51 |
Investigating cybersecurity response strategies : Measures to responding to successful spear phishing attacksAlaaraj, Aiham, Yassin, Ali January 2024 (has links)
Spear phishing attacks pose an ongoing threat to organizational cybersecurity, requiring effective response measures. This study examines measures that can be implemented by Swedish organizations to respond to successful spear phishing attacks, focusing on technical solutions and cybersecurity frameworks. Through 14 semi-structured interviews with incident response teams and cybersecurity professionals, insights were gathered on the effectiveness of these measures as well as the challenges that may be faced in complying with them. The results indicate the presence of two primary response measures: technical solutions used during and after the successful attack. In addition, cybersecurity frameworks play a critical role in guiding organizations in countering successful spear phishing attacks. While the results provide valuable insight, their effectiveness varies depending on the challenges the organization may face in complying with measures. This study underscores the importance of comprehensive and effective measures to respond to successful spear phishing attacks and improve organizational resilience to evolving cyber threats.
|
52 |
The Effects of Bilingualism and Trust on Digital Scam SusceptibilityCasanova, Grace M 01 January 2024 (has links) (PDF)
Trust is an essential component of social relationships and is connected to how we make informed decisions. Humans tend to use mental shortcuts to arrive to decisions, a strategy which may be exploited by scammers. As online scams have become more common, it is critical to understand factors that can influence appraisal of potentially untrustworthy sources. The present study focused on language, in the form of self-reported bilingualism, and its relation to scam susceptibility. Language is a factor that contributes to alterations in brain structure, cognitive performance, and cognitive control systems. Bilinguals show advantages in the form of increased synaptic density and coupling which can leave highly efficient neural circuitry following early language acquisition. There is also potential for disadvantages, especially in the form of deficiencies in semantic fluency and lexical task accuracy. The present study investigated bilingualism in the realm of defense and protection from a form of cyber-attack known as phishing. The ability to detect trustworthiness or suspiciousness is the ultimate defense against scam victimization. Results supported the hypothesis that bilinguals have greater phishing classification accuracy and confidence shown by a higher end-game score during The Phishing Email Suspicion Test (PEST). Post-hoc analyses indicated marginally lower rates of false alarms and marginally higher correct rejections in bilinguals compared with monolinguals. In contrast, results did not support the hypothesis that self-reported general trust is associated with overall performance on the PEST, but some indication that lower general trust predicted more false alarms (classifying safe emails as phishing) and higher general trust predicted more misses (classifying phishing emails as safe). As the population of bilinguals is expected to increase along with sophisticated scams, this study highlights the importance of understanding the neurocognitive mechanisms associated with additional language learning and its potential impacts on decision making and trust-related behavior.
|
53 |
Detecção de Phishing no Twitter Baseada em Algoritmos de Aprendizagem OnlineBarbosa, Haline Pereira de Oliveira, 5592991791259 03 April 2018 (has links)
Submitted by Haline Barbosa (halinebarbosa@icomp.ufam.edu.br) on 2018-11-23T12:40:23Z
No. of bitstreams: 2
license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
HalinePereiradeOliveiraBarbosa.pdf: 2143170 bytes, checksum: ff7bf1fb1f0781cd5558c12bc7cba05a (MD5) / Approved for entry into archive by Secretaria PPGI (secretariappgi@icomp.ufam.edu.br) on 2018-11-23T14:34:32Z (GMT) No. of bitstreams: 2
license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
HalinePereiradeOliveiraBarbosa.pdf: 2143170 bytes, checksum: ff7bf1fb1f0781cd5558c12bc7cba05a (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2018-11-23T18:24:02Z (GMT) No. of bitstreams: 2
license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
HalinePereiradeOliveiraBarbosa.pdf: 2143170 bytes, checksum: ff7bf1fb1f0781cd5558c12bc7cba05a (MD5) / Made available in DSpace on 2018-11-23T18:24:02Z (GMT). No. of bitstreams: 2
license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
HalinePereiradeOliveiraBarbosa.pdf: 2143170 bytes, checksum: ff7bf1fb1f0781cd5558c12bc7cba05a (MD5)
Previous issue date: 2018-04-03 / Twitter is one of the most used social networks in the world with about 328 million users sharing images, videos, texts and links. Due to the restrictions on message size it is common for tweets to share shortened links to websites, making it impossible to visually identify the URL before knowing what will be displayed. Faced with this scenario, Twitter becomes a means of spreading phishing attacks through malicious links. Phishing is an attack that seeks to obtain personal information like name, CPF, passwords, number of bank accounts and numbers of credit cards. Twitter phishing attack detection systems are usually built using off-line supervised machine learning, where a large amount of data is examined once to induce a single static prediction model. In these systems, the incorporation of new data requires the reconstruction of the prediction model from the processing of the entire database, making this process slow and inefficient. In this work we propose a framework to detect phishing in Twitter. The framework uses supervised online learning, that is, the classifier is updated with each processed tweet and, if it makes a wrong prediction, the model is updated by adapting quickly to the changes with low computational cost, time and maintaining its efficiency in the task of ranking. For this study we evaluated the performance of the online learning algorithms Adaptive Random Forest, Hoeffding Tree, Naive Bayes, Perceptron and Stochastic Gradient Descent. The online Adaptive Random Forest classifier presented 99.8% prequential accuracy in the classification of phishing tweets. / O Twitter é uma das redes sociais mais utilizadas no mundo com cerca de centenas de milhões de usuários compartilhando imagens, vídeos, textos e links. Devido às restrições impostas no tamanho das mensagens é comum que os tweets compartilhem links encurtados para websites impossibilitando a identificação visual prévia da URL antes de saber o que será exibido. Tal problema tornou o Twitter um dos principais meios de disseminação de ataques de phishing através de links maliciosos. Phishing é um ataque que visa obter informações pessoais como nomes, senhas, números de contas bancárias e de cartões de crédito. Em geral, os sistemas de detecção de ataques de phishing projetados para o Twitter são construídos com base em modelos de classificação off-line. Em tais sistemas, um grande volume de dados é examinado uma única vez para induzir em um único modelo de predição estático. Nesses sistemas, a incorporação de novos dados requer a reconstrução do modelo de previsão a partir do processamento de toda a base de dados, tornando esse processo lento e ineficiente. Para solucionar este problema, este trabalho propõe um framework de detecção de phishing no Twitter. O framework utiliza aprendizagem online supervisionada, ou seja, o classificador é atualizado a cada tweet processado e, caso este realize uma predição errada, o modelo é atualizado se adaptando rapidamente às mudanças com baixo custo computacional, tempo e mantendo a sua eficiência na tarefa de classificação. Para este estudo avaliamos o desempenho dos algoritmos de aprendizagem online Adaptive Random Forest, Hoeffding Tree, Naive Bayes, Perceptron e Stochastic Gradient Descent. O classificador online Adaptive Random Forest apresentou acurácia prequential 99,8%, na classificação de tweets de phishing.
|
54 |
The Impact of Information Security Awareness on Compliance with Information Security Policies: a Phishing PerspectiveHanus, Bartlomiej T. 08 1900 (has links)
This research seeks to derive and examine a multidimensional definition of information security awareness, investigate its antecedents, and analyze its effects on compliance with organizational information security policies. The above research goals are tested through the theoretical lens of technology threat avoidance theory and protection motivation theory. Information security awareness is defined as a second-order construct composed of the elements of threat and coping appraisals supplemented by the responsibilities construct to account for organizational environment. The study is executed in two stages. First, the participants (employees of a municipality) are exposed to a series of phishing and spear-phishing messages to assess if there are any common characteristics shared by the phishing victims. The differences between the phished and the not phished group are assessed through multiple discriminant analysis. Second, the same individuals are asked to participate in a survey designed to examine their security awareness. The research model is tested using PLS-SEM approach. The results indicate that security awareness is in fact a second-order formative construct composed of six components. There are significant differences in security awareness levels between the victims of the phishing experiment and the employees who maintain compliance with security policies. The study extends the theory by proposing and validating a universal definition of security awareness. It provides practitioners with an instrument to examine awareness in a plethora of settings and design customized security training activities.
|
55 |
Detektering av phishing : En litteraturstudie om automatisk detektering av phishing med artificiell intelligens (AI) / Detection of phishing : A litterature study about automatic detection of phishing with artificial intelligence (AI)Ameri, Haydar January 2020 (has links)
Det ökade antalet mejlanvändare idag har lett till en upptrappning och ytterligare problem som är relaterade till phishing. Phishing är ett stort samhällsproblem idag som drabbar både individer och organisationer. Sedan den första attacken kom 1996, verkar phishing vara ett olöst mysterium än idag. Utvecklingen av artificiell intelligens (AI) och maskininlärning (ML) har pågått länge, men i samband med introduceringen av djupinlärning (DL) 2010 så har nya innovativa lösningar tillämpats inom flera problemområden. Det här arbetet undersöker ett av dessa, nämligen automatisk detektering av phishing baserad på AI. Arbetet presenterar en överblick av AI-utveckling men också lyfter fram viktiga aspekter som är av betydelse för framtida forskning. Arbetet ger bidrag i termer av nya idéer och ny kunskap till ett nystartat projekt vid högskolan i Skövde där målet är att utveckla ett verktyg som kan varna användaren när den befinner sig i en phishing situation. Vidare har olika lösningar identifierats och presenterats med avseende på skydd åt organisationer mot phishing. Det är dock fortfarande oklart om utmaningen med phishing är löst, eftersom merparten av lösningarna inte har implementerats i verkliga miljöer. Baserat på nuvarande forskning pekar de framstegen som har gjorts inom AI att en lösning av utmaningen kan komma inom en snar framtid. / The increased number of email users today has led to an escalation and additional problems related to phishing. Phishing is a major problem for society affecting both individuals and organizations. Since the first attack came in 1996, phishing still seems to be an unsolved challenge to this day. The development of artificial intelligence (AI) and machine learning (ML) has been going on for a long time, but in connection with the introduction of deep learning (DL) in 2010, new innovative solutions have been applied in several problem areas. This thesis examines one of these, namely automatic detection of phishing based on AI. The thesis presents an overview of the developments in this area, but also highlights important aspects that are of importance for future research. The work contributes in terms of new ideas and knowledge to a newly started project at the University of Skövde where the goal is to develop a tool that can alert the user when in a phishing situation. In addition, various solutions have been identified and presented with regard to protection for organizations against phishing. However, it is still unclear if the challenge of phishing has been solved, since most of these solutions have not been implemented in realworld environments. Based on current research, advances made in the area of AI indicates that a solution to the challenge of phishing may come in the near future.
|
56 |
Social manipulation och phishing : Vilka brister finns i dagens skydd och hur kan de förbättras?Barrios, Karolina, Tudose Fuentes, Amanda January 2019 (has links)
Företag och privatpersoner i dagens samhälle måste skydda sig mot olika typer av cyberattacker. Attackerna finns i olika former där phishingattacker är ett av de vanligaste säkerhetsproblemen som både privatpersoner och företag står inför för att hålla sin information säker. Hackare använder e-post, sociala medier, telefonsamtal, SMS och andra former av kommunikation de kan för att stjäla värdefull information som lösenord, kreditkortsnummer eller annan känslig information. Företag är särskilt en måltavla och det uppskattas att cyberattacker kostar den globala ekonomin 500 miljarder dollar per år, där phishing står för 90 % av det. Idag läggs nästan allt ut på nätet och säkerheten för personlig information är ständigt i riskzonen. Phishing kan ses som ett av de äldsta och enklaste sätten att stjäla information från människor. Det har också ett enkelt tillvägagångssätt eftersom angriparen skickar ett e-postmeddelande till ett offer, och offret går in på en falsk webbplats och ger angriparen personlig information. Allt utan att inse vad man har gjort. Denna rapport försöker hitta de brister som finns i de skydd som används mot phishing och hur de kan förbättras för att förhindra en phishingattack. Man försöker också titta på om det finns något skydd eller kombination av skydd som ger bättre skydd. Rapporten delar resultatet i olika kategorier – maskininlärning, nätverkslösningar, utbildning, heuristiska lösningar samt toolbars och plugins. Slutsatsen i detta arbete är att det inte finns något enkelt svar för hur man bäst skyddar sig men att kombinationen av utbildning och tekniska lösningar är att föredra. Ett teknisk skydd i sig själv kan minska risken för att få ett phishingmeddelande, men om meddelandet kommer fram måste det finnas kunskap i att se skillnad på ett legitimt e-postmeddelande och ett falskt. Denna studie visar också att alla skydden har brister i sig och att det på så sätt finns förbättringar som kan göras. / Companies in todays society must protect themselves against different types of cyber attacks. Since the attacks come in different forms, phishing attacks are one of the most common security issues that both individuals and companies face in keeping their information secure. Hackers are using email, social media, phone calls, SMS and any form of communication they can to steal valuable data like passwords, credit card numbers, or other sensitive information. Companies are particularly a target and it is estimated that cyberattacks cost the global economy 500 billion dollars per year, where phishing stands for 90% of that number. Today, everything is put online and the safety of personal credentials is at risk. Phishing can be seen as one of the oldest and easiest ways of stealing information from people. It also has a simple approach as the attacker sends an email to a victim, and the victim enters a fake website and gives the attacker personal information. All without realizing it. This report attempts to identify the deficiencies found in the protections used against phishing and how they can be improved to prevent a phishing attack. They also try to look for any protection or combination of protection that provides better protection. The reports divides the solution in different categories - machine learning, network solutions, education, heuristic solutions and toolbars and plugins. The thesis shows the flaws and improvements in the different solutions. The conclusion in this thesis is that there is no simple answer but that the combination of education and technical solution may be the best one. Technical protection itself can reduce the risk of getting a phishing email, but if the email arrives, there must be awareness and knowledge in how to see the difference between a legitimate email and a phishing email.
|
57 |
Vishing: ett ökande hot : Hur Sveriges regioner bemöter vishing inom hälso- och sjukvården / Vishing: an increasing threat : Swedish regions response to vishing in the health care systemAndersson, Tim, Nilsson, Emil January 2022 (has links)
Vishing är en phishing-variation som inte är dokumenterad och studerat som den mer traditionella mejl-phishing. Variationen har växt de senaste åren, speciellt under pandemin. Samtidigt har ökade attacker mot hälso- och sjukvården observerats i och med en belastning mot sektorn. I detta grundas studiens syfte att bidra till området genom att karaktärisera vishing-hotet i hälso- och sjukvårds sektorn samt identifiera åtgärder som kan implementeras för att bemöta hotet.Sju av Sveriges 21 regioner deltog i studien och dem semistrukturerade intervjuerna som var datainsamlingsmetoden. Empirin analyserades med ”grounded theory” för att induktivt kategorisera data för att sedan identifiera teman.Resultatet visade mejl-phishing i dagsläget är ett vanligare problem i dem regioner som deltog, däremot var det två regioner som hade utsatts för vishing-attacker. Åtgärder som regioner tagit var utbildningar och andra administrativa åtgärder för att öka medvetenheten. Tekniska åtgärder användes men inget för att specifikt skydda personal mot vishing-attacker.Studiens slutsats landar i att hotet i dagsläget bäst bemöts med medvetehetshöjande åtgärder och tekniska skydd för att proaktivt öka säkerheten mot lyckade anfall. Karaktären av vishing inom hälso- och sjukvården var försök att få tag i narkotikaklassade preparat.Studien har begränsats till Sveriges regioners arbete för att bemöta vishing inom hälso- och sjukvården. / Vishing is a phishing variation that is not as well documented and studied as the more traditional email phishing. Vishing attacks have increased in recent years, especially with the COVID-19 pandemic. At the same time, increased attacks on healthcare have been observed as it has been strained. This is the basis of the study's purpose to contribute to the area by characterizing the vishing threat in the healthcare sector and identifying measures that can be implemented to respond to the threat.7 of Sweden's 21 regions participated in the study and the semi-structured interviews that were the data collection method. The empirics were analyzed with "grounded theory" to inductively categorize data and then to identify themes.The results showed that e-mail phishing is currently a more common problem in the regions that participated, however, there were two regions that had been exposed to vishing attacks. Measures taken by regions were education and other administrative measures to raise awareness. Technical measures were used but nothing to specifically protect personnel from vishing attacks.The study concludes that the threat is currently best addressed with awareness-raising measures and technical protection to proactively increase security against successful attacks. The nature of vishing in healthcare was attempts to obtain drugs.The study has been limited to Sweden’s regions’ efforts to address vishing in the healthcare sector.
|
58 |
Emploging and improving machinelearning of detection of Phishing URLsYaitskyi, Andrii January 2022 (has links)
Background: Phishing is one type of the social engineering techniques to fool users by pretending tobe a trusted person and stealing users personal data. Quite often, Phishing spreads to email services, and browsers are not always able to block Phishing URLs. The problem of Phishing continues to exist and does not decrease, so there are still issues in this problem that need to be addressed. Objectives: The object of research is the method of processing and detecting Phishing URLs. This study is intended to conduct a study to identify the possible assumptions for the method of automating the processing and detection of Phishing URLs, as well as to find out how the efficiency can be improved, and the detection of Phishing URLs, in addition, this study is also intended to understand which of machine learning algorithms are best suited for detecting Phishing URLs. Methods: In this study, the method of machine learning is used, a study was also carried out, on the basis of which it was decided that these data are not enough and that a better result could be achieved if more efficient methods were used. Therefore, in this case, it was decided to use the machine learning method, and aquantitative study was carried out to understand which machine learning algorithm is better to use in furtherwork.The subject of research - methods and means of processing and detecting Phishing URLs. Also, the research methods in this study, is analysis, observation, modeling, and experimental research Results: The result shows a higher percentage compared to the algorithm comparison. Also, the result shows that the automation procedure has been achieved, and the accuracy of Phishing URL detection hasimproved a lot, showing an accuracy of 98.417%. Compared to manual analysis of Phishing URLs, and otheralgorithms, this is a better result. Conclusions: There are some challenges in handling Phishing URLs as well as efficiency and betterdetection. However, further research is needed in this case to find out how to further improve the detection of Phishing URLs.
|
59 |
Incorporación de la modalidad del Phishing en la Ley de Delitos InformáticosCarrero Perez, Jhunior Stalyn January 2024 (has links)
La tipificación del phishing en la ley de delitos informáticos es de suma urgencia. Porque el nivel de incidencia de este delito a nivel nacional viene aumentando año con año. Sin embargo, la realidad nacional, el desconocimiento y el aumento de la tecnología vienen siendo los factores sociales que más afectan al aumento de esta clase de delitos. Ahora bien, la realidad social no puede ser ajena, debido al avance tecnológico que se está viviendo. En ese sentido, la presente investigación tiene como objetivo Proponer la tipificación de la modalidad del phishing en el artículo 8 de la ley de Delitos Informáticos. Se utilizó la metodología analítica, ya que esta ayudó a dar una solución a cada variable de nuestra problémica, sumado a ello se empleó legislación nacional y extranjera, y datos estadísticos. Como resultado de la investigación, divisamos que proponer la incorporación del phishing en la ley de delitos
informáticos es viable y necesario. / The criminalization of phishing in the law of computer crimes is of utmost urgency.
Because the level of incidence of this crime at the national level has been increasing year by year. However, the national reality, the lack of knowledge and the increase of technology are the social factors that most affect the increase of this kind of crime. However, the social reality cannot be ignored, due to the technological progress that is being experienced. In this sense, the objective of this research is to propose the typification of the phishing modality in article 8 of the Computer Crimes Law. The analytical methodology was used, since it helped to give a solution to each variable of our problem, in addition to this, national and foreign legislation and statistical data were used. As a result of the research, we concluded that proposing the incorporation of phishing in the computer crime law is feasible and necessary.
|
60 |
Exploring vulnerabilities and mitigation strategies among high school students : A qualitative analysis studyAkese, Michael, Hussein, Omar January 2024 (has links)
Phishing attacks have emerged as a prominent cybersecurity threat, with one demographic particularly vulnerable being high school students, who are often active on social media yet lack adequate awareness. This study aims to deepen our understanding of phishing among high school students, pinpointing their susceptibilities, mitigation approaches, and knowledge sources. Employing qualitative research methods, semi-structured interviews were conducted with 18 participants, divided into two sample groups: those enrolled in technology programs and those in non-technology programs. The findings revealed that while students may not be familiar with the term "phishing," they possess a basic grasp of how such attacks manifest online, including through emails, SMS, and social media. Moreover, students expressed the need for phishing awareness to be integrated into high school curricula.
|
Page generated in 0.053 seconds