Guidelines for Developers and Recommendations for Users to Mitigate Phishing Attacks:An Interdisciplinary Research Approach

Phishing attacks are common these days. If successful, these attacks cause psychological, emotional, and financial damage to the victims. Such damages may have a long-term impact. The overall objective of this Ph.D. research is to contribute to mitigating phishing victimization risks by exploring phishing prevalence, user-related risk factors, and vulnerable target groups and by designing (1) guidelines for social website developers focused on internet user vulnerabilities and (2) recommendations for users to avoid such attacks. The Ph.D. research acknowledges that phishing attacks are technical in nature, while the impact is financial and psychological. Therefore, an interdisciplinary research approach focusing on empirical research methods from social sciences (i.e., focus groups and surveys) and computer science (i.e., data-driven techniques such as machine learning) is adopted for the research. In particular, we aim to use a machine learning model for data analytics and quantitative and qualitative research design for psychological analysis. The research outcome of this Ph.D. work is expected to provide recommendations for internet users and organizations developing social-media-based software systems through more phishing aware development practices.</p

A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed web- sites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial

A Demographic Analysis to Determine User Vulnerability among Several Categories of Phishing Attacks.

Phishing attacks have been on a meteoric rise in the last number of years, with 2016 seeing a 65% increase. The attacks range from targeting individuals with personalised messages to spam attacks from bot accounts. With the chances of being targeted by a phishing attack increasing, it is important to identify who is most at risk in order to help alleviate this threat. The aim of this study is to examine members from several demographics and their vulnerability to three types of phishing using data collected from a survey (n = 198). The survey tested the participant’s ability to recognise spoofed phishing emails, SMS phishing (Smishing) and content spoofing attacks. The respondents were presented with questions in the form of screenshots using real world phishing examples. Their answers were collected which recorded whether they got each question correct or incorrect. The data collected was analysed using a two sample t-test or one-way Anova depending on the number of categories per demographic. This study addressed demographic vulnerability to different types of phishing and highlighted who is most at risk. The results of the research revealed that gender and income did not play a part in a participant’s vulnerability to phishing when analysing their total scores across each type of phishing. However, age, education and occupation presented statistically significant results to indicate they do

Innovative Location Based Scheme for Internet Security Protocol. A proposed Location Based Scheme N-Kerberos Security Protocol Using Intelligent Logic of Believes, Particularly by Modified BAN Logic.

The importance of the data authentication has resulted in the science of the data protection. Interest in this knowledge has been growing due to the increase in privacy of the user's identity, especially after the widespread use of online transactions. Many security techniques are available to maintain the privacy of the user's identity. These include password, smart card or token and face recognition or finger print. But unfortunately, the possibility to duplicate the identity of a user is still possible. Recently, specialists used the user's physical location as a new factor in order to increase the strength of the verification of the user's identity. This thesis focused on the authentication-based user's location. It is based on the idea of using the Global Position System in order to verify the user identity. Improving Kerberos protocol using GPS signal is proposed in order to eliminate the effect of replay attack. This proposal does not expect a high performance from the user during the implementation of the security system. Moreover, to give users more confidence to use security protocol, it has to be evaluated before accepting it. Thus, a measurement tool used to validate protocols called BAN logic was described. In this thesis, a new form of BAN logic which aims to raise the efficiency checking process of the protocol protection strength using the GPS signal is proposed. The proposed form of Kerberos protocol has been analysed using the new form of BAN logic. The new scheme has been tested and compared with the existing techniques to demonstrate its merits and capabilities