%0 Conference Proceedings
%T Social Engineering and Organisational Dependencies in Phishing Attacks
%+ CSIRO Data61 [Sydney]
%+ University of Technology Sydney (UTS)
%+ Macquarie University
%A Taib, Ronnie
%A Yu, Kun
%A Berkovsky, Shlomo
%A Wiggins, Mark
%A Bayl-Smith, Piers
%Z Part 7: Cyber Security and E-voting Systems
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 17th IFIP Conference on Human-Computer Interaction (INTERACT)
%C Paphos, Cyprus
%Y David Lamas
%Y Fernando Loizides
%Y Lennart Nacke
%Y Helen Petrie
%Y Marco Winckler
%Y Panayiotis Zaphiris
%I Springer International Publishing
%3 Human-Computer Interaction – INTERACT 2019
%V LNCS-11746
%N Part I
%P 564-584
%8 2019-09-02
%D 2019
%R 10.1007/978-3-030-29381-9_35
%K Behavioural study
%K Cybersecurity
%K Phishing
%K Social engineering
%K Simulation
%Z Computer Science [cs]Conference papers
%X Phishing emails are a widespread cybersecurity attack method. Their breadth and depth have been on the rise as they target individuals and organisations with increased sophistication. In particular, social engineering in phishing focuses on human vulnerabilities by exploiting established psychological and behavioural cues to increase the credibility of phishing emails. This work presents the results of a 56,000-participant phishing attack simulation carried out within a multi-national financial organisation. The overarching hypothesis was that strong cultural and contextual factors impact employee vulnerability. Thus, five phishing emails were crafted, based on three of Cialdini’s persuasion principles used in isolation and in combination. Our results showed that Social proof was the most effective attack vector, followed by Authority and Scarcity. Furthermore, we examined these results in the light of a set of demographic and organisational features. Finally, both click-through rates and reporting rates were examined, to provide rich insights to developers of cybersecurity educational solutions.
%G English
%Z TC 13
%2 https://inria.hal.science/hal-02544575/document
%2 https://inria.hal.science/hal-02544575/file/486811_1_En_35_Chapter.pdf
%L hal-02544575
%U https://inria.hal.science/hal-02544575
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC13
%~ IFIP-INTERACT
%~ IFIP-LNCS-11746