Got Phished! Role of Top Management Support in Creating Phishing Safe Organizations

In this research, we examine the role of top management involvement in creating phishing awareness in an organization. This study deploys field study experiment with phishing deception. The study was carried out in two phases – phase 1 involved training the employee-participants of a Midwestern US University randomly using two different phishing awareness training videos – one showcasing chancellor of a Midwestern University, and another one showcasing a newly hired IT officer. Phase 2 involved three phishing attacks with varying regarding the degree of sophistication (or social engineering). The results show that there is a significant positive impact of perceived top management involvement in creating phishing awareness and preventing employees from getting phished. The paper concludes by discussing theoretical and managerial implications

A Survey on Phishing Attacks in Cyberspace

Phishing is a type of cyber attack in which cybercriminals use various advanced techniques to deceive people, such as creating fake webpages or malicious e-mails. The objective of phishing attacks is to gather personal data, money, or personal information from victims illegally. The primary aim of this review is to survey the literature on phishing attacks in cyberspace. It discusses different types of phishing attacks, such as spear phishing, e-mail spoofing, phone phishing, web spoofing, and angler phishing, as well as negative consequences they may cause for people. Phishing is typically carried out through different delivery methods such as e-mail, phone calls, or messaging. Victims of phishing are usually either not sensitive to privacy protection or do not have enough knowledge about social engineering attacks to know they are at risk. In addition, this paper introduces different methods for detecting phishing attacks. The last section discusses certain limitations of existing studies on phishing detection and potential future researc

Model for phishing websites classification using artificial neural network

Internet users might be exposed to various forms of threats that can create economic harm, identity fraud, and lack of faith in e-commerce and online banking by consumers as the internet has become a necessary part of everyday activities. Phishing can be regarded as a type of web extortions described as the skill of imitating an honest company's website aimed at obtaining private information for example usernames, passwords, and bank information. The accuracy of classification is very significant in order to produce high accuracy results and least error rate in classification of phishing websites. The objective of this research is to model a suitable neural network classifier and then use the model to class the phishing website data set and evaluate the performance of the classifier. This research will use a phishing website data set which was retrieved from UCI repository and will be experimented using Encog Workbench tool. The main expected outcome from this study is the preliminary ANN classifier which classifies the target class of the phishing websites data set accurately, either phishy, suspicious or legitimate ones. The results indicate that ANN (9-5-1) model outperforms other models by achieving the highest accuracy and the least MSE value which is 0.04745

Model Klasifikasi Untuk Deteksi Situs Phising Di Indonesia

Penelitian ini mengusulkan sebuah model klasifikasi yang dapat digunakan untuk mendeteksi situs phising di Indonesia (berbahasa Indonesia, berserver di Indonesia atau sering digunakan oleh pengguna internet dari Indonesia) secara akurat. Teknik deteksi yang diusulkan berdasarkan analisis situs menggunakan pendekatan berbasis fitur konten dan URL. Model klasifikasi ini mengkombinasikan beberapa fitur unik dari penelitian sebelumnya dan fitur baru berbasis konten dan URL untuk meningkatkan kinerja deteksi agar mampu mengungguli model klasifikasi pada penelitian sebelumnya. Dataset yang digunakan dalam penelitian ini kurang lebih terdiri dari 340 situs phising dan 340 situs non-phising. Selain itu, pada model klasifikasi yang diusulkan dibuat sebuah web crawler berbasis PHP dan API (Application Programming Interface) untuk mengekstraksi fitur pada penelitian ini, sehingga memudahkan peneliti dalam pengolahan data menggunakan software Weka. Penelitian ini menggunakan 4 algoritma berbeda antara lain SMO (Sequential Minimal Optimization), Naive Bayes, Bagging dan Multilayer Perceptron. Hasilnya, SMO, Naive Bayes, Bagging dan Multilayer Perceptron memiliki akurasi kurang lebih 95,88%, 96,91%, 97,35% dan 96,91%. Dimana algoritma dengan akurasi terbaik yaitu Bagging akan digunakan dalam model klasifikasi ini untuk dibandingkan dengan model klasifikasi pada penelitian sebelumnya menggunakan dataset yang sama. Hasilnya, akurasi dari model klasifikasi pada penelitian ini mengungguli akurasi dari model klasifikasi pada penelitian sebelumnya. Model klasifikasi pada penelitian ini unggul 16,76% terhadap model klasifikasi pada penelitian sebelumnya yang mana hanya menghasilkan akurasi 80,59%. ================================================================================================ This research proposed a classification model that can be used to detect phishing website in Indonesia (using Bahasa Indonesia, hosted in Indonesia or frequently accessed by Internet users from Indonesia) accurately. The proposed detection technique based on website analysis using the URL and content feature based approach. This classification model combines some unique feature vectors of previous research and new feature vector based on URL and content approach to improve detection performance to be able to outperform classification model in previous research. Dataset used in this research consisted of approximately 340 authentic websites and 340 phishing websites. Moreover, in the proposed classification model created a web crawler based on PHP and API (Application Programming Interface) to extract feature vectors in this research, so it can support researcher in data processing using software Weka. This research uses four different algorithms such as SMO (Sequential Minimal Optimization), Naive Bayes, Bagging and Multilayer Perceptron. The result, SMO, Naive Bayes, Bagging and Multilayer Perceptron have accuracy of approximately 95.88%, 96.91%, 97.35% and 96.91%. Algorithm has the best accuracy is Bagging, it will be used in this classification model to compare with classification model in previous research using same dataset. The result, accuracy of classification model in this research outperformed accuracy of classification model in previous research. The classification model in this research outperform 6.01% against classification model in previous research which only yielded 80.59% accuracy