Designing Antiphishing Education

Handbook of Research on Social and Organizational Liabilities in Information Security ◽

10.4018/978-1-60566-132-2.ch016 ◽

2009 ◽

pp. 257-278

Author(s):

James W. Ragucci ◽

Stefan A. Robila

Keyword(s):

Computer System ◽

Human Factor ◽

Daily Routine ◽

Classroom Setting ◽

Digital World ◽

Iq Test ◽

Phishing Attacks ◽

Human Aspect ◽

E Mail

Fraudulent e-mails, known as phishing attacks, have brought chaos across the digital world causing billions of dollars of damage. These attacks are known for their ability to exploit the human aspect of a computer system by pretending to originate from a source trusted by the victim. While technology defenses have been setup for protection, people are still succumbing to these attacks at alarming rates. Therefore, educational techniques must implement to strengthen the human factor of security. We propose the use of a phishing IQ test that when used in classroom setting can help users build experience needed to identify phishing e-mail during their daily routine.

Download Full-text

Analyze of Phishing Violence and Alleviation

European Journal of Business Management and Research ◽

10.24018/ejbmr.2019.4.6.170 ◽

2019 ◽

Vol 4 (6) ◽

Author(s):

Ramesh Palanisamy ◽

Mohammed Tariq Shaikh ◽

Senthil Jayapal ◽

Darla Thomas

Keyword(s):

New Technologies ◽

The Internet ◽

Prevention Measures ◽

Dynamic Features ◽

Important Data ◽

Phishing Attacks ◽

E Mail

Nowadays phishing can be considered one of the simplest and oldest ways to steal important data from users on the internet. And only by collecting a small quantity of data about victim the attacker will be able to produce personalized and plausible e-mail. However, these days more ways that are trying to be found and new technologies are inventive to deal with phishing. In this paper, I will present type, cause, prevention measures and dynamic features for growing phishing attacks.

Download Full-text

Human Factor Role for Cyber Threats Resilience

Multigenerational Online Behavior and Media Use ◽

10.4018/978-1-5225-7909-0.ch013 ◽

2019 ◽

pp. 215-241

Author(s):

Zlatogor Borisov Minchev

Keyword(s):

Human Factor ◽

New Technologies ◽

Mixed Reality ◽

Smart Environments ◽

Methodological Framework ◽

Agent Based ◽

Cyber Threats ◽

Digital World ◽

Technological Growth ◽

Scenario Method

The chapter describes the problem of building cyber threats resilience for the human factor as the technological growth is constantly changing the security landscape of the new digital world. A methodological framework for meeting the problem by using the “scenario method” and experts' support is outlined. An implementation of comprehensive morphological and system analyses of cyber threats are performed, followed by agent based mixed reality validation, incorporating biometrics monitoring. The obtained results demonstrate a correlation of experts' beliefs for cyber threats identification, related to human factor biometric response, whilst using social networks and inhabiting smart environments of living. The achieved results prove “use with care” necessity for new technologies, concerning cyber threats landscape for assuring a sustainable resilience balance from the human factor perspective.

Download Full-text

A Multistage Framework to Defend Against Phishing Attacks

Cyber Crime ◽

10.4018/978-1-61350-323-2.ch203 ◽

2013 ◽

pp. 245-262

Author(s):

Madhusudhanan Chandrasekaran ◽

Shambhu Upadhyaya

Keyword(s):

Performance Analysis ◽

Structural Properties ◽

Web Site ◽

End Users ◽

Analysis Study ◽

Second Stage ◽

Phishing Attacks ◽

Two Stages ◽

E Mail

Phishing scams pose a serious threat to end-users and commercial institutions alike. E-mail continues to be the favorite vehicle to perpetrate such scams, mainly due to its widespread use combined with the ability to easily spoof them. Several approaches, both generic and specialized, have been proposed to address this growing problem. However, phishing techniques, growing in ingenuity as well as sophistication, render these solutions weak. To overcome these limitations, we propose a multistage framework – the first stage aims at detecting phishing based on their semantic and structural properties, whereas in the second stage we propose a proactive technique based on a challenge-response technique to establish the authenticity of a Web site. Using live e-mail data, we demonstrate that our approach with these two stages is able to detect a wider range of phishing attacks than existing schemes. Also, our performance analysis study shows that the implementation overhead introduced by our tool is negligibly small.

Download Full-text

THE PLACE OF SOCIAL ENGINEERING IN THE PROBLEM OF DATA LEAKS AND ORGANIZATIONAL ASPECTS OF CORPORATE ENVIRONMENT PROTECTION AGAINST FISHING E-MAIL ATTACKS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2021.13.615 ◽

2021 ◽

Vol 1 (13) ◽

pp. 6-15

Author(s):

Yuriy Yakymenko ◽

Dmytro Rabchun ◽

Mykhailo Zaporozhchenko

Keyword(s):

Social Engineering ◽

Corporate Environment ◽

Phishing Attacks ◽

Internet Users ◽

Significant Damage ◽

Hands On ◽

Periodic Testing ◽

Almost All ◽

E Mail ◽

Security Incidents

As the number and percentage of phishing attacks on company employees and regular users have tended to increase rapidly over the last two years, it is necessary to cover the issue of protection against this type of social engineering attacks. Throughout the pandemic, intruders are finding more and more new ways to cheat, so even experienced Internet users can become a victim to their scams. Due to the fact that e-mail is used in almost all companies, most fishing attacks use e-mail to send malicious messages. The article discusses the main methods used by attackers to conduct phishing attacks using e-mail, signs that the user has become a victim to social engineers, and provides recommendations how to increase the resilience of the corporate environment to such attacks using organizational methods. Because the user is the target of phishing attacks, and the tools built into the browser and email clients in most cases do not provide reliable protection against phishing, it is the user who poses the greatest danger to the company, because he, having become a victim of a fishing attack, can cause significant damage to the company due to his lack of competence and experience. That is why it is necessary to conduct training and periodic testing of personnel to provide resistance to targeted phishing attacks. Company employees should be familiar with the signs of phishing, examples of such attacks, the principles of working with corporate data and their responsibility. The company's management must create and communicate to the staff regulations and instructions that describe storage, processing, dissemination and transfer processes of information to third parties. Employees should also report suspicious emails, messages, calls, or people who have tried to find out valuable information to the company's security service. Raising general awareness through hands-on training will reduce the number of information security incidents caused by phishing attacks.

Download Full-text

Human Factor Role for Cyber Threats Resilience

Advances in Digital Crime, Forensics, and Cyber Terrorism - Handbook of Research on Civil Society and National Security in the Era of Cyber Warfare ◽

10.4018/978-1-4666-8793-6.ch017 ◽

2016 ◽

pp. 377-402

Author(s):

Zlatogor Borisov Minchev

Keyword(s):

Human Factor ◽

New Technologies ◽

Mixed Reality ◽

Smart Environments ◽

Methodological Framework ◽

Agent Based ◽

Cyber Threats ◽

Digital World ◽

Technological Growth ◽

Scenario Method

Download Full-text

Social-Technical Systems

Encyclopedia of Human Computer Interaction ◽

10.4018/978-1-59140-562-7.ch079 ◽

2006 ◽

pp. 533-541 ◽

Cited By ~ 17

Author(s):

Brian Whitworth

Keyword(s):

Computer System ◽

Computer Mediated Communication ◽

Natural World ◽

Mediated Communication ◽

The People ◽

Computer Mediated ◽

Bulletin Boards ◽

Technical Systems ◽

E Mail ◽

Social Level

Computer systems have long been seen as more than just mechanical systems (Boulding, 1956). They seem to be systems in a general sense (Churchman, 1979), with system elements, like a boundary, common to other systems (Whitworth & Zaic, 2003). A computer system of chips and circuits is also a software system of information exchanges. Today, the system is also the human-computer combination (Alter, 1999); for example, a plane is mechanical, its computer controls are informational, but the plane plus pilot is also a system: a human-computer system. Human-computer interaction (HCI) sees computers as more than just technology (hardware and software). Computing has reinvented itself each decade or so, from hardware in the 1950s and 1960s, to commercial information processors in the 1970s, to personal computers in the 1980s, to computers as communication tools in the 1990s. At each stage, system performance increased. This decade seems to be that of social computing, in which software serves not just people but society, and systems like e-mail, chat rooms, and bulletin boards have a social level. Human-factors research has expanded from computer usability (individual), to computer-mediated communication (largely dyads), to virtual communities (social groups). The infrastructure is technology, but the overall system is personal and social, with all that implies. Do social systems mediated by technology differ from those mediated by the natural world? The means of interaction, a computer network, is virtual, but the people involved are real. One can be as upset by an e-mail as by a letter. Online and physical communities have a different architectural base, but the social level is still people communicating with people. This suggests computer-mediated communities operate by the same principles as physical communities; that is, virtual society is still a society, and friendships cross seamlessly from face-to-face to e-mail interaction. Table 1 suggests four computer system levels, matching the idea of an information system as hardware, software, people, and business processes (Alter, 2001). Social-technical systems arise when cognitive and social interaction is mediated by information technology rather than the natural world.

Download Full-text

Individual processing of phishing emails

Online Information Review ◽

10.1108/oir-04-2015-0106 ◽

2016 ◽

Vol 40 (2) ◽

pp. 265-281 ◽

Cited By ~ 24

Author(s):

Brynne Harrison ◽

Elena Svetieva ◽

Arun Vishwanath

Keyword(s):

Private Information ◽

Content Type ◽

Online Fraud ◽

Phishing Attacks ◽

Effective Decision ◽

Effective Decision Making ◽

E Mail ◽

Role Of Information ◽

Insight Into

Purpose – The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the characteristics of the e-mail message, users’ knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails. Design/methodology/approach – A field experiment was conducted where 194 subjects were exposed to a real phishing attack. The experimenters manipulated the contents of the message and measures of user traits and user processing were obtained after the phishing attack. Findings – Of the original list of targets, 47 percent divulged their private information to a bogus form page. Phishing susceptibility was predicted by a particular combination of both low attention to the e-mail elements and high elaboration of the phishing message. The presence of a threat or reward-based phishing message did not affect these processes, nor did it affect subsequent phishing susceptibility. Finally, individual factors such as knowledge and experience with e-mail increased resilience to the phishing attack. Research limitations/implications – The findings are generalizable to students who are a particularly vulnerable target of phishing attacks. Practical implications – The results presented in this study provide pragmatic recommendations for developing user-centered interventions to thwart phishing attacks. Lastly the authors suggest more effective educational efforts to protect individuals from such online fraud. Originality/value – This study provides novel insight into why phishing is successful, the human factor in susceptibility to online deception as well the role of information processing in effective decision making in this context. Based on the findings, the authors dispel common misconceptions about phishing and discuss more effective educational efforts to protect individuals from such online fraud.

Download Full-text

Data Mining for Obtaining Secure E-Mail Communications

Encyclopedia of Data Warehousing and Mining, Second Edition ◽

10.4018/978-1-60566-010-3.ch070 ◽

2011 ◽

pp. 445-449

Author(s):

Mª Dolores del Castillo

Keyword(s):

Personal Data ◽

Web Pages ◽

Communication Tool ◽

Financial Gain ◽

Phishing Attacks ◽

Financial Account ◽

Criminal Intent ◽

Security Information ◽

Mouse Movements ◽

E Mail

Email is now an indispensable communication tool and its use is continually growing. This growth brings with it an increase in the number of electronic threats that can be classified into five categories according to their inner behavior: virus, trojans, pharming, spam, and phishing. Viruses, trojans and pharming threats represent an attack to the user’s computer while the focus of attack of spam and phishing threats is mainly the user, that is, these last two threats involve a kind of intellectual attack. A virus is a small program that replicates itself and inserts copies into other executable code or documents using e-mails as a means of transport. Trojans can not replicate themselves and they are used to open a network port giving other users a means of controlling the infected computer. Other more dangerous trojans are called spy programs (spyware) which wait until users visit some websites and then capture all the keys typed and mouse movements and make screenshots to obtain information. Pharming is a technique used to redirect users to illegitimate websites. These three threats, in spite of being present in e-mails, can be solved by an anti virus program. The next two threats need e-mail filters to be solved and this chapter focuses on them: spam and phishing. Spam consists on the massive sending of unsolicited commercial e-mail to a large number of recipients. Unlike legitimate commercial e-mail, spam is sent without the explicit permission of the recipients. Spammers obtain e-mail addresses by different ways such as guessing common names at known domains or searching addresses in web pages. A report from the Commission of European Communities (“Communication from”, 2004) shows that more than 25 percent of all e-mail currently received is spam. More recent reliable data shows that spam represents 60-80 percent of e-mail volume. Spam is widely recognized as one of the most significant problems facing the Internet today. Spam has evolved to a new and dangerous form known as ‘phishing’. Phishing differs from spam in that it is generated by a criminal intent on stealing personal data for financial gain (“Spyware”, 2007). Phishing is the term used to describe emails which trick recipients into revealing their personal or their company’s confidential information such as social security and financial account numbers, account passwords and other identity or security information. According to Anti-Phishing Working Group (“June Phishing”, 2006) the number of phishing reports has increased from 20,109 in May 2006 to 28,571 in June 2006 and it is the most ever recorded. Phishing attacks increase despite of the efforts of e-mail filters. Although only 0.001 percent of e-mail sent is responded to, this percentage is enough to return on the investment and keep the phishing industry alive. Further research has estimated that the costs of these phishing attacks on consumers in 2003 ranged from $500 million to an amazing $2.4 billion.

Download Full-text

If e-mail could speak, what would it say? Interviewing objects in a digital world

Explorations in Media Ecology ◽

10.1386/eme.16.2-3.157_1 ◽

2017 ◽

Vol 16 (2) ◽

pp. 157-173

Author(s):

Joni A. Turville

Keyword(s):

Digital World ◽

E Mail

Download Full-text

Transparent Proxy for Secure E-Mail

Journal of Electrical Engineering ◽

10.2478/v10187-010-0026-3 ◽

2010 ◽

Vol 61 (3) ◽

pp. 183-188

Author(s):

Juraj Michalák ◽

Ladislav Hudec

Keyword(s):

Computer System ◽

Public Key ◽

Embedded Computer ◽

Mail Server ◽

E Mail

Transparent Proxy for Secure E-MailThe paper deals with the security of e-mail messages and e-mail server implementation by means of a transparent SMTP proxy. The security features include encryption and signing of transported messages. The goal is to design and implement a software proxy for secure e-mail including its monitoring, administration, encryption and signing keys administration. In particular, we focus on automatic public key on-the-fly encryption and signing of e-mail messages according to S/MIME standard by means of an embedded computer system whose function can be briefly described as a brouter with transparent SMTP proxy.

Download Full-text