{"title":"通过分析受害者的个人资料设计电子邮件攻击。另一种反网络钓鱼培训方法","authors":"D. Lappas, P. Karampelas","doi":"10.34190/eccws.22.1.1178","DOIUrl":null,"url":null,"abstract":"According to Thomson-Reuters the top cyber threat today is phishing in which people are tricked either to click a malicious link or give out personal information. It’s a fact that 96% of these phishing attacks comes from emails, which amount to more than 3.4 billion daily, as reported by Cisco. Austrian aerospace company FACC, Belgian bank Crelan, Acorn financial services and many other companies were recently fell victims of phishing emails losing millions of dollars. Even if experts provide lists of signs that users should seek in an email in order to understand if it is legitimate or scam, the attackers have elevated the quality of the email messages making them believable and very hard to discern them. In order to respond to this elevated threat, unconventional user training is required, focusing on recognizing a phishing email. Knowing how an attacker thinks and prepares the attack vector against a target, we claim that it will make users more suspicious when they receive one. In this regard, an innovative education intervention (consisted of two phases) was designed and developed. In the first phase, 98 participants were asked to visit an artificial social media profile and prepare a phishing email in order to persuade the victim to click a link. Then, the participants were presented with an innovative guided workflow to prepare a spear phishing email which was based on social media intelligence. In the second phase, they were asked to prepare one more email for the same person applying this time the guided workflow. Comparing the two different emails created, we found that the guided workflow led to the creation of more authentic emails which could potentially trick the victim easier. Based on the theory of active learning, we believe that by teaching users how attackers exploit their personal information in order to develop their attack vectors, it will increase their awareness not only for the typical phishing emails but also for more sophisticated spear phishing attacks.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"167 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Designing an Email Attack by Analysing the Victim’s Profile. An Alternative Anti-Phishing Training Method\",\"authors\":\"D. Lappas, P. Karampelas\",\"doi\":\"10.34190/eccws.22.1.1178\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"According to Thomson-Reuters the top cyber threat today is phishing in which people are tricked either to click a malicious link or give out personal information. It’s a fact that 96% of these phishing attacks comes from emails, which amount to more than 3.4 billion daily, as reported by Cisco. Austrian aerospace company FACC, Belgian bank Crelan, Acorn financial services and many other companies were recently fell victims of phishing emails losing millions of dollars. Even if experts provide lists of signs that users should seek in an email in order to understand if it is legitimate or scam, the attackers have elevated the quality of the email messages making them believable and very hard to discern them. In order to respond to this elevated threat, unconventional user training is required, focusing on recognizing a phishing email. Knowing how an attacker thinks and prepares the attack vector against a target, we claim that it will make users more suspicious when they receive one. In this regard, an innovative education intervention (consisted of two phases) was designed and developed. In the first phase, 98 participants were asked to visit an artificial social media profile and prepare a phishing email in order to persuade the victim to click a link. Then, the participants were presented with an innovative guided workflow to prepare a spear phishing email which was based on social media intelligence. In the second phase, they were asked to prepare one more email for the same person applying this time the guided workflow. Comparing the two different emails created, we found that the guided workflow led to the creation of more authentic emails which could potentially trick the victim easier. Based on the theory of active learning, we believe that by teaching users how attackers exploit their personal information in order to develop their attack vectors, it will increase their awareness not only for the typical phishing emails but also for more sophisticated spear phishing attacks.\",\"PeriodicalId\":258360,\"journal\":{\"name\":\"European Conference on Cyber Warfare and Security\",\"volume\":\"167 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-06-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"European Conference on Cyber Warfare and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.34190/eccws.22.1.1178\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"European Conference on Cyber Warfare and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34190/eccws.22.1.1178","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Designing an Email Attack by Analysing the Victim’s Profile. An Alternative Anti-Phishing Training Method
According to Thomson-Reuters the top cyber threat today is phishing in which people are tricked either to click a malicious link or give out personal information. It’s a fact that 96% of these phishing attacks comes from emails, which amount to more than 3.4 billion daily, as reported by Cisco. Austrian aerospace company FACC, Belgian bank Crelan, Acorn financial services and many other companies were recently fell victims of phishing emails losing millions of dollars. Even if experts provide lists of signs that users should seek in an email in order to understand if it is legitimate or scam, the attackers have elevated the quality of the email messages making them believable and very hard to discern them. In order to respond to this elevated threat, unconventional user training is required, focusing on recognizing a phishing email. Knowing how an attacker thinks and prepares the attack vector against a target, we claim that it will make users more suspicious when they receive one. In this regard, an innovative education intervention (consisted of two phases) was designed and developed. In the first phase, 98 participants were asked to visit an artificial social media profile and prepare a phishing email in order to persuade the victim to click a link. Then, the participants were presented with an innovative guided workflow to prepare a spear phishing email which was based on social media intelligence. In the second phase, they were asked to prepare one more email for the same person applying this time the guided workflow. Comparing the two different emails created, we found that the guided workflow led to the creation of more authentic emails which could potentially trick the victim easier. Based on the theory of active learning, we believe that by teaching users how attackers exploit their personal information in order to develop their attack vectors, it will increase their awareness not only for the typical phishing emails but also for more sophisticated spear phishing attacks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
