Problem: How can the effectiveness of a phishing attack be quantified and/or measured?
Applications: This project will provide a resource for Idaho National Labs to quantitavely evaluate the effectiveness of their security awareness program in regards to phishing attacks. In turn, it will aid them in hardening the human element of security at the research facility.
Approach: Our approach is to construct a fully functional phishing system where we can craft phishing emails, send emails, and place links that point to our web application. We hope to use this system to conduct an anonymous and non-malicious experiment. This data will assist in the design and implementation of the algorithm that will evaluate the relative effectiveness of a phishing email.
Interim Results: At this point in time we have have started the experimental approval process and developed a functioning phishing system to use in our experiment. We have created the framework in which to construct our algorithm.
Anticipated Results: Next Semester we plan to have a fully functioning phishing email evaluation algorithm. In addition are trying to run a live phishing study at VCU and if it is approved, itwill provide valuable data on the accuracy of our algorithm.https://scholarscompass.vcu.edu/capstone/1027/thumbnail.jp