Anti-Phishing Awareness Delivery Methods

Authors

  • A. Darem Computer Science Department, Northern Border University, Saudi Arabia
Volume: 11 | Issue: 6 | Pages: 7944-7949 | December 2021 | https://doi.org/10.48084/etasr.4600

Abstract

Phishing attacks are increasingly exploited by cybercriminals, they become more sophisticated and evade detection even by advanced technical countermeasures. With cybercriminals resorting to more sophisticated phishing techniques, strategies, and different channels such as social networks, phishing is becoming a hard problem to solve. Therefore, the main objective for any anti-phishing solution is to minimize phishing success and its consequences through complementary means to advanced technical countermeasures. Specifically, phishing threats cannot be controlled by technical controls alone, thus it is imperative to complement cybersecurity programs with cybersecurity awareness programs to successfully fight against phishing attacks. This paper provides a review of the delivery methods of cybersecurity training programs used to enhance personnel security awareness and behavior in terms of phishing threats. Although there are a wide variety of educational intervention methods against phishing, the differences between the cybersecurity awareness delivery methods are not always clear. To this end, we present a review of the most common methods of workforce cybersecurity training methods in order for them to be able to protect themselves from phishing threats.

Keywords:

phishing, anti-phishing awareness, phishing attack, awareness delivery methods, cybersecurity threats

Downloads

Download data is not yet available.

References

APWG, Phishing Activity Trends Report, 1st Quarter. Anti-Phishing Working Group, 2020.

J. Abawajy, "User preference of cyber security awareness delivery methods," Behaviour & Information Technology, vol. 33, no. 3, pp. 237–248, Mar. 2014, https://doi.org/10.1080/0144929X.2012.708787.

"2021 Report on Phishing Attacks - State of the Phish," Proofpoint, Mar. 30, 2021. https://www.proofpoint.com/us/resources/threat-reports/state-of-phish (accessed Nov. 23, 2021).

"Facebook Phishing: Why Social Media is a New Phishers’ Favorite," Vade Secure. https://www.vadesecure.com/en/blog/facebook-phishing-is-exploding (accessed Nov. 23, 2021).

E. D. Frauenstein and S. Flowerday, "Susceptibility to phishing on social network sites: A personality information processing model," Computers & Security, vol. 94, Jul. 2020, Art. no. 101862, https://doi.org/10.1016/j.cose.2020.101862.

D. Goel and A. K. Jain, "Mobile phishing attacks and defence mechanisms: State of art and open research challenges," Computers & Security, vol. 73, pp. 519–544, Mar. 2018, https://doi.org/10.1016/j.cose.2017.12.006.

2021 Report on Phishing Attacks - State of the Phish. Proofpoint, 2021.

M. Tischer et al., "Users Really Do Plug in USB Drives They Find," in IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 2016, pp. 306–319, https://doi.org/10.1109/SP.2016.26.

S. Nasiri, M. T. Sharabian, and M. Aajami, "Using Combined One-Time Password for Prevention of Phishing Attacks," Engineering, Technology & Applied Science Research, vol. 7, no. 6, pp. 2328–2333, Dec. 2017, https://doi.org/10.48084/etasr.1510.

A. Al-Marghilani, "Comprehensive Analysis of IoT Malware Evasion Techniques," Engineering, Technology & Applied Science Research, vol. 11, no. 4, pp. 7495–7500, Aug. 2021, https://doi.org/10.48084/etasr.4296.

D. K. Singh and M. Shrivastava, "Evolutionary Algorithm-based Feature Selection for an Intrusion Detection System," Engineering, Technology & Applied Science Research, vol. 11, no. 3, pp. 7130–7134, Jun. 2021, https://doi.org/10.48084/etasr.4149.

M. Alsharnouby, F. Alaca, and S. Chiasson, "Why phishing still works: User strategies for combating phishing attacks," International Journal of Human-Computer Studies, vol. 82, pp. 69–82, Oct. 2015, https://doi.org/10.1016/j.ijhcs.2015.05.005.

R. M. Mohammad, F. Thabtah, and L. McCluskey, "Tutorial and critical analysis of phishing websites methods," Computer Science Review, vol. 17, pp. 1–24, Aug. 2015, https://doi.org/10.1016/j.cosrev.2015.04.001.

J. S. Tharani and N. A. G. Arachchilage, "Understanding phishers’ strategies of mimicking uniform resource locators to leverage phishing attacks: A machine learning approach," Security and Privacy, vol. 3, no. 5, 2020, Art. no. e120, https://doi.org/10.1002/spy2.120.

Z. Benenson, "Exploiting curiosity and context: How to make people click on a dangerous link despite their security awareness," presented at the Black Hat USA 2016, 2016.

P. Kumaraguru, S. Sheng, A. Acquisti, L. F. Cranor, and J. Hong, "Teaching Johnny not to fall for phish," ACM Transactions on Internet Technology, vol. 10, no. 2, p. 7:1-7:31, Jun. 2010, https://doi.org/10.1145/1754393.1754396.

J. Hong, "The state of phishing attacks," Communications of the ACM, vol. 55, no. 1, pp. 74–81, Jan. 2012, https://doi.org/10.1145/2063176.2063197.

K. RaniSahu and J. Dubey, "A Survey on Phishing Attacks," International Journal of Computer Applications, vol. 88, pp. 42–45, Feb. 2014, https://doi.org/10.5120/15392-4007.

P. Kim, J. V. Homan, and R. L. Metzer, "How long do employees remember information security training programs? A study of knowledge acquisition and retention," Issues in Information Systems, vol. 17, no. 4, pp. 197–207, 2016.

B. B. Gupta, A. Tewari, A. K. Jain, and D. P. Agrawal, "Fighting against phishing attacks: state of the art and future challenges," Neural Computing and Applications, vol. 28, no. 12, pp. 3629–3654, Dec. 2017, https://doi.org/10.1007/s00521-016-2275-y.

"The Art of Deception in Social Media Phishing." https://www.vadesecure.com/en/blog/the-art-of-deception-in-social-media-phishing (accessed Nov. 23, 2021).

I. Qabajeh, F. Thabtah, and F. Chiclana, "A recent review of conventional vs. automated cybersecurity anti-phishing techniques," Computer Science Review, vol. 29, pp. 44–55, Aug. 2018, https://doi.org/10.1016/j.cosrev.2018.05.003.

D. D. Caputo, S. L. Pfleeger, J. D. Freeman, and M. E. Johnson, "Going Spear Phishing: Exploring Embedded Training and Awareness," IEEE Security Privacy, vol. 12, no. 1, pp. 28–38, Jan. 2014, https://doi.org/10.1109/MSP.2013.106.

E. M. Redmiles, S. Kross, and M. L. Mazurek, "How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior," in ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, Oct. 2016, pp. 666–677, https://doi.org/10.1145/2976749.2978307.

E. M. Redmiles, A. R. Malone, and M. L. Mazurek, "I Think They’re Trying to Tell Me Something: Advice Sources and Selection for Digital Security," in IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 2016, pp. 272–288, https://doi.org/10.1109/SP.2016.24.

K. Greene, M. Steves, and M. Theofanos, "No Phishing beyond This Point," Computer, vol. 51, no. 6, pp. 86–89, Jun. 2018, https://doi.org/10.1109/MC.2018.2701632.

Z. A. Wen, Z. Lin, R. Chen, and E. Andersen, "What.Hack: Engaging Anti-Phishing Training Through a Role-playing Phishing Simulation Game," in CHI Conference on Human Factors in Computing Systems, Scotland, UK, May 2019, pp. 1–12, https://doi.org/10.1145/3290605.3300338.

K. F. Tschakert and S. Ngamsuriyaroj, "Effectiveness of and user preferences for security awareness training methodologies," Heliyon, vol. 5, no. 6, Jun. 2019, Art. no. e02010, https://doi.org/10.1016/j.heliyon.2019.e02010.

N. A. G. Arachchilage, S. Love, and K. Beznosov, "Phishing threat avoidance behaviour: An empirical investigation," Computers in Human Behavior, vol. 60, pp. 185–197, Jul. 2016, https://doi.org/10.1016/j.chb.2016.02.065.

S. Stockhardt et al., "Teaching Phishing-Security: Which Way is Best?," in International Conference on ICT Systems Security and Privacy Protection, Ghent, Belgium, Jun. 2016, pp. 135–149.

R. Wash and M. M. Cooper, "Who Provides Phishing Training? Facts, Stories, and People Like Me," in CHI Conference on Human Factors in Computing Systems, Montreal, QC, Canada, Apr. 2018, pp. 1–12, https://doi.org/10.1145/3173574.3174066.

J. Marsden et al., "Facts and Stories in Phishing Training: A Replication and Extension," in Conference on Human Factors in Computing Systems, New York, NY, USA, Apr. 2020, pp. 1–6, https://doi.org/10.1145/3334480.3381435.

Barracuda Networks Inc, "Click Thinking Content," Barracuda Campus. https://campus.barracuda.com/product/phishline/doc/79463828/click-thinking-content/ (accessed Nov. 23, 2021).

Downloads

How to Cite

[1]
A. Darem, “Anti-Phishing Awareness Delivery Methods”, Eng. Technol. Appl. Sci. Res., vol. 11, no. 6, pp. 7944–7949, Dec. 2021.

Metrics

Abstract Views: 1398
PDF Downloads: 955

Metrics Information