Testing the effectiveness of tailored phishing techniques in industry and academia: a field experiment

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

3 Citaten (Scopus)

Samenvatting

Organizations are experiencing more and more sophisticated attacks specifically targeting their employees and customers. These attacks exploit tailored information on the victim or organization to increase their credibility. To date, no study has evaluated the role of 'traditional' phishing cognitive effects in these advanced settings. In this paper, we run a field experiment targeting 747 subjects employed in two organizations (a university and a large international consultancy company) to evaluate the interaction between phishing persuasion techniques and the success rate in a highly-tailored setting. For this purpose, we exploit well-established user notification methods to devise enhanced attack delivery techniques, and evaluate how such techniques affect success rate of our phishing campaigns. We find that the effect of 'traditional' attack techniques is widely mitigated in highly-tailored phishing settings, suggesting that current user training and detection techniques may be off-target for more sophisticated attacks. However, we find that the means by which the attack is delivered to the victim matter, and can greatly (up to three times) boost the effect of the base attack.
Originele taal-2Engels
TitelARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security
UitgeverijAssociation for Computing Machinery, Inc
ISBN van elektronische versie9781450388337
DOI's
StatusGepubliceerd - 25 aug 2020

Publicatie series

NaamACM International Conference Proceeding Series

Vingerafdruk

Duik in de onderzoeksthema's van 'Testing the effectiveness of tailored phishing techniques in industry and academia: a field experiment'. Samen vormen ze een unieke vingerafdruk.

Citeer dit