Phishing Attacks Root Causes

Abroshan, Hossein; Devos, Jan; Poels, Geert; Laermans, Eric

doi:10.1007/978-3-319-76687-4_13

Cited by 10 publications

(25 citation statements)

References 55 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As explained in this paper and based on the other studies mentioned [8,45], people's decision-making style can be one of the factors in a successful phishing process. Sometimes scammers put their targets in a situation where they are more likely to make a poor decision, from the perspective of the victim.…”

Section: B Decision-making Stylementioning

confidence: 91%

“…Risk-taking is, in general, listed as one of the root causes of a successful phishing attack [8,40,41]. Other studies show that risk-taking is one of the causes of successful scams [9,14,42,43], so it might impact people's phishability.…”

Section: A Risk-taking Behaviourmentioning

confidence: 99%

“…Even when the decision-making style is not the main cause of a successful phishing attack, it can be one of the factors that determine the success or failure of the attack. For instance, the target user might decide to share sensitive, personal information in one of the phishing steps [8,[49][50][51]. A target user might open a phishing email and click on the link as a result of their risk-taking behaviour but may submit their sensitive, personal information on the phishing website due to their decision-making style.…”

Section: B Decision-making Stylementioning

confidence: 99%

“…Previous studies [8,9] showed that a scammer might use human cognitive and behavioural attributes to design their tricks and to fool victims. For instance, a scammer may send a fake email that appears to come from a legitimate source and use the behavioural weaknesses of the victim to build trust.…”

Section: Introductionmentioning

confidence: 99%

“…to click or not to click, to submit personal data or not) and takes risks (e.g. click on the link even when the email is suspicious because the phisher offers an "easily and quickly-achievable reward") throughout the phishing process [8,9,[14][15][16].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Phishing Happens Beyond Technology: The Effects of Human Behaviors and Demographics on Each Step of a Phishing Process

et al. 2021

Self Cite

View full text Add to dashboard Cite

Prior studies have shown that the behaviours and attitudes of Internet users influence the likelihood of being victimised by phishing attacks. Many scammers design a step-by-step approach to phishing in order to gain the potential victim's trust and convince them to take the desired actions. It is important to understand which behaviours and attitudes can influence following the attacker in each step of a phishing scam. This will enable us to identify the root causes of phishing and to develop specific mitigation plans for each step of the phishing process and to increase prevention points. This study investigates to what extent people's risk-taking and decision-making styles influence the likelihood of phishing victimisation in three specific phishing steps. We asked participants to play a risk-taking game and to answer questions related to two psychological scales to measure their behaviours, and then conducted a simulated phishing campaign to assess their phishability throughout the three phishing steps selected. We find that the attitude to risk-taking and gender can predict users' phishability in the different steps selected. There are however other possible direct and indirect behavioural factors that could be investigated in future studies. The results of this study and the model developed can be used to build a comprehensive framework to prevent the success of phishing attempts, starting from their root causes.

show abstract

Section: B Decision-making Stylementioning

confidence: 91%

Section: A Risk-taking Behaviourmentioning

confidence: 99%

Section: B Decision-making Stylementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Phishing Happens Beyond Technology: The Effects of Human Behaviors and Demographics on Each Step of a Phishing Process

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

Friend or Foe: An Investigation into Recipient Identification of SMS-Based Phishing

Clasen

Williams

2021

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Short Message Service (SMS) messaging plays a key role in many people's lives, allowing communication between friends, family and businesses through the convenient use of a mobile phone. At the same time, criminals are able to utilise this technology to their own benefit, such as by sending phishing messages that convince their victims into sharing sensitive information or installing dangerous software on their devices. Indeed, Proofpoint's State of the Phish report found 81% of surveyed US organisations had faced smishing attackswhich is a type phishing attack via SMS message in 2020. Although phishing is well studied, the amount of research in SMS-based phishing is somewhat limited. Therefore, this study addresses the lack of SMS-based phishing insight, investigating which techniques/tactics are used by malicious senders and honest recipients to disguise/identify SMS-based phishing. By using an online questionnaire, a total of 576 participants' options upon 20 text messages (10 genuine and 10 phishing) were gathered. The result shows 73.4% of the SMS messages were categorised correctly; also a number of factors such as shortened URLs, inconsistent metadata/content, urgency cue, and age play a positive role in identifying phishing attacks.Keywords. short message service (SMS), phishing, text message, mobile phishing Literature ReviewThis literature review explores the techniques and tactics used by attackers when constructing SMS phishing messages and external factors that influence the capability of recipients to detect phishing.

show abstract

Guidelines for Developers and Recommendations for Users to Mitigate Phishing Attacks: An Interdisciplinary Research Approach

Bukhsh

2023

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

Phishing Attacks Root Causes

Cited by 10 publications

References 55 publications

Phishing Happens Beyond Technology: The Effects of Human Behaviors and Demographics on Each Step of a Phishing Process

Phishing Happens Beyond Technology: The Effects of Human Behaviors and Demographics on Each Step of a Phishing Process

Friend or Foe: An Investigation into Recipient Identification of SMS-Based Phishing

Guidelines for Developers and Recommendations for Users to Mitigate Phishing Attacks: An Interdisciplinary Research Approach

Contact Info

Product

Resources

About