Experimental Evaluation of Phishing Attack on High School Students

Marusenko, Roman and Sokolov, V. Y. and Buriachok, Volodymyr (2020) Experimental Evaluation of Phishing Attack on High School Students Advances in Intelligent Systems and Computing (1247). pp. 668-680. ISSN 2194-5357

[img]
Preview
Text
Marusenko_R_Sokolov_V_Buriachok_V_AISC_1247.pdf

Download (90kB) | Preview

Abstract

The effectiveness of phishing attacks is being analyzed by many researchers. At the same time, researches often deal with the random sample of people suffered a phishing attack and are limited with analysis of consequences of unrelated cases without conducting an actual phishing experiment. Experiments typically involve a small number of respondents. The novelty of present study is to analyze the educational institution’ susceptibility to phishing attack. Authors demonstrate a methodology of creating a group of targets homogeneous in age, place of study, level of knowledge and to conduct an experiment on a large group of respondents (3,661 people). The methodology of gathering and filtering of email addresses using open sources of information is explained. Emotionally neutral text of a phishing email to minimize the deceptive effect of the letter was formulated. The experiment showed the success rate of the attack on a large sample of students at 10.8%, and demonstrated the vulnerability of the educational institution’s infrastructure to the hidden preparation and conduct of the attack. Novelty of methodology includes use of a phishing letter that includes a questionnaire to gather statistics on responders’ awareness of phishing nature. It made possible to compare respondents’ beliefs with the real susceptibility to phishing based on sensitive data they provided in return to the phishing letter. We show how the data collected by phishing can be personalized and conclude that respondents need further training to detect phishing attacks. We also argue necessary organizational, infrastructural measures, recommendations of necessary mail server configuration changes.

Item Type: Article
Additional Information: DOI: 10.1007/978-3-030-55506-1_59 EID: 2-s2.0-85089721650
Uncontrolled Keywords: Attack; Fishing; Personal information; Sensitive information; Social engineering
Subjects: Статті у наукометричних базах > Scopus
Divisions: Факультети > Факультет інформаційних технологій та управління > Кафедра інформаційної та кібернетичної безпеки
Depositing User: Volodymyr Sokolov
Date Deposited: 31 Aug 2020 06:58
Last Modified: 31 Aug 2020 06:58
URI: http://elibrary.kubg.edu.ua/id/eprint/31678

Actions (login required)

View Item View Item