nach oben

Erschienen in:

2023 | OriginalPaper | Buchkapitel

Guidelines for Developers and Recommendations for Users to Mitigate Phishing Attacks: An Interdisciplinary Research Approach

verfasst von : Javara Allah Bukhsh

Erschienen in: Research Challenges in Information Science: Information Science and the Connected World

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Phishing attacks are common these days. If successful, these attacks cause psychological, emotional, and financial damage to the victims. Such damages may have a long-term impact. The overall objective of this Ph.D. research is to contribute to mitigating phishing victimization risks by exploring phishing prevalence, user-related risk factors, and vulnerable target groups and by designing (1) guidelines for social website developers focused on internet user vulnerabilities and (2) recommendations for users to avoid such attacks. The Ph.D. research acknowledges that phishing attacks are technical in nature, while the impact is financial and psychological. Therefore, an interdisciplinary research approach focusing on empirical research methods from social sciences (i.e., focus groups and surveys) and computer science (i.e., data-driven techniques such as machine learning) is adopted for the research. In particular, we aim to use a machine learning model for data analytics and quantitative and qualitative research design for psychological analysis. The research outcome of this Ph.D. work is expected to provide recommendations for internet users and organizations developing social-media-based software systems through more phishing aware development practices.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Secure Infrastructure for Cyber-Physical Ranges

Nächstes Kapitel Leveraging Exogeneous Data for the Predictive Monitoring of IT Service Management Processes

Statista: Internet and social media users in the world 2022, Statista (2022). https://www.statista.com/statistics/617136/digital-population-worldwide/. Accessed 30 September 2022

Cyber Security Breaches Survey 2020. GOV.UK (2020). https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020. Accessed 14 Apr 2021

Proofpoint: State of the Phish Report: Attack Rates Rise, Account Compromise Soars. Proofpoint (2019). https://www.proofpoint.com/us/corporate-blog/post/2019-state-phish-report-attack-rates-rise-account-compromise-soars. Accessed 01 Oct 2022

Statista: Data records breached worldwide 2022, Statista (2022). https://www.statista.com/statistics/1307426/number-of-data-breaches-worldwide/. Accessed 30 Sep 2022

Lastdrager, E.E.H.: Achieving a consensual definition of phishing based on a systematic review of the literature. Crime Sci. 3(1), 1 (2014). https://doi.org/10.1186/s40163-014-0009-yCrossRef

APWG:APWG | APWG 1Q 2022: Phishing Reaches Record High; APWG Observes One Million Attacks Within the Quarter – For the First Time – in the First Quarter of 2022 (2022). https://apwg.org/apwg-1q-2022-phishing-reaches-record-high-apwg-observes-one-million-attacks-within-the-quarter-for-the-first-time-in-the-first-quarter-of-2022/. Accessed 01 Oct 2022

Aleroud, A., Zhou, L.: Phishing environments, techniques, and countermeasures: a survey. Comput. Secur. 68, 160–196 (2017).https://doi.org/10.1016/j.cose.2017.04.006

Huang, H., Zhong, S., Tan, J.: Browser-side countermeasures for deceptive phishing attack. In: 5th International Conference on Information Assurance and Security, IAS 2009, September 2009, pp. 352–355 (2009). https://doi.org/10.1109/IAS.2009.12

Abroshan, H., Devos, J., Poels, G., Laermans, E.: Phishing attacks root causes. In: Cuppens, N., Cuppens, F., Lanet, J.-L., Legay, A., Garcia-Alfaro, J. (eds.) Risks and Security of Internet and Systems. LNCS, vol. 10694, pp. 187–202. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76687-4_13CrossRef

10.

Junger, M., Montoya, L., Overink, F.-J.: Priming and warnings are not effective to prevent social engineering attacks. Comput. Hum. Behav. 66, 75–87 (2017). https://doi.org/10.1016/j.chb.2016.09.012CrossRef

11.

Garera, S., Provos, N., Chew, M., Rubin, A.D.: A Framework for Detection and Measurement of Phishing Attacks, pp. 1–8 (2007)

12.

Hutchings, A., Hayes, H.: Routine activity theory and phishing victimisation: who gets caught in the ‘Net’? Current Issues Crim. Justice 20(3), 433–452 (2018). https://doi.org/10.1080/10345329.2009.12035821CrossRef

13.

Canham, M., Posey, C., Strickland, D., Constantino, M.: Phishing for long tails: examining organizational repeat clickers and protective stewards. SAGE Open 11(1), 215824402199065 (2021). https://doi.org/10.1177/2158244021990656CrossRef

14.

Correia, S.G.: Patterns of online repeat victimisation and implications for crime prevention. In: 2020 APWG Symposium on Electronic Crime Research (eCrime), November 2020, pp. 1–11 (2020). https://doi.org/10.1109/eCrime51433.2020.9493258

15.

Milani, R., Caneppele, S., Burkhardt, C.: Exposure to cyber victimization: results from a Swiss survey. Deviant Behav. 1–13 (2020).https://doi.org/10.1080/01639625.2020.1806453

16.

Wittebrood, K., Nieuwbeerta, P.: Criminal victimization during one’s life course: the effects of previous victimization and patterns of routine activities. J. Res. Crime Delinq. 37(1), 91–122 (2000). https://doi.org/10.1177/0022427800037001004CrossRef

17.

Brown, C.F., Demaray, M.K., Secord, S.M.: Cyber victimization in middle school and relations to social emotional outcomes. Comput. Hum. Behav. 35, 12–21 (2014). https://doi.org/10.1016/j.chb.2014.02.014CrossRef

18.

Whitty, M.T.: Predicting susceptibility to cyber-fraud victimhood. J. Financ. Crime 26(1), 277–292 (2019). https://doi.org/10.1108/JFC-10-2017-0095CrossRef

19.

Darwish, A., Zarka, A.E., Aloul, F.: Towards understanding phishing victims’ profile. In: 2012 International Conference on Computer Systems and Industrial Informatics, December 2012, pp. 1–5 (2012). https://doi.org/10.1109/ICCSII.2012.6454454

20.

Parsons, K., Butavicius, M., Delfabbro, P., Lillie, M.: Predicting susceptibility to social influence in phishing emails. Int. J. Hum. Comput. Stud. 128, 17–26 (2019). https://doi.org/10.1016/j.ijhcs.2019.02.007CrossRef

21.

Curtis, S.R., Rajivan, P., Jones, D.N., Gonzalez, C.: Phishing attempts among the dark triad: patterns of attack and vulnerability. Comput. Hum. Behav. 87, 174–182 (2018). https://doi.org/10.1016/j.chb.2018.05.037CrossRef

22.

Halevi, T., Memon, N., Nov, O.: Spear-phishing in the wild: a real-world study of personality, phishing self-efficacy and vulnerability to spear-phishing attacks. SSRN Electron. J. (2015).https://doi.org/10.2139/ssrn.2544742

23.

Siddaway, A.P., Wood, A.M., Hedges, L.V.: How to do a systematic review: a best practice guide for conducting and reporting narrative reviews, meta-analyses, and meta-syntheses. Ann. Rev. Psychol. 70(1), 747–770 (2019). https://doi.org/10.1146/annurev-psych-010418-102803CrossRef

24.

Oakley, J.G.: Access. In: Waging Cyber War, pp. 101–114. Apress, Berkeley (2019). https://doi.org/10.1007/978-1-4842-4950-5_8CrossRef

25.

Venkatesh, V., Morris, M.G., Davis, G.B., Davis, F.D.: User acceptance of information technology: toward a unified view. MIS Q. 27(3), 425–478 (2003). https://doi.org/10.2307/30036540CrossRef

Titel: Guidelines for Developers and Recommendations for Users to Mitigate Phishing Attacks: An Interdisciplinary Research Approach
verfasst von: Javara Allah Bukhsh
Verlag: Springer Nature Switzerland
Buch: Research Challenges in Information Science: Information Science and the Connected World
Print ISBN: 978-3-031-33079-7

Electronic ISBN: 978-3-031-33080-3

Copyright-Jahr: 2023
DOI: https://doi.org/10.1007/978-3-031-33080-3_46

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"