Benchmarking the Robustness of Phishing Email Detection Systems

2023 | Americas Conference on Information Systems | Citations: 0

Authors: Ampel, Benjamin; Gao, Yang; Hu, James; Samtani, Sagar; Chen, Hsinchun

Abstract: Social engineering attacks are currently the most cited cybersecurity threat to ... Expand

Abstract: Social engineering attacks are currently the most cited cybersecurity threat to organizations. Phishing emails are the most salient form of social engineering attacks. Organizations are increasingly implementing AI-enabled systems to detect phishing emails. However, AI-enabled systems are often susceptible to textual perturbations, where an adversary makes a small change to cause a misclassification. In this study, we sought to identify the performance of prevailing phishing email detection systems (PEDS) against character, word, sentence, and multi-level adversarial text perturbations. Through a principled benchmarking framework, we quantitatively demonstrated the lack of robustness prevailing PEDS have to specific types of text-based adversarial perturbations (e.g., character, word, sentence, multi-level). The results of this study provide new insights into the robustness of AI-based PEDS and highlight the need for organizations to adopt a multi-layered approach to phishing protection. Additionally, organizations can implement our benchmark framework to test their PEDS against adversarial perturbations. Collapse

Topics: artificial intelligence electronic mail email phishing phishing IT security

Methods: word2vec random forest classification naïve bayes literature study pre-trained language model

The Interplay of Information Processing, Mindfulness, and Affective State in Phishing Detection

2023 | International Conference on Information Systems | Citations: 0

Authors: Bera, Debalina; Kim, Dan

Abstract: This study investigates the effect of individuals' information processing modes ... Expand

Abstract: This study investigates the effect of individuals' information processing modes on phishing email detection mechanisms and accuracy. Drawing on the heuristic-systematic model of processing, mindful decision-making, and affect-and-persuasion literature, this study examines the antecedents (i.e., heuristic, systematic processing, general and domain mindfulness, and affective state) and behavioral consequences (i.e., detection accuracy) in phishing identification. Using a scenario-based survey experiment this study shows mindfulness and affectivity navigate information processing mechanisms, thus influence phishing detection accuracy. It aims to contribute to information security literature by examining novel associations between general, domain mindfulness and its effect on online users' information processing strategy and phishing detection accuracy. Furthermore, this study contributes to phishing training and awareness by identifying the function of cognitive-affective (affective states, trait mindfulness) and cognitive-behavioral (domain mindfulness) factors on the choice of information processing modes and phishing detection accuracy. Finally, the affective states might help improve the efficacy of automatic filters. Collapse

Topics: phishing mindfulness electronic mail email phishing data security

Methods: experiment survey partial least squares regression machine learning laboratory experiment

Theories: protection motivation theory

Towards a thematic dimensional framework of online fraud: An exploration of fraudulent email attack tactics and intentions

2023 | Decision Support Systems | Citations: 1

Authors: Bera, Debalina; Ogbanufe, Obi; Kim, Dan J.

Abstract: Despite anti-phishing filters, social engineering-based cyber-attacks still resu ... Expand

Abstract: Despite anti-phishing filters, social engineering-based cyber-attacks still result in billions of dollars lost annually, significant personal identity theft, loss of corporate secrets, and espionage. We review the phishing literature on psychological attacks and design tactics employed for deception by attackers. The result reveals the need to continuously identify tactics embedded in fraudulent email content to understand why users still fall prey to phishing attacks. Using the literature as a backdrop, we identify and conceptualize a thematic dimensional framework of fraudulent phishing attacks. This study uses benchmark datasets of fraudulent email to empirically validate the proposed dimensional framework. Specifically, a combination of machine learning-based content analysis and topic modeling found a majority of the discovered topics were labeled against the proposed di­ mensions. Statistical analysis was employed to provide empirical evidence of the thematic dimensions of fraudulent email attacks. This study thus, not only extends the cybersecurity literature by identifying and vali­ dating eight dimensions that enrich our understanding of phishing and attack identification but stimulates cu­ mulative research endeavors to develop yet more comprehensive dimensional frameworks of phishing email attacks. Collapse

Topics: phishing email phishing electronic mail email spam personalization

Methods: term frequency–inverse document frequency natural language processing topic model discriminant analysis literature study

How “What you think you know about cybersecurity” can help users make more secure decisions

2023 | Information & Management | Citations: 0

Authors: Fard Bahreini, Amir; Cavusoglu, Hasan; Cenfetelli, Ronald T.

Abstract: The increasing use of information technology artifacts in daily life makes secur ... Expand

Abstract: The increasing use of information technology artifacts in daily life makes security a shared responsibility of both users and companies. In recent years, increasing a user’s objective (i.e., actual) security knowledge and providing applications with more secure default settings appear among the most ubiquitous tools companies use to broaden their efforts to help users make more secure decisions. Examining both solutions matters because they are widely used, cost effective, and understood by many security practitioners. Additionally, default settings and users’ objective knowledge provide anchors for decision-making. However, human errors and insecure default settings are increasing and raising further questions about the efficacy of such efforts. Using the theory of bounded ra­ tionality, we investigated the role of objective, subjective (i.e., self-assessed) security knowledge, and default settings security level on the overall decision security. We found that objective security knowledge can lead to secure decisions when paired with high subjective security knowledge. In the absence of the latter, objective security knowledge is unable to lead to better security decisions. Furthermore, subjective security knowledge reduces the extent to which users fully accept default security settings, thereby mitigating bias toward insecure default settings. Collapse

Topics: mobile application data security decision making self efficacy mobile application market

Methods: survey descriptive statistic structural equation modeling literature study post-hoc analysis

Theories: theory of bounded rationality

Managing Organizational Cyber Security – The Distinct Role of Internalized Responsibility

2023 | HICSS | Citations: 0

Authors: Faltermaier, Stefan; Strunk, Kim; Obermeier, Michaela; Fiedler, Marina

Abstract: Desirable user behavior is key to cyber security in organizations. However, a co ... Expand

Abstract: Desirable user behavior is key to cyber security in organizations. However, a comprehensive overview on how to manage user behavior effectively, in order to support organizational cyber security, is missing. Building on extant research to identify central components of organizational cyber security management and on a qualitative analysis based on 20 semi-structured interviews with users and IT-Managers of a European university, we present an integrated model on this issue. We contribute to understanding the interrelations of namely user awareness, user IT-capabilities, organizational IT, user behavior, and especially internalized responsibility and relation to organizational cyber security. Collapse

Topics: IT security user behavior information technology capability IT security defense password

Methods: qualitative interview personal interview qualitative coding grounded theory case study

Unraveling the behavioral influence of social media on phishing susceptibility: A Personality-Habit-Information Processing model

2023 | Information & Management | Citations: 0

Authors: Frauenstein, Edwin Donald; Flowerday, Stephen; Mishi, Syden; Warkentin, Merrill

Abstract: Frequent and habitual engagement with social media can reinforce certain activit ... Expand

Abstract: Frequent and habitual engagement with social media can reinforce certain activities such as sharing, clicking hyperlinks, and liking, which may be performed with insufficient cognition. In this study, we aimed to examine the associations between personality traits, habits, and information processing to identify social media users who are susceptible to phishing attacks. Our experimental data consisted of 215 social media users. The results revealed two important findings. First, users who scored high on the personality traits of extraversion, agree­ ableness, and neuroticism were more likely to engage in habitual behaviors that increase their susceptibility to phishing attacks, whereas those who scored high on conscientiousness were less likely. Second, users who habitually react to social media posts were more likely to apply heuristic processing, making them more sus­ ceptible to phishing attacks than those who applied systematic processing. Collapse

Topics: phishing Facebook personality social media electronic mail

Methods: survey structural equation modeling survey design theory development self reported survey

Theories: big five model Maslow motivation theory uses and gratifications theory technology acceptance model theory of planned behavior

Cyber threat detection: Unsupervised hunting of anomalous commands (UHAC)

2023 | Decision Support Systems | Citations: 0

Authors: Kayhan, Varol O.; Agrawal, Manish; Shivendu, Shivendu

Abstract: The cyber security industry is rapidly adopting threat hunting as a proactive to ... Expand

Abstract: The cyber security industry is rapidly adopting threat hunting as a proactive tool for early and faster detection of suspected malicious actors. In this paper, we propose a machine learning-based method, Unsupervised Hunting of Anomalous Commands (UHAC), to detect text-based anomalous commands in security information and event management (SIEM) logs that are good candidates for threat hunting. A unique feature of the proposed method is that it first creates a feature set based on the augmentation of document-term and document-character matrices. Then, an autoencoder-based detector is trained on this feature set using a custom loss function. UHAC consis­ tently outperforms other feature sets and algorithms such as one-class support vector machine, density-based spatial clustering of applications with noise, and word-embedding based models such as word2vec. The UHAC detector identifies 84–89% of anomalies in the top 10% of the data. Findings have implications for cybersecurity analysts who perform threat hunting in SIEM logs for process auditing on endpoint devices. Collapse

Topics: IT security artificial intelligence Python decision support system email phishing

Methods: autoencoder data transformation DBSCAN anomaly detection machine learning

The effects of knowledge mechanisms on employees' information security threat construal

2023 | Information Systems Journal | Citations: 1

Authors: Mady, Ashraf; Gupta, Saurabh; Warkentin, Merrill

Abstract: Organisations implement a variety of knowledge mechanisms such as information se ... Expand

Abstract: Organisations implement a variety of knowledge mechanisms such as information security education, training and awareness (SETA) programs and information security policies, to influence employees' secure behaviour. Despite increased efforts to provide information systems (IS) security knowledge to employees, data breaches and other security incidents resulting from insider behaviour continue. Recent IS security research, primarily grounded on assumptions of employees' rational assessment of numerous factors, has yielded inconsistent results. Challenging this paradigm, we model secure behaviour on security knowledge mechanisms, which focuses on the multidimensional nature of security knowledge breadth, depth and finesse to represent the full array of managerial levers. We further draw on construal level theory to conceptualise users' perceptual judgements of security messages. Two studies support our model, with the second building on the first. Study 1, an experiment with 312 participants, focused on validating the treatments. Study 2, a survey with 219 participants, validated the entire model. Results showed that our model has significantly more explanatory and predictive power than the orthodox paradigm. Our results have practical implications for optimising the organisation of knowledge mechanisms by emphasising the personal relevance of threats and defining the factors that lead to secure behaviour. We also contribute to the discourse on information security research and provide a template for integrating theories, thus opening new avenues for future research. Collapse

Topics: data security email phishing security policy IT security task complexity

Methods: survey experiment Student's t-test parametric test survey design

Theories: construal level theory security compliance theory

Learning not to take the bait: a longitudinal examination of digital training methods and overlearning on phishing susceptibility

2023 | European Journal of Information Systems | Citations: 0

Authors: Nguyen, Christopher; Jensen, Matthew; Day, Eric

Abstract: As phishing becomes increasingly sophisticated and costly, interventions that im ... Expand

Abstract: As phishing becomes increasingly sophisticated and costly, interventions that improve and prolong resistance to attacks are needed. Previous research supported digital training as a method to reduce phishing susceptibility. However, the effects of training degrade with time. Therefore, we investigate overlearning as an approach that may increase skill retention through repetition and developing automaticity. We performed a longitudinal experiment crossing overlearning with anti-phishing digital training (rule-based, mindfulness, and control). Participants were tested using email identification tests (immediately following and 10 weeks after training) and mock phishing messages delivered to their inboxes (1 week and 8 weeks following training). Results showed that compared to rule-based training, mindfulness training resulted in significantly greater retention in terms of better email discrimination and less susceptibility to phishing attacks but similar levels of caution towards phishing after 2 months. Overlearning resulted in significantly less susceptibility to phishing attacks and more caution towards phishing compared to no overlearning but did not impact the digital training approaches. Even so, mindfulness was more beneficial compared to overlearning. Altogether, the results demonstrate the stability of the benefits of mindfulness training over time in terms of mitigating phishing susceptibility without influencing the chances of missing legitimate emails. Collapse

Topics: phishing electronic mail mindfulness email phishing self efficacy

Methods: survey longitudinal research experiment survey design longitudinal experiment

Theories: signal detection theory big five model

A Social Engineering Research Partnership in Higher Education to Improve Information Security Education, Training, and Awareness (SETA) Programs

2023 | Americas Conference on Information Systems | Citations: 0

Authors: Nwankpa, Joseph; Shan, (Jay) Zhe; Merhout, Jeffrey; Benamati, John; Weese, Maria

Abstract: The education sector continues to be challenged by phishing attacks. A simulati ... Expand

Abstract: The education sector continues to be challenged by phishing attacks. A simulation study of phishing response behavior across four industries found that the education sector had the highest number of employees opening and clicking a phishing email. Understanding the factors contributing to the high phishing susceptibility within the education sector would help develop more comprehensive information security education, training, and awareness (SETA) programs. This would allow universities to become better protected from attempts at using social engineering to gain access to sensitive personal and university data. However, despite the increased levels of phishing attacks within educational institutions, limited research has systematically examined how conditions unique to the sector can influence user engagement and phishing susceptibility. Against this backdrop, our research collaborates with the IT department of a large public university to examine how certain attributes within educational institutions influence phishing susceptibility. Collapse

Topics: phishing email phishing electronic mail process mining

Methods: computational algorithm design science chi squared test archival research simulation