Engineering Cyberattacks

Montañez

Golob

2020

Front. Psychol.

View full text Add to dashboard Cite

show abstract

“…The taxonomy comprised three main entities that have been argued to form every social engineering attack, the operator of the attack, the type of the attack, and the attack channel. The attack can be originated by either a person which reflected a limited number of victims such as spear phishing [6] or by a malicious software which usually targeted a considerable huge number of users such as the cross-site scripting attack in SN [7].…”

Section: Literature Reviewmentioning

confidence: 99%

A Semi-automated Security Advisory System to Resist Cyber-Attack in Social Networks

Albladi

Weir

2018

Computational Collective Intelligence

View full text Add to dashboard Cite

Social networking sites often witness various types of social engineering (SE) attacks. Yet, limited research has addressed the most severe types of social engineering in social networks (SNs). The present study investigates the extent to which people respond differently to different types of attack in a social network context and how we can segment users based on their vulnerability. In turn, this leads to the prospect of a personalised security advisory system. 316 participants have completed an online-questionnaire that includes a scenario-based experiment. The study result reveals that people respond to cyber-attacks differently based on their demographics. Furthermore, people's competence, social network experience, and their limited connections with strangers in social networks can decrease their likelihood of falling victim to some types of attacks more than others.

show abstract

“…Previous studies have only focused on users of similar or certain demographics: permanently residing in developed countries, certain age, certain socio-economic status etc., Refs. [11], [18], [19], [20]. Joinson et al posit that, in order to properly protect cybersecurity, it is important to integrate culture, behaviour and the design of security tools and policies [21].…”

Section: Introductionmentioning

confidence: 99%

A Demographic Perspective of Smartphone Security and Its Redesigned Notifications

Ndibwile

Luhanga

Fall

et al. 2019

Journal of Information Processing

View full text Add to dashboard Cite

Billions of smartphones, globally, are running out-of-date Operating Systems (OS) which make them vulnerable to cyberattacks. Behaviours of users in updating their OS vary between different geographic locations considering various demographic factors. For instance, developing countries have a very different stance compared to developed ones on how their users perceive device updates. To assert our claim, we first investigated security behaviours among different demographics in Japan and Tanzania. The results indicate that demographic factors such as culture, income, and geographic location highly impact behaviours of participants on OS updating. However, education and awareness do not seem to have significant impact on security behaviours. Consequently, insecure behaviours were equally exhibited among most participants regardless of their education levels or awareness. We also found that most participants do not update their application software on their smartphones despite being aware. Moreover, in the developing country settings, most participants tend to avoid certain security advice because they necessitate incurring data charges that take up a high percentage of their incomes. Then, we surveyed and evaluated the participants' preferences for different re-designed security notifications for improving update compliance. Finally, we propose color-coded fear-appeal designs for persuading users into updating their devices' application software.

show abstract

Spear phishing in organisations explained

Cited by 41 publications

References 57 publications

Human Cognition Through the Lens of Social Engineering Cyberattacks

Human Cognition Through the Lens of Social Engineering Cyberattacks

A Semi-automated Security Advisory System to Resist Cyber-Attack in Social Networks

A Demographic Perspective of Smartphone Security and Its Redesigned Notifications

Contact Info

Product

Resources

About