Testing the effectiveness of tailored phishing techniques in industry and academia: a field experiment

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

3 Citations (Scopus)

Abstract

Organizations are experiencing more and more sophisticated attacks specifically targeting their employees and customers. These attacks exploit tailored information on the victim or organization to increase their credibility. To date, no study has evaluated the role of 'traditional' phishing cognitive effects in these advanced settings. In this paper, we run a field experiment targeting 747 subjects employed in two organizations (a university and a large international consultancy company) to evaluate the interaction between phishing persuasion techniques and the success rate in a highly-tailored setting. For this purpose, we exploit well-established user notification methods to devise enhanced attack delivery techniques, and evaluate how such techniques affect success rate of our phishing campaigns. We find that the effect of 'traditional' attack techniques is widely mitigated in highly-tailored phishing settings, suggesting that current user training and detection techniques may be off-target for more sophisticated attacks. However, we find that the means by which the attack is delivered to the victim matter, and can greatly (up to three times) boost the effect of the base attack.
Original languageEnglish
Title of host publicationARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450388337
DOIs
Publication statusPublished - 25 Aug 2020

Publication series

NameACM International Conference Proceeding Series

Keywords

  • Field experiment
  • Persuasion techniques
  • Tailored phishing

Fingerprint

Dive into the research topics of 'Testing the effectiveness of tailored phishing techniques in industry and academia: a field experiment'. Together they form a unique fingerprint.

Cite this