A Case Study of Phishing Incident Response in an Educational Organization

Althobaiti, Kholoud; Jenkins, Adam; Vaniea, Kami

doi:10.1145/3476079

Cited by 15 publications

(31 citation statements)

References 86 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A best practice here is to ask users to report suspicious looking email which is then reviewed by help desk staff or a security team [29,34]. The major problem with this approach is scale and time [3,57]. If many users report emails then it takes time to manually review them, which means a slower response time to the attack and a slower response to the people reporting.…”

Section: Related Workmentioning

confidence: 99%

“…Therefore, employees are regularly told to report phishing to their organizations' computing support desk or Information Security (IS) teams. However, processing these reports at scale is quite challenging [3]. Problems range from the number of reports to the fact that phishing is specifically designed by attackers to bypass automated filters, making it challenging to automatically extract reliable features.…”

mentioning

confidence: 99%

“…Given the risks and expenses involved, organizations go to great lengths to prevent phishing from being successful, best practice recommends a mix of proactive security measures like automated filters on email servers and reactive measures which include encouraging employees to report any phishing that they encounter [3,17,63]. While automated detection of phishing is impressively effective, with some algorithms achieving accuracy rates over 99% [22,25], it is still the case that some phishing makes it through into user inboxes.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Context-Based Clustering to Mitigate Phishing Attacks

Saka

Vaniea

Kökciyan

2022

Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security

Self Cite

View full text Add to dashboard Cite

Phishing is by far the most common and disruptive type of cyberattack faced by most organizations. Phishing messages may share common attributes such as the same or similar subject lines, the same sending infrastructure, similar URLs with certain parts slightly varied, and so on. Attackers use such strategies to evade sophisticated email filters, increasing the difficulty for computing support teams to identify and block all incoming emails during a phishing attack. Limited work has been done on grouping human-reported phishing emails, based on the underlying scam, to help the computing support teams better defend organizations from phishing attacks. In this paper, we explore the feasibility of using unsupervised clustering techniques to group emails into scams that could ideally be addressed together. We use a combination of contextual and semantic features extracted from emails and perform a comparative study on three clustering algorithms with varying feature sets. We use a range of internal and external validation methods to evaluate the clustering results on real-world email datasets. Our results show that unsupervised clustering is a promising approach for scam identification and grouping, and analyzing reported phishing emails is an effective way of mitigating phishing attacks and utilizing the human perspective. CCS CONCEPTS• Security and privacy → Phishing; • Computing methodologies → Cluster analysis; Information extraction.

show abstract

Section: Related Workmentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Context-Based Clustering to Mitigate Phishing Attacks

Saka

Vaniea

Kökciyan

2022

Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…The ITIL (IT Infrastructure Library) [2], [10], [22] approach to IT management provides a set of best practices derived from the public and private sectors of various countries. ITIL is a set of rules that describe a systematic approach to IT deployment, implementation, and management.…”

Section: Information Security Toolsmentioning

confidence: 99%

Digitalization of Educational Services with Regard to Policy for Information Security

Petrov¹,

Kuyumdzhiev²,

Malkawi³

et al. 2022

TEM Journal

View full text Add to dashboard Cite

Faced with the widespread digitalization in educational services, every educational organization has to strive to meet modern-day quality and security standards for both information and other assets. The education organizations should invest in a methodology that identifies system flaws and, as a result, opportunities for improvement. To protect the educational organization's information assets from internal, external, intentional, or unintentional threats, an "Information Security Policy" should be developed. Effective data management necessitates not only the identification of data requirements but also security issues. Educators and students should be subject to policies that define and impose conditions in a variety of sensitive areas.

show abstract

“…Given the likelihood that a large scale phishing campaign will result in some people interacting with it, it is equally likely that other people will identify it. If those people report the phishing quickly, then the organization can take preventive measures like removing it from all staff email inboxes and blocking malicious links using a firewall [4]. In other words, it only takes one person reporting a phishing email to protect a whole organization from it.…”

Section: Introductionmentioning

confidence: 99%

"I didn't click": What users say when reporting phishing

Pilavakis¹,

Jenkins²,

Kökciyan³

et al. 2023

Proceedings 2023 Symposium on Usable Security

View full text Add to dashboard Cite

When people identify potential malicious phishing emails one option they have is to contact a help desk to report it and receive guidance. While there is a great deal of effort put into helping people identify such emails and to encourage users to report them, there is relatively little understanding of what people say or ask when contacting a help desk about such emails. In this work, we qualitatively analyze a random sample of 270 help desk phishing tickets collected across nine months. We find that when reporting or asking about phishing emails, users often discuss evidence they have observed or gathered, potential impacts they have identified, actions they have or have not taken, and questions they have. Some users also provide clear arguments both about why the email really is phishing and why the organization needs to take action about it.

show abstract

A Case Study of Phishing Incident Response in an Educational Organization

Cited by 15 publications

References 86 publications

Context-Based Clustering to Mitigate Phishing Attacks

Context-Based Clustering to Mitigate Phishing Attacks

Digitalization of Educational Services with Regard to Policy for Information Security

"I didn't click": What users say when reporting phishing

Contact Info

Product

Resources

About