Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Detect phishing by checking content consistency
Phishing is a form of cybercrime used to lure a victim to reveal his/her sensitive personal information to fraudulent web pages. To protect users from phishing attacks, many anti-phishing techniques have been proposed to block suspicious web pages, which are...
Real time detection of phishing websites
Web Spoofing lures the user to interact with the fake websites rather than the real ones. The main objective of this attack is to steal the sensitive information from the users. The attacker creates a ‘shadow’ website that looks similar to the legitimate website. This...
Social network security: issues, challenges, threats, and solutions
Networks are very popular in today’s world. Millions of people use various forms of social networks as they allow individuals to connect with friends and family, and share private information. However, issues related to maintaining the privacy and security of a user’s...
Addressing the incremental risks associated with adopting bring your own device
Bring Your Own Device (BYOD) involves allowing employees to use their own mobile devices to access their organisations’ networks. Many organisations are embracing this trend as a means to cut information technology (IT) expenditure, enhance employee satisfaction, etc....
Online disclosure of personally identifiable information with strangers: effects of public and private sharing
Safeguarding personally identifiable information (PII) is crucial because such information is increasingly used to engineer privacy attacks, identity thefts and security breaches. But is it likely that individuals may choose to just share this information with...
Presenting Suspicious Details in User-Facing E-mail Headers Does Not Improve Phishing Detection
Phishing requires humans to fall for impersonated sources. Sender authenticity can often be inferred from e-mail header information commonly displayed by e-mail clients, such as sender and recipient details. People may be biased by convincing e-mail content and...
Designing and conducting phishing experiments
We describe ethical and procedural aspects of setting up and conducting phishing experiments, drawing on experience gained from being involved in the design and execution of a sequence of phishing experiments (second author), and from being involved in the review of...
Quantifying phishing susceptibility for detection and behavior decisions
Objective: We use signal detection theory to measure vulnerability to phishing attacks, including variation in performance across task conditions.Background: Phishing attacks are difficult to prevent with technology alone, as long as technology is operated by people....
A phish scale: rating human phishing message detection difficulty
As organizations continue to invest in phishing awareness training programs, many Chief Information Security Officers (CISOs) are concerned when their training exercise click rates are high or variable, as they must justify training budgets to those who question the...
Do users focus on the correct cues to differentiate between phishing and genuine emails?
This paper examines the cues that typically differentiate phishing emails from genuine emails. The research is conducted in two stages. In the first stage, we identify the cues that actually differentiate between phishing and genuine emails. These are the consistency...
Exploring susceptibility to phishing in the workplace
Phishing emails provide a means to infiltrate the technical systems of organisations by encouraging employees to click on malicious links or attachments. Despite the use of awareness campaigns and phishing simulations, employees remain vulnerable to phishing emails....
Suspicion, cognition, and automaticity model of phishing susceptibility
Social-psychological research on phishing has implicated ineffective cognitive processing as the key reason for individual victimization. Interventions have consequently focused on training individuals to better detect deceptive emails. Evidence, however, points to...
Analysis on cookies and cybersecurity
Cookies are essential to the modern internet. People use cookies and other tracking technologies to integrate the browsing experience of websites, present personalized content and targeted advertising, understand the origin of their audience, and analyze web traffic....
A Study On Social Engineering Attacks: Phishing Attack
Recently, with the development of digital technology and the spread of the social media network and made the communication of human beings between each other more easily, but with the put the personal information and private evidence and the participation of others...
Phishing Attacks: A Recent Comprehensive Study and a New Anatomy
With the significant growth of internet usage, people increasingly share their personal information online. As a result, an enormous amount of personal information and financial transactions become vulnerable to cybercriminals. Phishing is an example of a highly...
Prevalence of Sharing Access Credentials in Electronic Medical Records
Objectives Confidentiality of health information is an important aspect of the physician patient relationship. The use of digital medical records has made data much more accessible. To prevent data leakage, many countries have created regulations regarding medical...
Coping responses in phishing detection: an investigation of antecedents and consequences
This study investigates users’ coping responses in the process of phishing email detection. Three common responses are identified based on the coping literature: task-focused coping, emotion-focused coping (i.e., worry and self-criticism), and avoidance coping. The...
Hacking the human: the prevalence paradox in cybersecurity
Objective: This work assesses the efficacy of the “prevalence effect” as a form of cyberattack in human-automation teaming, using an email task. Background: Under the prevalence effect, rare signals are more difficult to detect, even when taking into account their...
User Context: An Explanatory Variable in Phishing Susceptibility
Extensive research has been performed to examine the effectiveness of phishing defenses, but much of this research was performed in laboratory settings. In contrast, this work presents 4.5 years of workplace-situated, embedded phishing email training exercise data,...
No Phishing beyond This Point
As phishing continues to evolve, what’s your organization doing to stay off the hook? If your organization uses email, you have a phishing problem. Based on FBI data, Trend Micro predicts global losses from business email compromise (BEC) attacks will surpass $9...
Is cybersecurity research missing a trick? Integrating insights from the psychology of habit into research and practice.
The idea that people should form positive security habits is gaining increasing attention amongst security practitioners. Habit is a well-studied concept in psychology, but the extent to which the richness of that literature has been fully utilised for security is...