Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 6 of 6
Full-Text Articles in Physical Sciences and Mathematics
Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution, Marco Casagrande, Mauro Conti, Monica Fedeli, Eleonora Losiouk
Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution, Marco Casagrande, Mauro Conti, Monica Fedeli, Eleonora Losiouk
Journal of Cybersecurity Education, Research and Practice
Phishing is a common social engineering attack aimed to steal personal information. Universities attract phishing attacks because: 1) they store employees and students sensitive data, 2) they save confidential documents, 3) their infrastructures often lack security. In this paper, we showcase a phishing assessment at the University of Redacted aimed to identify the people, and the features of such people, that are more susceptible to phishing attacks. We delivered phishing emails to 1.508 subjects in three separate batches, collecting a clickrate equal to 30%, 11% and 13%, respectively. We considered several features (i.e., age, gender, role, working/studying field, email template) …
Experimental Study To Assess The Impact Of Timers On User Susceptibility To Phishing Attacks, Amy E. Antonucci, Yair Levy, Laurie P. Dringus, Martha Snyder
Experimental Study To Assess The Impact Of Timers On User Susceptibility To Phishing Attacks, Amy E. Antonucci, Yair Levy, Laurie P. Dringus, Martha Snyder
Journal of Cybersecurity Education, Research and Practice
Social engineering costs organizations billions of dollars. It exploits the weakest link of information systems security, the users. It is well-documented in literature that users continue to click on phishing emails costing them and their employers significant monetary resources and data loss. Training does not appear to mitigate the effects of phishing much; other solutions are warranted. Kahneman introduced the concepts of System-One and System-Two thinking. System-One is a quick, instinctual decision-making process, while System-Two is a process by which humans use a slow, logical, and is easily disrupted. The key aim of our experimental field study was to investigate …
Subject Matter Experts’ Feedback On Experimental Procedures To Measure User’S Judgment Errors In Social Engineering Attacks, Tommy Pollock, Yair Levy, Wei Li, Ajoy Kumar
Subject Matter Experts’ Feedback On Experimental Procedures To Measure User’S Judgment Errors In Social Engineering Attacks, Tommy Pollock, Yair Levy, Wei Li, Ajoy Kumar
Journal of Cybersecurity Education, Research and Practice
Distracted users can fail to correctly distinguish the differences between legitimate and malicious emails or search engine results. Mobile phone users can have a more challenging time identifying malicious content due to the smaller screen size and the limited security features in mobile phone applications. Thus, the main goal of this research study was to design, develop, and validate a set of field experiments to assess user’s judgment when exposed to two types of simulated social engineering attacks: phishing and Potentially Malicious Search Engine Results (PMSER), based on the interaction of the environment (distracting vs. non-distracting) and type of device …
The 2020 Twitter Hack – So Many Lessons To Be Learned, Paul D. Witman, Scott Mackelprang
The 2020 Twitter Hack – So Many Lessons To Be Learned, Paul D. Witman, Scott Mackelprang
Journal of Cybersecurity Education, Research and Practice
In mid-July 2020, the social media site Twitter had over 100 of its most prominent user accounts start to tweet requests to send Bitcoin to specified Bitcoin wallets. The requests promised that the Bitcoin senders would receive their money back doubled, as a gesture of charity amidst the COVID-19 pandemic. The attack appears to have been carried out by a small group of hackers, leveraging social engineering to get access to internal Twitter support tools. These tools allowed the hackers to gain full control of the high-profile user accounts and post messages on their behalf. The attack provides many paths …
Gophish: Implementing A Real-World Phishing Exercise To Teach Social Engineering, Andy Luse, Jim Burkman
Gophish: Implementing A Real-World Phishing Exercise To Teach Social Engineering, Andy Luse, Jim Burkman
Journal of Cybersecurity Education, Research and Practice
Social engineering is a large problem in our modern technological world, but while conceptually understood, it is harder to teach compared to traditional pen testing techniques. This research details a class project where students implemented a phishing exercise against real-world targets. Through cooperation with an external corporate partner, students learned the legal, technical, behavioral, analysis, and reporting aspects of social engineering. The outcome provided both usable data for a real-world corporation as well as valuable educational experience for the students.
Sit Back, Relax, And Tell Me All Your Secrets, Sarah Kirk, Daniel Foreman, Cody Lee, Shannon W. Beasley
Sit Back, Relax, And Tell Me All Your Secrets, Sarah Kirk, Daniel Foreman, Cody Lee, Shannon W. Beasley
Journal of Cybersecurity Education, Research and Practice
The goal of this research is to describe an active learning opportunity that was conducted as a community service offering through our Center for Cybersecurity Education and Applied Research (CCEAR). As a secondary goal, the participants sought to gain real world experience by applying techniques and concepts studied in security classes. A local insurance company tasked the CCEAR with assembling a team of students to conduct penetration testing (including social engineering exploits) against company personnel. The endeavor allowed the insurance company to obtain information that would assess the effectiveness of employee training with regard to preventing the divulgence of sensitive …