Evaluating user vulnerabilities vs phisher skills in spear phishing

IF 0.2 Q4 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS IADIS-International Journal on Computer Science and Information Systems Pub Date : 2018-12-17 DOI:10.33965/ijcsis_2018130207
Mathew Nicho, H. Fakhry, Uche Egbue
{"title":"Evaluating user vulnerabilities vs phisher skills in spear phishing","authors":"Mathew Nicho, H. Fakhry, Uche Egbue","doi":"10.33965/ijcsis_2018130207","DOIUrl":null,"url":null,"abstract":"Spear phishing emails pose great danger to employees of organizations due to the inherent weakness of the employees in identifying the threat from spear phishing cues, as well as the spear phisher’s skill in crafting contextually convincing emails. This raises the main question of which construct (user vulnerabilities or phisher skills) has a greater influence on the vulnerable user. Researchers have provided enough evidence of user vulnerabilities, namely the desire for monetary gain, curiosity of the computer user, carelessness on the part of the user, the trust placed in the purported sender by the user, and a lack of awareness on the part of the computer user. However, there is a lack of research on the magnitude of each of these factors in influencing an unsuspecting user to fall for a phishing or spear phishing attack which we explored in this paper. While user vulnerabilities pose major risk, the effect of the spear phisher’s ability in skillfully crafting convincing emails (using fear appeals, urgency of action, and email contextualization) to trap even skillful IT security personnel is an area that needs to be explored. Therefore, we explored the relationships between the two major constructs namely ‘user vulnerabilities’ and ‘email contextualization’, through the theory of planned behavior with the objective to find out the major factors that lead to computer users biting the phishers’ bait. In this theoretical version of the paper, we provided the resulting two constructs that needed to be tested.","PeriodicalId":41878,"journal":{"name":"IADIS-International Journal on Computer Science and Information Systems","volume":"12 2 1","pages":""},"PeriodicalIF":0.2000,"publicationDate":"2018-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IADIS-International Journal on Computer Science and Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.33965/ijcsis_2018130207","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 5

Abstract

Spear phishing emails pose great danger to employees of organizations due to the inherent weakness of the employees in identifying the threat from spear phishing cues, as well as the spear phisher’s skill in crafting contextually convincing emails. This raises the main question of which construct (user vulnerabilities or phisher skills) has a greater influence on the vulnerable user. Researchers have provided enough evidence of user vulnerabilities, namely the desire for monetary gain, curiosity of the computer user, carelessness on the part of the user, the trust placed in the purported sender by the user, and a lack of awareness on the part of the computer user. However, there is a lack of research on the magnitude of each of these factors in influencing an unsuspecting user to fall for a phishing or spear phishing attack which we explored in this paper. While user vulnerabilities pose major risk, the effect of the spear phisher’s ability in skillfully crafting convincing emails (using fear appeals, urgency of action, and email contextualization) to trap even skillful IT security personnel is an area that needs to be explored. Therefore, we explored the relationships between the two major constructs namely ‘user vulnerabilities’ and ‘email contextualization’, through the theory of planned behavior with the objective to find out the major factors that lead to computer users biting the phishers’ bait. In this theoretical version of the paper, we provided the resulting two constructs that needed to be tested.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
评估用户漏洞与鱼叉式网络钓鱼中的钓鱼者技能
鱼叉式网络钓鱼邮件给组织的员工带来了巨大的危险,因为员工在识别鱼叉式网络钓鱼线索的威胁方面存在固有的弱点,以及鱼叉式网络钓鱼者在制作上下文令人信服的电子邮件方面的技能。这就提出了一个主要问题,即哪种构造(用户漏洞还是网络钓鱼者技能)对易受攻击的用户有更大的影响。研究人员已经提供了足够的证据证明用户的脆弱性,即对金钱利益的渴望,计算机用户的好奇心,用户的粗心大意,用户对所谓的发件人的信任,以及计算机用户缺乏意识。然而,我们在本文中探讨的影响毫无戒心的用户遭受网络钓鱼或鱼叉式网络钓鱼攻击的每个因素的大小,缺乏研究。虽然用户漏洞构成了主要风险,但鱼叉式网络钓鱼者熟练地制作令人信服的电子邮件(使用恐惧呼吁、行动紧迫性和电子邮件上下文化)来诱骗甚至熟练的IT安全人员的能力的影响是一个需要探索的领域。因此,我们通过计划行为理论,探索“用户漏洞”和“邮件语境化”这两个主要构式之间的关系,目的是找出导致计算机用户上钩的主要因素。在本文的理论版本中,我们提供了需要测试的两个构造。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
IADIS-International Journal on Computer Science and Information Systems
IADIS-International Journal on Computer Science and Information Systems COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS-
自引率
0.00%
发文量
0
期刊最新文献
ESTIMATION OF VARIOUS HUMAN EMOTIONS USING LIGHTWEIGHT FNIRS DEVICE CONSISTENT GAMING SKILL DEMOGRAPHICS IN ACADEMIC RESEARCH STATE OF GENDER EQUALITY IN AND BY ARTIFICIAL INTELLIGENCE A HYBRID DILATION APPROACH FOR REMOTE SENSING SCENE IMAGE CLASSIFICATION CLINICAL PATHWAYS AND THE NEED FOR SYSTEM INTEGRATION
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1