Cited By
View all- Althobaiti KAlsufyani N(2024)A review of organization-oriented phishing researchPeerJ Computer Science10.7717/peerj-cs.248710(e2487)Online publication date: 27-Nov-2024
“It may take ages”: Understanding Human-Centred Lateral Phishing Attack Detection in Organisations
Pages 344 - 355
Abstract
Lateral phishing attacks can be devastating for users and organisational IT teams as these originate from legitimate, but compromised, email accounts that benefit from the implicit trust between sender and recipients. In this paper, we begin to explore the human-centred space of lateral phishing attacks through interviews with 5 security practitioners and 17 employees from the UK and India. We report how security practitioners predominantly rely on employees to alert them to compromised accounts, and how this can create a delay during which the attack can continue. Our interviews with employees, on the other hand, found that individuals may not be reliable; they struggled to detect slight changes to messages, and over-relied on markers that cannot identify lateral attacks. We discuss the symbiotic relationship between security practitioners and employees for combatting lateral phishing attacks within organisations, and present recommendations for improving resistance to these attacks.
Supplemental Material
DOCX File
The Appendices file include the 10 appendices. It includes tables and images.
- Download
- 656.64 KB
References
[1]
A. J. Burns, M. E. Johnson, and D. D. Caputo, ‘Spear phishing in a barrel: Insights from a targeted phishing campaign’, Journal of Organizational Computing and Electronic Commerce, vol. 29, no. 1, pp. 24–39, Jan. 2019.
[2]
R. Miller and E. Y. A. Charles, A psychological based analysis of marketing email subject lines; A psychological based analysis of marketing email subject lines. 2016.
[3]
L. Allodi, T. Chotza, E. Panina, and N. Zannone, ‘The Need for New Antiphishing Measures against Spear-Phishing Attacks’, IEEE Secur Priv, vol. 18, no. 2, pp. 23–34, Mar. 2020.
[4]
J. Steer, ‘Defending against spear-phishing’, Computer Fraud & Security, vol. 2017, no. 8, pp. 18–20, Aug. 2017.
[5]
M. Pattinson, C. Jerram, K. Parsons, M. Butavicius, A. Mccormac, and D. Calic, ‘Do Users Focus on the Correct Cues to Differentiate Between Phishing and Genuine Emails?’, in Knowledge Management & Information Systems View project Methodology View project Australasian Conference on Information Systems, 2016. [Online]. Available: https://www.researchgate.net/publication/303283612
[6]
A. Cidon, ‘Threat Spotlight: Office 365 Account Takeover — the New “Insider Threat” - Journey Notes’, Barracuda, Aug. 30, 2017. https://blog.barracuda.com/2017/08/30/threat-spotlight-office-365-account-compromise-the-new-insider-threat/ (accessed Dec. 18, 2021).
[7]
G. Ho, ‘Detecting and Characterizing Lateral Phishing at Scale’, in 28th USENIX Security Symposium, 2019. Accessed: Dec. 14, 2021. [Online]. Available: https://www.usenix.org/conference/usenixsecurity19/presentation/ho
[8]
S. le Blond, C. Gilbert, U. Upadhyay, M. Gomez Rodriguez, and D. Choffnes, ‘A Broad View of the Ecosystem of Socially Engineered Exploit Documents’, 2017.
[9]
W. R. Marczak, J. Scott-Railton, M. Marquis-Boire, and V. Paxson, ‘When Governments Hack Opponents: A Look at Actors and Technology’, p. 511, 2014, Accessed: Dec. 18, 2021. [Online]. Available: www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/marczak
[10]
Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, ‘Phishing Attacks: A Recent Comprehensive Study and a New Anatomy’, Front Comput Sci, vol. 3, Mar. 2021.
[11]
S. Das, B. Wang, Z. Tingle, and L. J. Camp, ‘Evaluating User Perception of Multi-Factor Authentication A Systematic Review’, Researchgate, vol. August, 2019, Accessed: Feb. 16, 2023. [Online]. Available: https://www.researchgate.net/publication/335233025_Evaluating_User_Perception_of_Multi-Factor_Authentication_A_Systematic_Review
[12]
M. Butavicius, K. Parsons, M. Pattinson, and A. Mccormac, ‘Australasian Conference on Information Systems Breaching the Human Firewall: Social engineering in Phishing and Spear-Phishing Emails’, in Australasian Conference on Information Systems, May 2016.
[13]
I. Vayansky and S. Kumar, ‘Phishing – challenges and solutions’, Computer Fraud and Security, vol. 2018, no. 1, pp. 15–20, Jan. 2018.
[14]
T. Caldwell, ‘Spear-phishing: How to spot and mitigate the menace’, Computer Fraud and Security, vol. 2013, no. 1, pp. 11–16, Jan. 2013.
[15]
Z. Benenson, F. Gassmann, and R. Landwirth, ‘Unpacking Spear Phishing Susceptibility’, 2017.
[16]
‘Cost of a Data Breach Report 2022 | IBM’. https://www.ibm.com/security/data-breach (accessed Sep. 11, 2022).
[17]
R. Steve, ‘Office 365 Phishing attacks create a sustained insider nightmare for IT | CSO Online’, CSO UK, Sep. 20, 2017. https://www.csoonline.com/article/3225469/office-365-phishing-attacks-create-a-sustained-insider-nightmare-for-it.html (accessed Dec. 18, 2021).
[18]
E. Bursztein, ‘Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild’, ACM, 2014.
[19]
J. Onaolapo, E. Mariconti, and G. Stringhini, ‘What Happens After You Are Pwnd’, in Proceedings of the 2016 Internet Measurement Conference, New York, NY, USA: ACM, Nov. 2016, pp. 65–79.
[20]
G. Stringhini and O. Thonnard, ‘That Ain't You: Blocking Spearphishing Through Behavioral Modelling’, 2015, pp. 78–97.
[21]
A. Bhadane and S. B. Mane, ‘Detecting lateral spear phishing attacks in organisations’, IET Inf Secur, vol. 13, no. 2, pp. 133–140, Mar. 2019.
[22]
N. Saud Al-Musib, F. Mohammad Al-Serhani, M. Humayun, and N. Z. Jhanjhi, ‘Business email compromise (BEC) attacks’, Mater Today Proc, Apr. 2021.
[23]
D. D. Caputo, S. Lawrence Pfl eeger, J. D. Freeman, and M. M. Eric Johnson, ‘Going Spear Phishing: Exploring Embedded Training and Awareness’, IEEE Secur Priv, vol. 12, no. 1, pp. 28–38, 2013.
[24]
T. Stojnic, D. Vatsalan, and N. A. G. Arachchilage, ‘Phishing email strategies: Understanding cybercriminals’ strategies of crafting phishing emails’, 2021.
[25]
L. Yang, S. T. Dumais, P. N. Bennett, and A. H. Awadallah, ‘Characterizing and predicting enterprise email reply behavior’, in SIGIR 2017 - Proceedings of the 40th International ACM SIGIR Conference on Research and Development in Information Retrieval, Association for Computing Machinery, Inc, Aug. 2017, pp. 235–244.
[26]
A. Almomani, B. B. Gupta, S. Atawneh, A. Meulenberg, and E. Almomani, ‘A survey of phishing email filtering techniques’, IEEE Communications Surveys and Tutorials, vol. 15, no. 4, pp. 2070–2090, 2013.
[27]
G. Ho, A. Sharma, M. Javed, V. Paxson, and D. Wagner, ‘Detecting Credential Spearphishing Attacks in Enterprise Settings’, in 26th USENIX Security Symposium, 2017. Accessed: Dec. 18, 2021. [Online]. Available: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/ho
[28]
J. Mao, ‘Phishing page detection via learning classifiers from page layout feature’, EURASIP J Wirel Commun Netw, vol. 2019, no. 1, pp. 1–14, Dec. 2019.
[29]
S. Afroz and R. Greenstadt, ‘PhishZoo: Detecting phishing websites by looking at them’, Proceedings - 5th IEEE International Conference on Semantic Computing, ICSC 2011, pp. 368–375, 2011.
[30]
M. Alsharif, S. Mishra, and M. AlShehri, ‘Impact of Human Vulnerabilities on Cybersecurity’, Computer Systems Science and Engineering, vol. 40, no. 3, pp. 1153–1166, Sep. 2021.
[31]
R. M. Mohammad, F. Thabtah, and L. McCluskey, ‘Predicting phishing websites based on self-structuring neural network’, Neural Comput Appl, vol. 25, no. 2, pp. 443–458, Aug. 2014.
[32]
N. Saxena, E. Hayes, E. Bertino, P. Ojo, K. K. R. Choo, and P. Burnap, ‘Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses’, Electronics 2020, Vol. 9, Page 1460, vol. 9, no. 9, p. 1460, Sep. 2020.
[33]
R. Taib, K. Yu, S. Berkovsky, M. Wiggins, and P. Bayl-Smith, ‘Social Engineering and Organisational Dependencies in Phishing Attacks’, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11746 LNCS, pp. 564–584, 2019.
[34]
D. Jampen, G. Gür, T. Sutter, and B. Tellenbach, ‘Don't click: towards an effective anti-phishing training. A comparative literature review’, Human-centric Computing and Information Sciences, vol. 10, no. 1, pp. 1–41, Dec. 2020.
[35]
R. A. Alsowail and T. Al-Shehari, ‘Techniques and countermeasures for preventing insider threats’, PeerJ Comput Sci, vol. 8, 2022.
[36]
A. Ergen, A. N. Ünal, and M. S. Saygili, ‘Is It Possible to Change the Cyber Security Behaviours of Employees? Barriers and Promoters’, Academic Journal of Interdisciplinary Studies, vol. 10, no. 4, pp. 210–210, Jul. 2021.
[37]
H. Aldawood and G. Skinner, ‘Analysis and Findings of Social Engineering Industry Experts Explorative Interviews: Perspectives on Measures, Tools, and Solutions’, IEEE Access, vol. 8, pp. 67321–67329, 2020.
[38]
I. H. Sarker, M. H. Furhad, and R. Nowrozy, ‘AI-Driven Cybersecurity: An Overview, Security Intelligence Modeling and Research Directions’, SN Comput Sci, vol. 2, no. 3, pp. 1–18, May 2021.
[39]
K. Rantos, A. Spyros, A. Papanikolaou, A. Kritsas, C. Ilioudis, and V. Katos, ‘Interoperability Challenges in the Cybersecurity Information Sharing Ecosystem’, Computers 2020, Vol. 9, Page 18, vol. 9, no. 1, p. 18, Mar. 2020.
[40]
S. ; Kara, S. & Hizal, and A. Zengin, ‘DESIGN AND IMPLEMENTATION OF A DEVS-BASED CYBER-ATTACK SIMULATOR FOR CYBER SECURITY’, Int j simul model, vol. 21, pp. 53–64, 2022.
[41]
B. Alothman, A. Alhajraf, R. Alajmi, R. Al Farraj, N. Alshareef, and M. Khan, ‘Developing a Cyber Incident Exercises Model to Educate Security Teams’, Electronics 2022, Vol. 11, Page 1575, vol. 11, no. 10, p. 1575, May 2022.
[42]
M. Zhao, B. An, and C. Kiekintveld, ‘Optimizing Personalized Email Filtering Thresholds to Mitigate Sequential Spear Phishing Attacks’. [Online]. Available: www.aaai.org
[43]
‘US charges three men with six million dollar business email compromise plot | Tripwire’. https://www.tripwire.com/state-of-security/us-charges-three-men-six-million-dollar-business-email-compromise-plot (accessed Jun. 08, 2023).
[44]
‘Belgian bank Crelan loses €70 million to BEC scammers - Help Net Security’. https://www.helpnetsecurity.com/2016/01/26/belgian-bank-crelan-loses-e70-million-to-bec-scammers/ (accessed Jun. 09, 2023).
[45]
M. J. Haber and D. Rolls, ‘A Nuance on Lateral Movement’, Identity Attack Vectors, pp. 7–10, 2020.
[46]
T. Muralidharan and N. Nissim, ‘Improving malicious email detection through novel designated deep-learning architectures utilizing entire email’, Neural Networks, vol. 157, pp. 257–279, Jan. 2023.
[47]
F. Jáñez-Martino, R. Alaiz-Rodríguez, V. González-Castro, E. Fidalgo, and E. Alegre, ‘A review of spam email detection: analysis of spammer strategies and the dataset shift problem’, Artificial Intelligence Review 2022 56:2, vol. 56, no. 2, pp. 1145–1173, May 2022.
[48]
[48] A. Oest, ‘Sunrise to Sunset: Analyzing the End-to-end Life Cycle and EEectiveness of Phishing Attacks at Scale’.
[49]
K. Althobaiti, A. D. G. Jenkins, and K. Vaniea, ‘A Case Study of Phishing Incident Response in an Educational Organization’, Proc ACM Hum Comput Interact, vol. 5, no. CSCW2, p. 32, Oct. 2021.
[50]
A. C. Tally, J. Abbott, A. Bochner, S. Das, and C. Nippert-Eng, ‘What Mid-Career Professionals Think, Know, and Feel About Phishing: Opportunities for University IT Departments to Better Empower Employees in Their Anti-Phishing Decisions’, Proc ACM Hum Comput Interact, vol. 7, no. CSCW1, p. 27, Apr. 2023.
[51]
Y. Kwak, S. Lee, A. Damiano, and A. Vishwanath, ‘Why do users not report spear phishing emails?’, 2020.
[52]
A. Jenkins, N. Kökciyan, and K. Vaniea, ‘PhishED: Automated contextual feedback for reported Phishing’.
[53]
J.-W. H. Bullée, L. Montoya, W. Pieters, M. Junger, and P. Hartel, ‘On the anatomy of social engineering attacks-A literature-based dissection of successful attacks’, Journal of Investigative Psychology and Offender Profiling, vol. 15, no. 1, pp. 20–45, Jan. 2018.
[54]
A. E. Agazzi, ‘Business Email Compromise (BEC) and Cyberpsychology’, Jul. 2020, [Online]. Available: https://www.researchgate.net/publication/342783234
[55]
‘Inside email impersonation: the danger of display names’, Tessian, 2019. https://www.tessian.com/blog/how-to-impersonate-display-name/ (accessed Jul. 12, 2021).
[56]
J. W. Bullee, L. Montoya, M. Junger, and P. Hartel, ‘Spear phishing in organisations explained’, Information and Computer Security, vol. 25, no. 5, pp. 593–613, 2017.
[57]
‘Country Comparison - Hofstede Insights’. https://www.hofstede-insights.com/country-comparison/the-uk/ (accessed Sep. 13, 2022).
[58]
‘India - Hofstede Insights’. https://www.hofstede-insights.com/country/india/ (accessed Sep. 13, 2022).
[59]
Y. Li, E. H. R. Rho, and A. Kobsa, ‘Cultural differences in the effects of contextual factors and privacy concerns on users’ privacy decision on social networking sites’, https://doi.org/10.1080/0144929X.2020.1831608, vol. 41, no. 3, pp. 655–677, 2020.
[60]
J. M. Alcántara-Pilar, S. Del Barrio-García, L. Porcu, and E. Crespo-Almendros, ‘Language as a cultural vessel in online servicescapes: Its impact on consumers’ perceived risk, attitudes, and behavioural intentions’, Journal of Consumer Behaviour, vol. 16, no. 6, pp. e61–e75, Nov. 2017.
[61]
T. Lin, ‘Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and Email Content’, ACM Transactions on Computer-Human Interaction, vol. 26, no. 5, p. 32, 2019.
[62]
P. Lawson, C. J. Pearson, A. Crowson, and C. B. Mayhorn, ‘Email phishing and signal detection: How persuasion principles and personality influence response patterns and accuracy’, Appl Ergon, vol. 86, p. 103084, Jul. 2020.
[63]
‘Recent Phishing Examples | Library & Technology Services’. https://lts.lehigh.edu/phishing/examples (accessed Sep. 11, 2022).
[64]
‘Phishing Examples Archive | Information Security Office’. https://security.berkeley.edu/education-awareness/phishing/phishing-examples-archive (accessed Sep. 11, 2022).
[65]
‘Annual State of Phishing Report - Cofense’, 2021, Accessed: Feb. 16, 2023. [Online]. Available: https://cofense.com/annualreport/
[66]
M. E. Fonteyn, B. Kuipers, and S. J. Grobe, ‘A Description of Think Aloud Method and Protocol Analysis’, Qual Health Res, vol. 3, no. 4, pp. 430–441, 1993.
[67]
V. Braun and V. Clarke, ‘Thematic analysis.’, in APA handbook of research methods in psychology, Vol 2: Research designs: Quantitative, qualitative, neuropsychological, and biological., Washington: American Psychological Association, 2012.
[68]
D. Byrne, ‘A worked example of Braun and Clarke's approach to reflexive thematic analysis’, Qual Quant, 2021.
[69]
G. Guest, E. Namey, and M. Chen, ‘A simple method to assess and report thematic saturation in qualitative research’, PLoS One, vol. 15, no. 5, May 2020.
[70]
M. Paulo, V. Miguéis, and I. Pereira, ‘Leveraging email marketing: Using the subject line to anticipate the open rate’, Expert Syst Appl, p. 117974, Nov. 2022.
[71]
N. S. Sahni, S. C. Wheeler, and P. Chintagunta, ‘Personalization in Email Marketing: The Role of Noninformative Advertising Content’, https://doi.org/10.1287/mksc.2017.1066, vol. 37, no. 2, pp. 236–258, Feb. 2018.
[72]
G. Ríos-Toledo, J. P. F. Posadas-Durán, G. Sidorov, and N. A. Castro-Sánchez, ‘Detection of changes in literary writing style using N-grams as style markers and supervised machine learning’, PLoS One, vol. 17, no. 7, p. e0267590, Jul. 2022.
[73]
L. M. Stuart, S. Tazhibayeva, A. R. Wagoner, and J. M. Taylor, ‘On identifying authors with style’, Proceedings - 2013 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2013, pp. 3048–3053, 2013.
[74]
Y. Zhang, ‘Your Style Your Identity: Leveraging Writing and Photography Styles for Drug Trafficker Identification in Darknet Markets over Attributed Heterogeneous Information Network’.
[75]
A. Vorobeva, G. Khisaeva, D. Zakoldaev, and I. Kotenko, ‘Detection of Business Email Compromise Attacks with Writing Style Analysis’, Communications in Computer and Information Science, vol. 1544 CCIS, pp. 248–262, 2022.
[76]
J. Müller, ‘“Johnny, you are fired!”-Spoofing OpenPGP and S/MIME Signatures in Emails’, Accessed: Feb. 16, 2023. [Online]. Available: https://www.usenix.org/conference/usenixsecurity19/presentation/muller
[77]
‘Email signature 101: What to include, benefits, examples, & more ’. https://www.cognism.com/email-signature (accessed Aug. 30, 2022).
[78]
P. K. Jain, R. Pamula, and E. A. Yekun, ‘A multi-label ensemble predicting model to service recommendation from social media contents’, J Supercomput, vol. 78, no. 4, pp. 5203–5220, Mar. 2021.
[79]
M. Mbodila, N. Marongwe, and F. Kwahene, ‘The Use Of Social Media As A Knowledge Sharing Platform During Covid-19 Among Students In A Rural University: A Comparison Of Email And Whatsapp’, ICERI2020 Proceedings, vol. 1, pp. 1001–1010, Nov. 2020.
[80]
G. Nasser, B. W. Morrison, P. Bayl-Smith, R. Taib, M. Gayed, and M. W. Wiggins, ‘The Role of Cue Utilization and Cognitive Load in the Recognition of Phishing Emails’, Front Big Data, vol. 3, Sep. 2020.
[81]
A. AlAdwani and A. AlFadley, ‘Online Learning via Microsoft TEAMS During the Covid-19 Pandemic as Perceived by Kuwaiti EFL Learners’, Journal of Education and Learning, vol. 11, no. 1, p. 132, Jan. 2022.
[82]
‘CCS Insight Connect - View’. https://my.ccsinsight.com/reportaction/5491/Marketing (accessed Sep. 14, 2022).
[83]
C. Colwill, ‘Human factors in information security: The insider threat – Who can you trust these days?’, Information Security Technical Report, vol. 14, no. 4, pp. 186–196, Nov. 2009.
[84]
T. Halevi, N. Memon, and O. Nov, ‘Spear-Phishing in the Wild: A Real-World Study of Personality, Phishing Self-Efficacy and Vulnerability to Spear-Phishing Attacks’, SSRN Electronic Journal, Jan. 2015.
[85]
K. Althobaiti, N. Meng, and K. Vaniea, ‘I don't need an expert! making url phishing features human comprehensible’, Conference on Human Factors in Computing Systems - Proceedings, May 2021.
[86]
M. Dixon, J. Nicholson, D. Branley-Bell, P. Briggs, and L. Coventry, ‘Holding Your Hand on the Danger Button’, Proc ACM Hum Comput Interact, vol. 6, no. MHCI, Sep. 2022.
[87]
‘Step 5 - Avoiding phishing attacks - NCSC.GOV.UK’. https://www.ncsc.gov.uk/collection/small-business-guide/avoiding-phishing-attacks (accessed Feb. 16, 2023).
[88]
M. Bada, A. M. Sasse, and J. R. C. Nurse, ‘Cyber Security Awareness Campaigns: Why do they fail to change behaviour?’, International Conference on Cyber Security for Sustainable Society, 2015, Accessed: Feb. 16, 2023. [Online]. Available: https://arxiv.org/ftp/arxiv/papers/1901/1901.02672.pdf
[89]
P. Kumaraguru, S. Sheng, A. Acquisti, L. F. Cranor, and J. Hong, ‘Lessons from a real world evaluation of anti-phishing training’, eCrime Researchers Summit, eCrime 2008, 2008.
[90]
M. P. Steves, K. K. Greene, and M. F. Theofanos, ‘A Phish Scale: Rating Human Phishing Message Detection Difficulty’.
[91]
C. Iuga, J. R. C. Nurse, and A. Erola, ‘Baiting the hook: factors impacting susceptibility to phishing attacks’, Human-centric Computing and Information Sciences, vol. 6, no. 1, pp. 1–20, Dec. 2016.
[92]
D. J. Simons and C. F. Chabris, ‘Gorillas in Our Midst: Sustained Inattentional Blindness for Dynamic Events’, http://dx.doi.org/10.1068/p281059, vol. 28, no. 9, pp. 1059–1074, Sep. 1999.
[93]
A. Poller, L. Kocksch, S. Türpe, F. A. Epp, and K. Kinder-Kurlanda, ‘Can security become a routine? A study of Organizational change in an agile software development group’, Proceedings of the ACM Conference on Computer Supported Cooperative Work, CSCW, pp. 2489–2503, Feb. 2017.
[94]
M. E. Armstrong, K. S. Jones, and A. S. Namin, ‘How Perceptions of Caller Honesty Vary During Vishing Attacks That Include Highly Sensitive or Seemingly Innocuous Requests’, Human Factors: The Journal of the Human Factors and Ergonomics Society, vol. 00, no. 0, pp. 1–13, 2021. 1177/ 0018 7208 2110 12818.
[95]
K. L. Chiew, K. S. C. Yong, and C. L. Tan, ‘A survey of phishing attacks: Their types, vectors and technical approaches’, Expert Syst Appl, vol. 106, pp. 1–20, Sep. 2018.
[96]
O'Donnell Lindsey, ‘Microsoft Teams Phishing Attack Targets Office 365 Users | Threatpost’, Threatpost, Oct. 22, 2020. https://threatpost.com/microsoft-teams-phishing-office-365/160458/ (accessed Dec. 03, 2021).
[97]
D. M. Sarno and M. B. Neider, ‘So Many Phish, So Little Time: Exploring Email Task Factors and Phishing Susceptibility’, https://doi.org/10.1177/0018720821999174, vol. 64, no. 8, pp. 1379–1403, Apr. 2021.
Index Terms
- “It may take ages”: Understanding Human-Centred Lateral Phishing Attack Detection in Organisations
Index terms have been assigned to the content through auto-classification.
Recommendations
Detecting lateral spear phishing attacks in organisations
Lateral spear phishing attack is a powerful type of social engineering attack carried out using compromised email account(s) within the target organisation. Spear phishing attacks are difficult to detect due to the nature of these attacks. The inclusion ...
A Design of an Anti-Phishing Training System Collaborated with Multiple Organizations
iiWAS2019: Proceedings of the 21st International Conference on Information Integration and Web-based Applications & ServicesPhishing is a dangerous threat to organizations. A sender of a phishing email pretends to be a trusted person to steal valuable information, including personal identity data and credentials. If a targeted organization is sent a large number of attack ...
Countermeasure Techniques for Deceptive Phishing Attack
NISS '09: Proceedings of the 2009 International Conference on New Trends in Information and Service SciencePhishing is a form of online identity theft. Phishers use social engineering to steal victims' personal identity data and financial account credentials. Social engineering schemes use spoofed e-mails to lure unsuspecting victims into counterfeit ...
Comments
Information & Contributors
Information
Published In
October 2023
364 pages
ISBN:9798400708145
DOI:10.1145/3617072
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 16 October 2023
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
EuroUSEC 2023
EuroUSEC 2023: The 2023 European Symposium on Usable Security
October 16 - 17, 2023
Copenhagen, Denmark
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 126Total Downloads
- Downloads (Last 12 months)87
- Downloads (Last 6 weeks)12
Reflects downloads up to 09 Jan 2025
Other Metrics
Citations
Cited By
View all- Althobaiti KAlsufyani N(2024)A review of organization-oriented phishing researchPeerJ Computer Science10.7717/peerj-cs.248710(e2487)Online publication date: 27-Nov-2024
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format