Evaluating user vulnerabilities vs phisher skills in spear phishing

IF 0.2 Q4 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS
Mathew Nicho, H. Fakhry, Uche Egbue
{"title":"Evaluating user vulnerabilities vs phisher skills in spear phishing","authors":"Mathew Nicho, H. Fakhry, Uche Egbue","doi":"10.33965/ijcsis_2018130207","DOIUrl":null,"url":null,"abstract":"Spear phishing emails pose great danger to employees of organizations due to the inherent weakness of the employees in identifying the threat from spear phishing cues, as well as the spear phisher’s skill in crafting contextually convincing emails. This raises the main question of which construct (user vulnerabilities or phisher skills) has a greater influence on the vulnerable user. Researchers have provided enough evidence of user vulnerabilities, namely the desire for monetary gain, curiosity of the computer user, carelessness on the part of the user, the trust placed in the purported sender by the user, and a lack of awareness on the part of the computer user. However, there is a lack of research on the magnitude of each of these factors in influencing an unsuspecting user to fall for a phishing or spear phishing attack which we explored in this paper. While user vulnerabilities pose major risk, the effect of the spear phisher’s ability in skillfully crafting convincing emails (using fear appeals, urgency of action, and email contextualization) to trap even skillful IT security personnel is an area that needs to be explored. Therefore, we explored the relationships between the two major constructs namely ‘user vulnerabilities’ and ‘email contextualization’, through the theory of planned behavior with the objective to find out the major factors that lead to computer users biting the phishers’ bait. In this theoretical version of the paper, we provided the resulting two constructs that needed to be tested.","PeriodicalId":41878,"journal":{"name":"IADIS-International Journal on Computer Science and Information Systems","volume":"12 2 1","pages":""},"PeriodicalIF":0.2000,"publicationDate":"2018-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IADIS-International Journal on Computer Science and Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.33965/ijcsis_2018130207","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 5

Abstract

Spear phishing emails pose great danger to employees of organizations due to the inherent weakness of the employees in identifying the threat from spear phishing cues, as well as the spear phisher’s skill in crafting contextually convincing emails. This raises the main question of which construct (user vulnerabilities or phisher skills) has a greater influence on the vulnerable user. Researchers have provided enough evidence of user vulnerabilities, namely the desire for monetary gain, curiosity of the computer user, carelessness on the part of the user, the trust placed in the purported sender by the user, and a lack of awareness on the part of the computer user. However, there is a lack of research on the magnitude of each of these factors in influencing an unsuspecting user to fall for a phishing or spear phishing attack which we explored in this paper. While user vulnerabilities pose major risk, the effect of the spear phisher’s ability in skillfully crafting convincing emails (using fear appeals, urgency of action, and email contextualization) to trap even skillful IT security personnel is an area that needs to be explored. Therefore, we explored the relationships between the two major constructs namely ‘user vulnerabilities’ and ‘email contextualization’, through the theory of planned behavior with the objective to find out the major factors that lead to computer users biting the phishers’ bait. In this theoretical version of the paper, we provided the resulting two constructs that needed to be tested.
评估用户漏洞与鱼叉式网络钓鱼中的钓鱼者技能
鱼叉式网络钓鱼邮件给组织的员工带来了巨大的危险,因为员工在识别鱼叉式网络钓鱼线索的威胁方面存在固有的弱点,以及鱼叉式网络钓鱼者在制作上下文令人信服的电子邮件方面的技能。这就提出了一个主要问题,即哪种构造(用户漏洞还是网络钓鱼者技能)对易受攻击的用户有更大的影响。研究人员已经提供了足够的证据证明用户的脆弱性,即对金钱利益的渴望,计算机用户的好奇心,用户的粗心大意,用户对所谓的发件人的信任,以及计算机用户缺乏意识。然而,我们在本文中探讨的影响毫无戒心的用户遭受网络钓鱼或鱼叉式网络钓鱼攻击的每个因素的大小,缺乏研究。虽然用户漏洞构成了主要风险,但鱼叉式网络钓鱼者熟练地制作令人信服的电子邮件(使用恐惧呼吁、行动紧迫性和电子邮件上下文化)来诱骗甚至熟练的IT安全人员的能力的影响是一个需要探索的领域。因此,我们通过计划行为理论,探索“用户漏洞”和“邮件语境化”这两个主要构式之间的关系,目的是找出导致计算机用户上钩的主要因素。在本文的理论版本中,我们提供了需要测试的两个构造。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
IADIS-International Journal on Computer Science and Information Systems
IADIS-International Journal on Computer Science and Information Systems COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS-
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信