Cognitive triaging of phishing attacks

Amber van der Heijden, Luca Allodi

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademic

37 Citations (Scopus)
119 Downloads (Pure)


In this paper we employ quantitative measurements of cognitive vulnerability triggers in phishing emails to predict the degree of success of an attack. To achieve this we rely on the cognitive psychology literature and develop an automated and fully quantitative method based on machine learning and econometrics to construct a triaging mechanism built around the cognitive features of a phishing email; we showcase our approach relying on data from the anti-phishing division of a large financial organization in Europe. Our evaluation shows empirically that an effective triaging mechanism for phishing success can be put in place by response teams to effectively prioritize remediation efforts (e.g. domain takedowns), by first acting on those attacks that are more likely to collect high response rates from potential victims.
Original languageEnglish
Title of host publicationProceedings of the 28th USENIX Security Symposium
PublisherUsenix Association
Number of pages18
ISBN (Electronic)9781939133069
Publication statusPublished - 6 May 2019
Event28th Usenix Security Symposium 2019 - Santa Clara, United States
Duration: 14 Aug 201916 Aug 2019


Conference28th Usenix Security Symposium 2019
Country/TerritoryUnited States
CitySanta Clara
Internet address


  • phishing


Dive into the research topics of 'Cognitive triaging of phishing attacks'. Together they form a unique fingerprint.

Cite this