A Toolkit for Security Awareness Training Against Targeted Phishing

Simone Pirocca, Luca Allodi, Nicola Zannone

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

1 Citation (Scopus)

Abstract

The attack landscape is evolving, and attackers are employing new techniques to launch increasingly targeted and sophisticated social engineering attacks that exploit human vulnerabilities. Many organizations provide their employees with security awareness training to counter and mitigate such threats. However, recent studies have shown that current embedded phishing training programs and tools are often ineffective or incapable of addressing modern, tailored social engineering attacks. This paper presents a toolkit for the deployment of sophisticated, tailored phishing campaigns at scale (e.g., to deploy specific training within an organization). We enable the use of highly customizable phishing email templates that can be instantiated with a large range of information about the specific target and a semi-automated process for the selection of the phishing domain name. We demonstrate our tool by showing how tailored phishing campaigns proposed in previous studies can be enhanced to increase the credibility of the phishing email, effectively addressing the very limitations identified in those studies.

Original languageEnglish
Title of host publicationInformation Systems Security - 16th International Conference, ICISS 2020, Proceedings
EditorsSalil Kanhere, Vishwas T Patil, Shamik Sural, Manoj S Gaur
PublisherSpringer
Pages137-159
Number of pages23
ISBN (Print)9783030656096
DOIs
Publication statusPublished - 2020
Event16th International Conference on Information Systems Security, ICISS 2020 - Jammu, India
Duration: 16 Dec 202020 Dec 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12553 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference16th International Conference on Information Systems Security, ICISS 2020
Country/TerritoryIndia
CityJammu
Period16/12/2020/12/20

Fingerprint

Dive into the research topics of 'A Toolkit for Security Awareness Training Against Targeted Phishing'. Together they form a unique fingerprint.

Cite this