A framework to assist email users in the identification of phishing attacks

IF 1.6 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information and Computer Security Pub Date : 2015-10-12 DOI:10.1108/ICS-10-2014-0070

A. Lötter, L. Futcher

引用次数: 12

Abstract

Purpose – The purpose of this paper is to propose a framework to address the problem that email users are not well-informed or assisted by their email clients in identifying possible phishing attacks, thereby putting their personal information at risk. This paper therefore addresses the human weakness (i.e. the user’s lack of knowledge of phishing attacks which causes them to fall victim to such attacks) as well as the software related issue of email clients not visually assisting and guiding the users through the user interface. Design/methodology/approach – A literature study was conducted in the main field of information security with a specific focus on understanding phishing attacks and a modelling technique was used to represent the proposed framework. This paper argues that the framework can be suitably implemented for email clients to raise awareness about phishing attacks. To validate the framework as a plausible mechanism, it was reviewed by a focus group within the School of Information and Com...

查看原文本刊更多论文

帮助电子邮件用户识别网络钓鱼攻击的框架

目的-本文的目的是提出一个框架，以解决电子邮件用户在识别可能的网络钓鱼攻击方面没有得到充分的信息或他们的电子邮件客户端的协助，从而使他们的个人信息处于危险之中的问题。因此，本文解决了人类的弱点(即用户缺乏网络钓鱼攻击的知识，导致他们成为此类攻击的受害者)以及与电子邮件客户端相关的软件问题，即电子邮件客户端不能直观地帮助和引导用户通过用户界面。设计/方法论/方法-在资讯安全的主要领域进行了文献研究，特别侧重于了解网络钓鱼攻击，并使用建模技术来表示建议的框架。本文认为，该框架可以适当地用于电子邮件客户端，以提高对网络钓鱼攻击的认识。为了验证该框架是一个合理的机制，信息与通信学院的一个焦点小组对其进行了审查。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information and Computer Security COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

4.60

自引率

7.10%

发文量

期刊介绍： Information and Computer Security (ICS) contributes to the advance of knowledge directly related to the theory and practice of the management and security of information and information systems. It publishes research and case study papers relating to new technologies, methodological developments, empirical studies and practical applications. The journal welcomes papers addressing research and case studies in relation to many aspects of information and computer security. Topics of interest include, but are not limited to, the following: Information security management, standards and policies Security governance and compliance Risk assessment and modelling Security awareness, education and culture User perceptions and understanding of security Misuse and abuse of computer systems User-facing security technologies Internet security and privacy The journal is particularly interested in receiving submissions that consider the business and organisational aspects of security, and welcomes papers from both human and technical perspective on the topic. However, please note we do not look to solicit papers relating to the underlying mechanisms and functions of security methods such as cryptography (although relevant applications of the technology may be considered).