A Toolkit for Security Awareness Training Against Targeted Phishing

Simone Pirocca, Luca Allodi, Nicola Zannone

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

Samenvatting

The attack landscape is evolving, and attackers are employing new techniques to launch increasingly targeted and sophisticated social engineering attacks that exploit human vulnerabilities. Many organizations provide their employees with security awareness training to counter and mitigate such threats. However, recent studies have shown that current embedded phishing training programs and tools are often ineffective or incapable of addressing modern, tailored social engineering attacks. This paper presents a toolkit for the deployment of sophisticated, tailored phishing campaigns at scale (e.g., to deploy specific training within an organization). We enable the use of highly customizable phishing email templates that can be instantiated with a large range of information about the specific target and a semi-automated process for the selection of the phishing domain name. We demonstrate our tool by showing how tailored phishing campaigns proposed in previous studies can be enhanced to increase the credibility of the phishing email, effectively addressing the very limitations identified in those studies.

Originele taal-2Engels
TitelInformation Systems Security - 16th International Conference, ICISS 2020, Proceedings
RedacteurenSalil Kanhere, Vishwas T Patil, Shamik Sural, Manoj S Gaur
UitgeverijSpringer Science and Business Media Deutschland GmbH
Pagina's137-159
Aantal pagina's23
ISBN van geprinte versie9783030656096
DOI's
StatusGepubliceerd - 2020
Evenement16th International Conference on Information Systems Security, ICISS 2020 - Jammu, India
Duur: 16 dec 202020 dec 2020

Publicatie series

NaamLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12553 LNCS
ISSN van geprinte versie0302-9743
ISSN van elektronische versie1611-3349

Congres

Congres16th International Conference on Information Systems Security, ICISS 2020
LandIndia
StadJammu
Periode16/12/2020/12/20

Vingerafdruk Duik in de onderzoeksthema's van 'A Toolkit for Security Awareness Training Against Targeted Phishing'. Samen vormen ze een unieke vingerafdruk.

Citeer dit