Sökning: id:"swepub:oai:DiVA.org:his-10136" >
An empirical invest...
An empirical investigation of the effect of target-related information in phishing attacks
-
- Rocha Flores, Waldo (författare)
- KTH,Industriella informations- och styrsystem,Industrial Information and Control Systems, Royal Institute of Technology, Stockholm, Sweden
-
- Holm, Hannes (författare)
- Swedish Defense Research Agency (FOI), Linköping, Sweden
-
- Nohlberg, Marcus, 1976- (författare)
- Högskolan i Skövde,Institutionen för informationsteknologi,Forskningscentrum för Informationsteknologi,Information Systems
-
visa fler...
-
- Ekstedt, Mathias (författare)
- KTH,Industriella informations- och styrsystem,Industrial Information and Control Systems, Royal Institute of Technology, Stockholm, Sweden
-
visa färre...
-
(creator_code:org_t)
- IEEE Computer Society, 2014
- 2014
- Engelska.
-
Ingår i: IEEE 18th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations EDOCW 2014: 1-2 September 2014 Ulm, Germany. - : IEEE Computer Society. - 9781479954704 - 9781479954674 ; , s. 357-363
- Relaterad länk:
-
https://urn.kb.se/re...
-
visa fler...
-
https://doi.org/10.1...
-
https://urn.kb.se/re...
-
visa färre...
Abstract
Ämnesord
Stäng
- Analyzing the role of target-related information in a security attack is an understudied topic in the behavioral information security research field. This paper presents an empirical investigation of the effect of adding information about the target in phishing attacks. Data was collected by conducting two phishing experiments using a sample of 158 employees at five Swedish organizations. The first experiment included a traditional mass-email attack with no target-related information, and the second experiment was a targeted phishing attack in which we included specific information related to the targeted employees' organization. The results showed that the number of organizational employees falling victim to phishing significantly increased when target-related information was added in the attack. During the first experiment 5.1 % clicked on the malicious link compared to 27.2 % of the second phishing attack, and 8.9 % of those executed the binary compared to 3.2 % of the traditional phishing attack. Adding target-related information is an effective way for attackers to significantly increase the effectiveness of their phishing attacks. This is the first study that has showed this significant effect using organizational employees as a sample. The implications of the results are further discussed.
Ämnesord
- TEKNIK OCH TEKNOLOGIER -- Elektroteknik och elektronik -- Kommunikationssystem (hsv//swe)
- ENGINEERING AND TECHNOLOGY -- Electrical Engineering, Electronic Engineering, Information Engineering -- Communication Systems (hsv//eng)
- TEKNIK OCH TEKNOLOGIER -- Elektroteknik och elektronik (hsv//swe)
- ENGINEERING AND TECHNOLOGY -- Electrical Engineering, Electronic Engineering, Information Engineering (hsv//eng)
Nyckelord
- direct observations
- experiments
- phishing
- security behavior
- Social engineering
- Technology
- Teknik
- Information Systems
- Informationssystem (IS)
Publikations- och innehållstyp
- ref (ämneskategori)
- kon (ämneskategori)
Hitta via bibliotek
Till lärosätets databas