The Need for New Antiphishing Measures Against Spear-Phishing Attacks

In this study, we provide extensive analysis of the (unique) characteristics of phishing and spear-phishing attacks, argue that spear-phishing attacks cannot be well captured by current countermeasures, identify ways forward, and analyze an advanced spear-phishing campaign targeting white-collar workers in 32 countries.

[1]  Fatemeh Zahedi,et al.  Impact of anti-phishing tool performance on attack success rates , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[2]  Luca Allodi,et al.  Economic Factors of Vulnerability Trade and Exploitation , 2017, CCS.

[3]  Jason Hong,et al.  The state of phishing attacks , 2012, Commun. ACM.

[4]  Stefan Savage,et al.  Detecting and Characterizing Lateral Phishing at Scale , 2019, USENIX Security Symposium.

[5]  Sholom Cohen,et al.  Analysis of Unintentional Insider Threats Deriving from Social Engineering Exploits , 2014, 2014 IEEE Security and Privacy Workshops.

[6]  Rick Wash,et al.  Who Provides Phishing Training?: Facts, Stories, and People Like Me , 2018, CHI.

[7]  Engin Kirda,et al.  A Look at Targeted Attacks Through the Lense of an NGO , 2014, USENIX Security Symposium.

[8]  Bernhard Haslhofer,et al.  Ransomware Payments in the Bitcoin Ecosystem , 2018, J. Cybersecur..

[9]  Oded Nov,et al.  Spear-Phishing in the Wild: A Real-World Study of Personality, Phishing Self-Efficacy and Vulnerability to Spear-Phishing Attacks , 2015 .

[10]  Luca Allodi,et al.  Cognitive Triaging of Phishing Attacks , 2019, USENIX Security Symposium.

[11]  Rui Chen,et al.  Research Article Phishing Susceptibility: An Investigation Into the Processing of a Targeted Spear Phishing Email , 2012, IEEE Transactions on Professional Communication.

[12]  R. Cialdini Influence: Science and Practice , 1984 .

[13]  Ryan T. Wright,et al.  Research Note - Influence Techniques in Phishing Attacks: An Examination of Vulnerability and Resistance , 2014, Inf. Syst. Res..