Marusenko, Roman та Sokolov, V. Y. та Buriachok, Volodymyr (2020) Experimental Evaluation of Phishing Attack on High School Students Advances in Intelligent Systems and Computing (1247). с. 668-680. ISSN 2194-5357
Перегляд |
Текст
Marusenko_R_Sokolov_V_Buriachok_V_AISC_1247.pdf Download (90kB) | Перегляд |
Анотація
The effectiveness of phishing attacks is being analyzed by many researchers. At the same time, researches often deal with the random sample of people suffered a phishing attack and are limited with analysis of consequences of unrelated cases without conducting an actual phishing experiment. Experiments typically involve a small number of respondents. The novelty of present study is to analyze the educational institution’ susceptibility to phishing attack. Authors demonstrate a methodology of creating a group of targets homogeneous in age, place of study, level of knowledge and to conduct an experiment on a large group of respondents (3,661 people). The methodology of gathering and filtering of email addresses using open sources of information is explained. Emotionally neutral text of a phishing email to minimize the deceptive effect of the letter was formulated. The experiment showed the success rate of the attack on a large sample of students at 10.8%, and demonstrated the vulnerability of the educational institution’s infrastructure to the hidden preparation and conduct of the attack. Novelty of methodology includes use of a phishing letter that includes a questionnaire to gather statistics on responders’ awareness of phishing nature. It made possible to compare respondents’ beliefs with the real susceptibility to phishing based on sensitive data they provided in return to the phishing letter. We show how the data collected by phishing can be personalized and conclude that respondents need further training to detect phishing attacks. We also argue necessary organizational, infrastructural measures, recommendations of necessary mail server configuration changes.
| Тип елементу : | Стаття |
|---|---|
| Додаткова інформація: | DOI: 10.1007/978-3-030-55506-1_59 EID: 2-s2.0-85089721650 |
| Ключові слова: | Attack; Fishing; Personal information; Sensitive information; Social engineering |
| Типологія: | Це архівна тематика Київського університету імені Бориса Грінченка > Статті у наукометричних базах > Scopus |
| Підрозділи: | Це архівні підрозділи Київського університету імені Бориса Грінченка > Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки імені професора Володимира Бурячка |
| Користувач, що депонує: | Volodymyr Sokolov |
| Дата внесення: | 31 Серп 2020 06:58 |
| Останні зміни: | 31 Серп 2020 06:58 |
| URI: | https://elibrary.kubg.edu.ua/id/eprint/31678 |
Actions (login required)
 |
Перегляд елементу |