Social Engineering and Organisational Dependencies in Phishing Attacks

Taib, R; Yu, K; Berkovsky, S; Wiggins, M; Bayl-Smith, P

Social Engineering and Organisational Dependencies in Phishing Attacks

Taib, R Yu, K

Berkovsky, S Wiggins, M Bayl-Smith, P

Permalink

Publication Type:: Conference Proceeding
Citation:: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2019, 11746 LNCS pp. 564 - 584
Issue Date:: 2019-01-01

Closed Access

	Filename	Description	Size
	interact_19_camera.pdf	Accepted Manuscript version	378.47 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Taib, R	en_US
dc.contributor.author	Yu, K https://orcid.org/0000-0001-5138-6749	en_US
dc.contributor.author	Berkovsky, S	en_US
dc.contributor.author	Wiggins, M	en_US
dc.contributor.author	Bayl-Smith, P	en_US
dc.date.accessioned	2020-04-14T01:43:37Z
dc.date.available	2020-04-14T01:43:37Z
dc.date.issued	2019-01-01	en_US
dc.identifier.citation	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2019, 11746 LNCS pp. 564 - 584	en_US
dc.identifier.isbn	9783030293802	en_US
dc.identifier.issn	0302-9743	en_US
dc.identifier.uri	http://hdl.handle.net/10453/139975
dc.description.abstract	© IFIP International Federation for Information Processing 2019. Phishing emails are a widespread cybersecurity attack method. Their breadth and depth have been on the rise as they target individuals and organisations with increased sophistication. In particular, social engineering in phishing focuses on human vulnerabilities by exploiting established psychological and behavioural cues to increase the credibility of phishing emails. This work presents the results of a 56,000-participant phishing attack simulation carried out within a multi-national financial organisation. The overarching hypothesis was that strong cultural and contextual factors impact employee vulnerability. Thus, five phishing emails were crafted, based on three of Cialdini’s persuasion principles used in isolation and in combination. Our results showed that Social proof was the most effective attack vector, followed by Authority and Scarcity. Furthermore, we examined these results in the light of a set of demographic and organisational features. Finally, both click-through rates and reporting rates were examined, to provide rich insights to developers of cybersecurity educational solutions.	en_US
dc.relation.ispartof	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)	en_US
dc.relation.isbasedon	10.1007/978-3-030-29381-9_35	en_US
dc.subject.classification	Artificial Intelligence & Image Processing	en_US
dc.title	Social Engineering and Organisational Dependencies in Phishing Attacks	en_US
dc.type	Conference Proceeding
utslib.citation.volume	11746 LNCS	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
utslib.copyright.status	closed_access
pubs.publication-status	Published	en_US
pubs.volume	11746 LNCS	en_US

Abstract:

© IFIP International Federation for Information Processing 2019. Phishing emails are a widespread cybersecurity attack method. Their breadth and depth have been on the rise as they target individuals and organisations with increased sophistication. In particular, social engineering in phishing focuses on human vulnerabilities by exploiting established psychological and behavioural cues to increase the credibility of phishing emails. This work presents the results of a 56,000-participant phishing attack simulation carried out within a multi-national financial organisation. The overarching hypothesis was that strong cultural and contextual factors impact employee vulnerability. Thus, five phishing emails were crafted, based on three of Cialdini’s persuasion principles used in isolation and in combination. Our results showed that Social proof was the most effective attack vector, followed by Authority and Scarcity. Furthermore, we examined these results in the light of a set of demographic and organisational features. Finally, both click-through rates and reporting rates were examined, to provide rich insights to developers of cybersecurity educational solutions.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/139975