Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
An empirical investigation of the effect of target-related information in phishing attacks
Industrial Information and Control Systems, Royal Institute of Technology, Stockholm, Sweden.
Swedish Defense Research Agency (FOI), Linköping, Sweden.
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Information Systems)ORCID iD: 0000-0001-5962-9995
Industrial Information and Control Systems, Royal Institute of Technology, Stockholm, Sweden.
2014 (English)In: IEEE 18th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations EDOCW 2014: 1-2 September 2014 Ulm, Germany: Proceedings / [ed] Georg Grossmann; Sylvain Hallé; Dimka Karastoyanova; Manfred Reichert; Stefanie-Rinderle-Ma, IEEE Computer Society, 2014, p. 357-363Conference paper, Published paper (Refereed)
Abstract [en]

Analyzing the role of target-related information in a security attack is an understudied topic in the behavioral information security research field. This paper presents an empirical investigation of the effect of adding information about the target in phishing attacks. Data was collected by conducting two phishing experiments using a sample of 158 employees at five Swedish organizations. The first experiment included a traditional mass-email attack with no target-related information, and the second experiment was a targeted phishing attack in which we included specific information related to the targeted employees' organization. The results showed that the number of organizational employees falling victim to phishing significantly increased when target-related information was added in the attack. During the first experiment 5.1 % clicked on the malicious link compared to 27.2 % of the second phishing attack, and 8.9 % of those executed the binary compared to 3.2 % of the traditional phishing attack. Adding target-related information is an effective way for attackers to significantly increase the effectiveness of their phishing attacks. This is the first study that has showed this significant effect using organizational employees as a sample. The implications of the results are further discussed.

Place, publisher, year, edition, pages
IEEE Computer Society, 2014. p. 357-363
Series
International Enterprise Distributed Object Computing Conference (EDOC), ISSN 2325-6583, E-ISSN 2325-6605
Keywords [en]
direct observations, experiments, phishing, security behavior, Social engineering
National Category
Communication Systems
Research subject
Technology; Information Systems
Identifiers
URN: urn:nbn:se:his:diva-10136DOI: 10.1109/EDOCW.2014.59ISI: 000411853300050Scopus ID: 2-s2.0-84919772804ISBN: 978-1-4799-5470-4 (print)ISBN: 978-1-4799-5467-4 (electronic)OAI: oai:DiVA.org:his-10136DiVA, id: diva2:758536
Conference
1st International Workshop on Compliance, Evolution and Security in Cross-Organizational Processes, Ulm, Germany, September 01-05, 2014; Int'l workshop in the scope of the 18th Int'l IEEE Enterprise Distributed Object Computing Conference (EDOC 2014)
Note

Alt. ISSN: 1541-7719

Available from: 2014-10-27 Created: 2014-10-27 Last updated: 2023-02-20Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Nohlberg, Marcus

Search in DiVA

By author/editor
Nohlberg, Marcus
By organisation
School of InformaticsThe Informatics Research Centre
Communication Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 1085 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf