An Integrated Intelligent Approach to Enhance the Security Control of IT Systems. A Proactive Approach to Security Control Using Artificial Fuzzy Logic to Strengthen the Authentication Process and Reduce the Risk of Phishing

Salem, Omran S.A.

January 2012

Hacking information systems is continuously on the increase. Social engineering attacks is performed by manipulating the weakest link in the security chain; people. Consequently, this type of attack has gained a higher rate of success than a technical attack. Based in Expert Systems, this study proposes a proactive and integrated Intelligent Social Engineering Security Model to mitigate the human risk and reduce the impact of social engineering attacks. Many computer users do not have enough security knowledge to be able to select a strong password for their authentication. The author has attempted to implement a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is being developed to evaluate password strength and measures the password strength based on dictionary attack, time crack and shoulder surfing attack (social engineering). A comparative study of existing tools used by major companies such as Microsoft, Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and tool. A comprehensive literature survey and analytical study performed on phishing emails representing social engineering attacks that are directly related to financial fraud are presented and compared with other security threats. This research proposes a novel approach that successfully addresses social engineering attacks. Another intelligent tool is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source code and providing an in-line awareness security feedback.

Cybersecurity Awareness Training : Using ContextBased MicroTraining to teach senior citizens about phishing

Lindvall, David

January 2022

While most Swedish citizens take advantage of the numerous benefits and conveniences today’s digitalized society offers, many senior citizens are digitally excluded. It is considered that a lack of digital technological knowledge is a big contributing factor. The lack of knowledge and experience with digital technology manifests into different types of fear, where fear of falling victim to cybercrime is the most prevalent. Phishing is a common cybercrime, which is still successfully employed by cybercriminals regardless of the various security measures and information available. Senior citizens are especially vulnerable, as phishing can be hard to recognize for less technical people. To combat this, education designed for increasing a user’s cybersecurity awareness is crucial. However, as cybersecurity can be a complex topic, there is a need for simplifying it and delivering related education in a meaningful way. This is where the method ContextBased MicroTraining (CBMT) comes in. For this thesis, a browser add-on called WebSec Coach, which utilizes the CBMT framework, is used as a tool to investigate how CBMT can support Swedish senior citizens in increasing their cybersecurity awareness regarding phishing. This was examined by conducting semi-structured interviews with eight respondents, from the age of 65 and up, that possessed some level of previous computer literacy. The results were then analyzed using thematic analysis, which showed that CBMT implemented in an embedded learning tool, like WebSec Coach, increased the cybersecurity awareness regarding phishing for all respondents. Regardless of the small sample size, the results in combination with previous research point to CBMT being a directly effective method in increasing cybersecurity awareness. Furthermore, the results showed that all respondents perceived WebSec Coach positively and were interested in using it themselves after the interviews. This indicates a potential acceptance amongst senior citizens, provided that the application reaches that target group.

CBMT

cybersecurity awareness

phishing

WebSec Coach

digital exclusion

Information Systems

Improving Email Security in Organizations : Solutions and Guidelines

Andrén, Axel, Kashlan, Ghaith, Nantarat, Atichoke

January 2023

Data breaches from email attacks have been an issue since email was first implemented. Common attack methods like phishing are still a threat to organizations to this very day. That is because it never seems to stop evolving and keeps becoming more and more convincing. Email compromises have caused billions of dollars in damage worldwide, and it shows no sign of stopping. The purpose and research questions of this thesis are formulated to find guidelines or solutions that organizations can follow to improve their overall email security and awareness. In this thesis, both a systematic literature review and interviews are methods used to conduct the research. That way, both the technical portion of the subject, as well as the human perspective are covered. We found that the most common and significant email threats to organizations are phishing, BEC, and APT attacks. This thesis provides methods to mitigate these threats. What has also become clear is that human mistakes are a large portion of the problem concerning email attacks.

Email Security

Email Awareness

Phishing

Email Attacks

Social Engineering

Computer and Information Sciences

Data- och informationsvetenskap

Phishing detection challenges for private and organizational users : A comparative study

Brandqvist, Johan, Lieberth Nilsson, John

January 2023

Email communication has become an indispensable aspect of modern life, enabling rapid and efficient information exchange for individuals and organizations worldwide. However, the rise of phishing attacks poses a significant threat to the security and privacy of email users, with attackers continuously refining their techniques to exploit unsuspecting victims. This systematic literature review (SLR) aims to examine the challenges faced in email phishing detection for both private and organizational users, highlighting the unique obstacles and requirements for each user group. By analyzing relevant and current research from the past three years, this study seeks to identify the key challenges in email phishing detection, including the evolving tactics used by attackers, the limitations of current detection methods, and the hurdles in user education and awareness. Furthermore, it investigates the differential impact of these challenges on private and organizational users, with a focus on the potential differences. The comparative analysis offers valuable insights into the distinct challenges private and organizational users face in their efforts to defend against email phishing attacks. Understanding these differences is crucial for developing targeted, effective solutions that can enhance the overall resilience and security of email communication systems. Ultimately, this SLR serves as a foundation for future research and development in the field of phishing detection, fostering a safer online environment for all users.

Phishing

detection

challenge

comparison

email

Information Systems, Social aspects

Ranking Social Engineering Attack Vectors in The Healthcare and Public Health Sector

Gaurav Sachdev (14563787)

06 February 2023

<p>The National Institute of Standards and Technology defines social engineering as an attack vector that deceives an individual into divulging confidential information or performing unwanted actions. Different methods of social engineering include phishing, pretexting, tailgating, baiting, vishing, SMSishing, and quid pro quo. These attacks can have devastating effects, especially in the healthcare sector, where there are budgetary and time constraints. To address these issues, this study aimed to use cybersecurity experts to identify the most important social engineering attacks to the healthcare sector and rank the underlying factors in terms of cost, success rate, and data breach. By creating a ranking that can be updated constantly, organizations can provide more effective training to users and reduce the overall risk of a successful attack. This study identified phishing attacks via email, voice and SMS to be the most important to defend against primarily due to the number of attacks. Baiting and quid pro quo consistently ranked as lower in priority and ranking.</p>

Social Engineering

Phishing attacks

Healthcare and Public Health

cybersecurity

GAINING MONITORING CAPABILITIES AND INSIGHTS INTO RESPONSES FROM PHISHING DATA

Raqab, Alah

09 July 2014

No description available.

Industrial Engineering

Statistics

Operations Research

Cyber-attacks

phishing

design for six sigma

quality contorl

Characterizing and Detecting Online Deception via Data-Driven Methods

Hu, Hang

27 May 2020

In recent years, online deception has become a major threat to information security. Online deception that caused significant consequences is usually spear phishing. Spear-phishing emails come in a very small volume, target a small number of audiences, sometimes impersonate a trusted entity and use very specific content to redirect targets to a phishing website, where the attacker tricks targets sharing their credentials. In this thesis, we aim at measuring the entire process. Starting from phishing emails, we examine anti-spoofing protocols, analyze email services' policies and warnings towards spoofing emails, and measure the email tracking ecosystem. With phishing websites, we implement a powerful tool to detect domain name impersonation and detect phishing pages using dynamic and static analysis. We also analyze credential sharing on phishing websites, and measure what happens after victims share their credentials. Finally, we discuss potential phishing and privacy concerns on new platforms such as Alexa and Google Assistant. In the first part of this thesis (Chapter 3), we focus on measuring how email providers detect and handle forged emails. We also try to understand how forged emails can reach user inboxes by deliberately composing emails. Finally, we check how email providers warn users about forged emails. In the second part (Chapter 4), we measure the adoption of anti-spoofing protocols and seek to understand the reasons behind the low adoption rates. In the third part of this thesis (Chapter 5), we observe that a lot of phishing emails use email tracking techniques to track targets. We collect a large dataset of email messages using disposable email services and measure the landscape of email tracking. In the fourth part of this thesis (Chapter 6), we move on to phishing websites. We implement a powerful tool to detect squatting domains and train a machine learning model to classify phishing websites. In the fifth part (Chapter 7), we focus on the credential leaks. More specifically, we measure what happens after the targets' credentials are leaked. We monitor and measure the potential post-phishing exploiting activities. Finally, with new voice platforms such as Alexa becoming more and more popular, we wonder if new phishing and privacy concerns emerge with new platforms. In this part (Chapter 8), we systematically assess the attack surfaces by measuring sensitive applications on voice assistant systems. My thesis measures important parts of the complete process of online deception. With deeper understandings of phishing attacks, more complete and effective defense mechanisms can be developed to mitigate attacks in various dimensions. / Doctor of Philosophy / In recent years, online deception becomes a major threat to information security. The most common form of online deception starts with a phishing email, then redirects targets to a phishing website where the attacker tricks targets sharing their credentials. General phishing emails are relatively easy to recognize from both the target's and the defender's perspective. They are usually from strange addresses, the content is usually very general and they come in a large volume. However, Online deception that caused significant consequences is usually spear phishing. Spear-phishing emails come in a very small volume, target a small number of audiences, sometimes impersonate a trusted entity and use very specific content to redirect targets to a phishing website, where the attacker tricks targets sharing their credentials. Sometimes, attackers use domain impersonation techniques to make the phishing website even more convincing. In this thesis, we measure the entire process. Starting from phishing emails, we examine anti-spoofing protocols, analyze email services' policies and warnings towards spoofing emails, and measure the email tracking ecosystem. With phishing websites, we implement a tool to detect domain name impersonation and detect phishing pages using dynamic and static analysis. We also studied credential sharing on phishing websites. We measure what happens after targets share their credentials. Finally, we analyze potential phishing and privacy concerns on new platforms such as Alexa and Google Assistant.

Spear-Phishing

Email Spoofing

Email Tracking

Domain Squatting

Password Reuse

Voice Personal Assistant

Gone Phishing: How Task Interruptions Impact Email Classification Ability

Slifkin, Elisabeth

01 January 2024

With the continuous rise in email use, the prevalence and sophistication of phishing attacks have increased. Expanding cybersecurity awareness and strengthening email practices will help reduce the dangers posed by phishing emails, but ultimately, the extent to which a user can accurately detect phishing emails directly impacts the amount of risk to which they are exposed. Being interrupted while reading and replying to emails is a consequence of working in a dynamic world. Interruptions are often identified to be disruptive, both in terms of time costs and performance changes; they reliably increase a task's completion time, but their impact on accuracy is less consistent. The present three studies manipulated the length (Experiment 1), difficulty (Experiment 2), and similarity (Experiment 3) of interruptions in accordance with the memory for goals (MFG) model, which aims to explain why interruptions may be disruptive. Participants classified emails as either phishing or legitimate, while periodically being interrupted with a secondary task. Across all three experiments, interruptions did not affect classification accuracy, but they did reliably increase classification response time. Oculomotor analyses indicated that interruptions, regardless of type, impaired memory of previously encoded email information. This was evidenced across all three experiments by an increase in refixations and an increase in the distance between fixations pre- and post-interruption. MFG can account for some of these findings, but not all. Interruptions did not impair performance on an email classification task when participants could review the interrupted information, yet overall classification accuracy was still low. These results may suggest a pathway toward improving email classification performance however, as participants exhibited behaviors known to improve performance on other tasks, such as revisiting previously viewed areas of an email.

Email classification

task interruptions

eye tracking

phishing

Cognitive Psychology

Human Factors Psychology

Getting the general public to create phishing emails : A study on the persuasiveness of AI-generated phishing emails versus human methods

Ekekihl, Elias

January 2024

Artificial Intelligence (AI) is ever increasingly becoming more and more widespread, and is available, for the most part freely to anyone. While AI can be used for both good and bad, the potential for misuse exists. This study focuses on the intersection of AI and cybersecurity, with a focus on AI-generated phishing emails. In this study a mixed-method approach was applied and, an experiment, interviews, and a survey were conducted. Experiments and interviews were conducted with 9 participants with various backgrounds, but novices in phishing. In the experiment, phishing emails were created in three distinct ways: Human-Crafted, Internet-aided, and AI-generated. Emails were evaluated during semi-structured interviews, and each participant reviewed six emails in total, where two of these, were real phishing emails. The results from the interviews indicate that AI-generated phishing emails are as persuasive as those created in the Human-Crafted task. On the contrary, in the survey, participants ranked the AI-generated phishing email as the most persuasive, followed by Human-Crafted. The survey was answered by 100 participants. Familiarity plays a crucial part in both persuasiveness and also willingness to go along with the requests in the phishing emails, this was highlighted during interviews and the survey. Urgency was seen as very negative by both the respondents and interviewees. The results from the study highlight the potential for misuse, specifically with the creation of AI-generated phishing emails, research into protection measures should not be overlooked. Adversaries have the potential to use AI, as it is right now, to their advantage.

AI

ChatGPT

cybersecurity

GenAI

persuasiveness

phishing

Information Systems, Social aspects

I de lugnaste vatten simmar de fulaste : En studie som kartlägger de riskfaktorer som gör äldre vuxna sårbara för vishing och phishing

Eriksson, Lovisa, Engholm Flärd, Matilda

January 2024

I takt med den ökande digitaliseringen och integrationen av internet i vardagslivet ökar också risken att falla offer för vishing och phishing, där äldre vuxna ofta är måltavlor. Denna uppsats kartlägger de riskfaktorer som gör äldre vuxna sårbara för bedrägeribrott som vishing och phishing genom att tillämpa rutinaktivitetsteorin samt identifiera riskfaktorer i de äldre vuxnas egna erfarenheter och berättelser. Med hjälp av semistrukturerade intervjuer och en systematisk litteraturgenomgång har studien identifierat flera centrala riskfaktorer såsom bristande digital kompetens, högt förtroende för auktoriteter, och social isolering, vilka alla bidrar till att göra äldre till attraktiva mål för bedragare. Studien analyserar även befintliga skyddsåtgärder implementerade av Halmstad kommun och bedrägerisektionen polisregion Väst. Trots att vissa av dessa strategier berör identifierade risker, utvärderar inte resultatet effektiviteten av dessa åtgärder. Utöver detta framhäver resultatet att det finns brister i de nuvarande skyddsåtgärder som behöver åtgärdas för att effektivt kunna skydda denna sårbara grupp mot vishing och phishing. Studiens slutsatser pekar på behovet av att myndigheter, kommuner och andra organisationer utvecklar och implementerar mer omfattande åtgärder som är välanpassade efter både de teoretiskt identifierade behoven och anpassade efter de äldre vuxnas uttryckta behov. Detta för att förbättra de äldres säkerhet och minska deras sårbarhet att utsättas för vishing och phishing. / As the digitalization and integration of the internet increases into everyday life, the risk of falling victim to vishing and phishing also increases. A group of people that are often targets for these frauds are older adults. This essay maps out the risk factors that make older adults vulnerable to fraudulent crimes such as vishing and phishing. This is made by applying routine activity theory and identifying risk factors in older adults' own experiences and narratives. Through semi-structured interviews and a systematic literature review, the study has identified several key risk factors such as lack of digital competence, high trust in authorities, and social isolation, all of which contribute to making older adults attractive targets for scammers. The study also analyzes existing protective measures implemented by Halmstad Municipality and the fraud section of the West Police Region in Sweden. Although some of these strategies address identified risks, the results do not evaluate the effectiveness of these measures. Furthermore, the results highlight deficiencies in the current protective measures that need to be addressed to effectively protect this vulnerable group from vishing and phishing. The study's conclusions point to the need for authorities, municipalities, and other organizations to develop and implement more comprehensive measures tailored to both the theoretically identified needs and adapted to the expressed needs of older adults. This is to improve the safety of the elderly and reduce their vulnerability of vishing and phishing.

vishing

phishing

rutinaktivitetsteorin

bedrägeribrott

kartläggning

äldre vuxna

Computer and Information Sciences

Data- och informationsvetenskap