Shadrack Awah Buo

DOI: https://doi.org/10.48550/arXiv.2011.11112

2020-11-24

Abstract:This paper introduces Business Email Compromise (BEC) and why it is becoming a major issue to businesses worldwide. It also presents a case study of a BEC incident against Unatrac Holding Ltd and analyses the techniques used by the cybercriminals to defraud the company. A critical analysis of the psychological and sociotechnical impacts of BEC to both the company and employees are conducted, and potential risk mitigations strategies and recommendations are provided to prevent future attacks.

Computers and Society

Anastasios Papathanasiou,George Liontos,Georgios Paparis,Vasiliki Liagkou,Euripides Glavas

DOI: https://doi.org/10.3390/s24051676

IF: 3.9

2024-03-06

Sensors

Abstract:In an era of ever-evolving and increasingly sophisticated cyber threats, protecting sensitive information from cyberattacks such as business email compromise (BEC) attacks has become a top priority for individuals and enterprises. Existing methods used to counteract the risks linked to BEC attacks frequently prove ineffective because of the continuous development and evolution of these malicious schemes. This research introduces a novel methodology for safeguarding against BEC attacks called the BEC Defender. The methodology implemented in this paper augments the authentication mechanisms within business emails by employing a multi-layered validation process, which includes a MAC address as an identity token, QR code generation, and the integration of timestamps as unique identifiers. The BEC-Defender algorithm was implemented and evaluated in a laboratory environment, exhibiting promising results against BEC attacks by adding an extra layer of authentication.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Maria Bada,Jason R. C. Nurse

DOI: https://doi.org/10.48550/arXiv.2308.15948

2023-08-30

Cryptography and Security

Abstract:While modern society benefits from a range of technological advancements, it also is exposed to an ever-increasing set of cybersecurity threats. These affect all areas of life including business, government, and individuals. To complement technology solutions to this problem, it is crucial to understand more about cybercriminal perpetrators themselves, their use of technology, psychological aspects, and profiles. This is a topic that has received little socio-technical research emphasis in the technology community, has few concrete research findings, and is thus a prime area for development. The aim of this article is to explore cybercriminal activities and behavior from a psychology and human aspects perspective, through a series of notable case studies. We examine motivations, psychological and other interdisciplinary concepts as they may impact/influence cybercriminal activities. We expect this paper to be of value and particularly insightful for those studying technology, psychology, and criminology, with a focus on cybersecurity and cybercrime.

Jan Brabec,Filip Šrajer,Radek Starosta,Tomáš Sixta,Marc Dupont,Miloš Lenoch,Jiří Menšík,Florian Becker,Jakub Boros,Tomáš Pop,Pavel Novák

2023-08-21

Abstract:The growing sophistication of Business Email Compromise (BEC) and spear phishing attacks poses significant challenges to organizations worldwide. The techniques featured in traditional spam and phishing detection are insufficient due to the tailored nature of modern BEC attacks as they often blend in with the regular benign traffic. Recent advances in machine learning, particularly in Natural Language Understanding (NLU), offer a promising avenue for combating such attacks but in a practical system, due to limitations such as data availability, operational costs, verdict explainability requirements or a need to robustly evolve the system, it is essential to combine multiple approaches together. We present CAPE, a comprehensive and efficient system for BEC detection that has been proven in a production environment for a period of over two years. Rather than being a single model, CAPE is a system that combines independent ML models and algorithms detecting BEC-related behaviors across various email modalities such as text, images, metadata and the email's communication context. This decomposition makes CAPE's verdicts naturally explainable. In the paper, we describe the design principles and constraints behind its architecture, as well as the challenges of model design, evaluation and adapting the system continuously through a Bayesian approach that combines limited data with domain knowledge. Furthermore, we elaborate on several specific behavioral detectors, such as those based on Transformer neural architectures.

Cryptography and Security,Machine Learning

Maria Bada,Jason R. C. Nurse

DOI: https://doi.org/10.48550/arXiv.1909.13256

2019-09-29

Computers and Society

Abstract:Cyber-attacks have become as commonplace as the Internet itself. Each year, industry reports, media outlets and academic articles highlight this increased prevalence, spanning both the amount and variety of attacks and cybercrimes. In this article, we seek to further advance discussions on cyber threats, cognitive vulnerabilities and cyberpsychology through a critical reflection on the social and psychological aspects related to cyber-attacks. In particular, we are interested in understanding how members of the public perceive and engage with risk and how they are impacted during and after a cyber-attack has occurred. This research focuses on key cognitive issues relevant to comprehending public reactions to malicious cyber events including risk perception, protection motivation, culture, and attacker characteristics (e.g., attacker identity, target identity and scale of attack). To consider the applicability of our findings, we investigate two significant cyber-attacks over the last few years, namely the WannaCry attack of 2017 and the Lloyds Banking Group attack in the same year.

Rajasekhar Chaganti,Bharat Bhushan,Anand Nayyar,Azrour Mourade

DOI: https://doi.org/10.48550/arXiv.2110.06487

2021-10-13

Computers and Society

Abstract:Social engineering scams (SES) has been existed since the adoption of the telecommunications by humankind. An earlier version of the scams include leveraging premium phone service to charge the consumers and service providers but not limited to. There are variety of techniques being considered to scam the people due to the advancements in digital data access capabilities and Internet technology. A lot of research has been done to identify the scammer methodologies and characteristics of the scams. However, the scammers finding new ways to lure the consumers and stealing their financial assets. An example would be a recent circumstance of Covid-19 unemployment, which was used as a weapon to scam the US citizens. These scams will not be stopping here, and will keep appearing with new social engineering strategies in the near future. So, to better prepare these kind of scams in ever-changing world, we describe the recent trends of various social engineering scams targeting the innocent people all over the world, who oversight the consequences of scams,and also give detailed description of recent social engineering scams including Covid scams. The social engineering scan threat model architecture is also proposed to map various scams. In addition, we discuss the case study of real-time gift card scam targeting various enterprise organization customers to steal their money and put the organization reputation in stake. We also provide recommendations to internet users for not falling a victim of social engineering scams. In the end, we provide insights on how to prepare/respond to the social engineering scams by following the security incident detection and response life cycle in enterprises

Sarah Wassermann,Maxime Meyer,Sébastien Goutal,Damien Riquet

2023-09-25

Abstract:In today's digital world, cybercrime is responsible for significant damage to organizations, including financial losses, operational disruptions, or intellectual property theft. Cyberattacks often start with an email, the major means of corporate communication. Some rare, severely damaging email threats - known as spear phishing or Business Email Compromise - have emerged. However, the literature disagrees on their definition, impeding security vendors and researchers from mitigating targeted attacks. Therefore, we introduce targeted attacks. We describe targeted-attack-detection techniques as well as social-engineering methods used by fraudsters. Additionally, we present text-based attacks - with textual content as malicious payload - and compare non-targeted and targeted variants.

Cryptography and Security

Sijie Zhuo,Robert Biddle,Jared Daniel Recomendable,Giovanni Russello,Danielle Lottridge

DOI: https://doi.org/10.1145/3688459.3688465

2024-09-12

Abstract:Phishing emails typically masquerade themselves as reputable identities to trick people into providing sensitive information and credentials. Despite advancements in cybersecurity, attackers continuously adapt, posing ongoing threats to individuals and organisations. While email users are the last line of defence, they are not always well-prepared to detect phishing emails. This study examines how workload affects susceptibility to phishing, using eye-tracking technology to observe participants' reading patterns and interactions with tailored phishing emails. Incorporating both quantitative and qualitative analysis, we investigate users' attention to two phishing indicators, email sender and hyperlink URLs, and their reasons for assessing the trustworthiness of emails and falling for phishing emails. Our results provide concrete evidence that attention to the email sender can reduce phishing susceptibility. While we found no evidence that attention to the actual URL in the browser influences phishing detection, attention to the text masking links can increase phishing susceptibility. We also highlight how email relevance, familiarity, and visual presentation impact first impressions of email trustworthiness and phishing susceptibility.

Human-Computer Interaction,Cryptography and Security

Theodore Longtchi,Shouhuai Xu

2024-08-21

Abstract:The landscape of malicious emails and cyber social engineering attacks in general are constantly evolving. In order to design effective defenses against these attacks, we must deeply understand the Psychological Tactics, PTacs, and Psychological Techniques, PTechs, that are exploited by these attacks. In this paper we present a methodology for characterizing the evolution of PTacs and PTechs exploited by malicious emails. As a case study, we apply the methodology to a real-world dataset. This leads to a number insights, such as which PTacs or PTechs are more often exploited than others. These insights shed light on directions for future research towards designing psychologically-principled solutions to effectively counter malicious emails.

Cryptography and Security

Ziad M Hakim,Natalie C Ebner,Daniela S Oliveira,Sarah J Getz,Bonnie E Levin,Tian Lin,Kaitlin Lloyd,Vicky T Lai,Matthew D Grilli,Robert C Wilson

DOI: https://doi.org/10.3758/s13428-020-01495-0

Abstract:Phishing emails constitute a major problem, linked to fraud and exploitation as well as subsequent negative health outcomes including depression and suicide. Because of their sheer volume, and because phishing emails are designed to deceive, purely technological solutions can only go so far, leaving human judgment as the last line of defense. However, because it is difficult to phish people in the lab, little is known about the cognitive and neural mechanisms underlying phishing susceptibility. There is therefore a critical need to develop an ecologically valid lab-based measure of phishing susceptibility that will allow evaluation of the cognitive mechanisms involved in phishing detection. Here we present such a measure based on a task, the Phishing Email Suspicion Test (PEST), and a cognitive model to quantify behavior. In PEST, participants rate a series of phishing and non-phishing emails according to their level of suspicion. By comparing suspicion scores for each email to its real-world efficacy, we find initial support for the ecological validity of PEST - phishing emails that were more effective in the real world were more effective at deceiving people in the lab. In the proposed computational model, we quantify behavior in terms of participants' overall level of suspicion of emails, their ability to distinguish phishing from non-phishing emails, and the extent to which emails from the recent past bias their current decision. Together, our task and model provide a framework for studying the cognitive neuroscience of phishing detection.

Theodore Longtchi,Shouhuai Xu

2024-08-21

Abstract:Cyber attacks, including cyber social engineering attacks, such as malicious emails, are always evolving with time. Thus, it is important to understand their evolution. In this paper we characterize the evolution of malicious emails through the lens of Psychological Factors, PFs, which are humans psychological attributes that can be exploited by malicious emails. That is, attackers who send them. For this purpose, we propose a methodology and apply it to conduct a case study on 1,260 malicious emails over a span of 21 years, 2004 to 2024. Our findings include attackers have been constantly seeking to exploit many PFs, especially the ones that reflect human traits. Attackers have been increasingly exploiting 9 PFs and mostly in an implicit or stealthy fashion. Some PFs are often exploited together. These insights shed light on how to design future defenses against malicious emails.

Cryptography and Security

Yan Ge,Li Lu,Xinyue Cui,Zhe Chen,Weina Qu

DOI: https://doi.org/10.1016/j.apergo.2021.103526

IF: 3.94

2021-11-01

Applied Ergonomics

Abstract:<p>In the phishing email literature, recent researchers have given much attention to individual differences in phishing susceptibility from the perspective of the Big Five personality traits. Although the effectiveness and advantages of the phishing susceptibility measures in the signal detection theory (SDT) framework have been verified, the cognitive mechanisms that lead to individual differences in these measures remain unknown. The current study proposed and examined a theoretical path model to explore how the Big Five personality traits, related knowledge and experience and the cognitive processing of emails (i.e., mail elaboration) influence users' susceptibility to phishing emails. A sample of 414 Chinese participants completed the 44-item Big Five Personality Inventory (BFI-44), Mail Elaboration Scale (MES), Web Experience Questionnaire, Experience with Electronic Mail Scale, Knowledge and Technical Background Test and a demographic questionnaire. The phishing susceptibility measures were calculated after the participants finished an email legitimacy task in a role-playing scenario. The results showed that the general profile of the "victim personality" included low conscientiousness, low openness and high neuroticism, and Internet experience and computer and web knowledge played an important role. All of these factors have significant indirect effects on phishing susceptibility by influencing mail elaboration. Moreover, the probabilities of checking for further information or deleting the email reflect the sensitivity of email judgment. These findings reveal the mediating role of cognitive processing between individual factors and phishing susceptibility. The theoretical implications of this study for the phishing susceptibility literature and its applications to phishing risk interventions or training programs are discussed.</p>

engineering, industrial,ergonomics,psychology, applied

Rosana Montanez Rodriguez,Edward Golob,Shouhuai Xu

DOI: https://doi.org/10.48550/arXiv.2007.04932

2020-07-10

Abstract:Social engineering cyberattacks are a major threat because they often prelude sophisticated and devastating cyberattacks. Social engineering cyberattacks are a kind of psychological attack that exploits weaknesses in human cognitive functions. Adequate defense against social engineering cyberattacks requires a deeper understanding of what aspects of human cognition are exploited by these cyberattacks, why humans are susceptible to these cyberattacks, and how we can minimize or at least mitigate their damage. These questions have received some amount of attention but the state-of-the-art understanding is superficial and scattered in the literature. In this paper, we review human cognition through the lens of social engineering cyberattacks. Then, we propose an extended framework of human cognitive functions to accommodate social engineering cyberattacks. We cast existing studies on various aspects of social engineering cyberattacks into the extended framework, while drawing a number of insights that represent the current understanding and shed light on future research directions. The extended framework might inspire future research endeavors towards a new sub-field that can be called Cybersecurity Cognitive Psychology, which tailors or adapts principles of Cognitive Psychology to the cybersecurity domain while embracing new notions and concepts that are unique to the cybersecurity domain.

Cryptography and Security

Marshall S. Rich

DOI: https://doi.org/10.3390/analytics2030035

2023-08-11

Analytics

Abstract:The rapid proliferation of cyberthreats necessitates a robust understanding of their evolution and associated tactics, as found in this study. A longitudinal analysis of these threats was conducted, utilizing a six-year data set obtained from a deception network, which emphasized its significance in the study’s primary aim: the exhaustive exploration of the tactics and strategies utilized by cybercriminals and how these tactics and techniques evolved in sophistication and target specificity over time. Different cyberattack instances were dissected and interpreted, with the patterns behind target selection shown. The focus was on unveiling patterns behind target selection and highlighting recurring techniques and emerging trends. The study’s methodological design incorporated data preprocessing, exploratory data analysis, clustering and anomaly detection, temporal analysis, and cross-referencing. The validation process underscored the reliability and robustness of the findings, providing evidence of increasingly sophisticated, targeted cyberattacks. The work identified three distinct network traffic behavior clusters and temporal attack patterns. A validated scoring mechanism provided a benchmark for network anomalies, applicable for predictive analysis and facilitating comparative study of network behaviors. This benchmarking aids organizations in proactively identifying and responding to potential threats. The study significantly contributed to the cybersecurity discourse, offering insights that could guide the development of more effective defense strategies. The need for further investigation into the nature of detected anomalies was acknowledged, advocating for continuous research and proactive defense strategies in the face of the constantly evolving landscape of cyberthreats.

Theodore Tangie Longtchi,Rosana Montañez Rodriguez,Laith Al-Shawaf,Adham Atyabi,Shouhuai Xu

DOI: https://doi.org/10.1109/jproc.2024.3379855

IF: 20.6

2024-05-03

Proceedings of the IEEE

Abstract:Internet-based social engineering (SE) attacks are a major cyber threat. These attacks often serve as the first step in a sophisticated sequence of attacks that target, among other things, victims' credentials and can cause financial losses. The problem has received mounting attention in recent years, with many publications proposing defenses against SE attacks. Despite this, the situation has not improved. In this article, we aim to understand and explain this phenomenon by investigating the root cause of the problem. To this end, we examine Internet-based SE attacks and defenses through a unique lens based on psychological factors (PFs) and psychological techniques (PTs). We find that there is a key discrepancy between attacks and defenses: SE attacks have deliberately exploited 46 PFs and 16 PTs in total, but existing defenses have only leveraged 16 PFs and seven PTs in total. This discrepancy may explain why existing defenses have achieved limited success and prompt us to propose a systematic roadmap for future research.

engineering, electrical & electronic

Hanah-Marie Darley

DOI: https://doi.org/10.69554/jqhh7665

2023-03-01

Abstract:The greatest cyber threat to an organisation may be opposite to what its own security team assesses, a challenge that commonly arises from the impact of cognitive biases. At every turn, cognitive biases can distract and derail cyber security teams and their strategies away from the key risks and threats likely to catastrophically damage their network environments, in favour of new headline-making attack techniques or vulnerabilities which may never be used against their organisation. Focusing on psychological analysis within cyber security contexts including macro and micro examples from the international cyber community and Darktrace’s own customer base, this paper explores the dramatic impact cognitive biases can have on cyber security professionals, cyber strategies and decision making if left unchecked. Statistically, persistent, widely available, lower-sophistication malware and run-of-the-mill phishing campaigns remain a greater global risk to corporations than the newest, most devious exploit kit or ransomware. This paper examines multiple contextual examples of how cognitive biases negatively affect and influence cyber security teams from their security stack, the greatest threats to their networks and digital estates, understanding an attacker’s mindset and selecting technical experts to guide their programmes. Understanding these biases and identifying their role in cyber decision making is the only way to protect organisations from succumbing to biases and likely misdirecting already stretched security resources.

Xin Wen,Liang Xu,Jie Wang,Yuan Gao,Jiaming Shi,Ke Zhao,Fuyang Tao,Xiuying Qian

DOI: https://doi.org/10.3390/ijerph19148294

IF: 4.614

2022-07-07

International Journal of Environmental Research and Public Health

Abstract:The internet's convenience and anonymity have facilitated different types of covert fraud, resulting in economic, mental, and social harm to victims. Understanding why people are deceived and implementing appropriate interventions is critical for fraud reduction. Based on the Bayesian brain theory, individuals' mental states may be a key point in scam compliance and warning compliance. Fraud victims with different mental states may construct various hypotheses and explanations about the fraud they are exposed to, causing different cognition and behavior patterns. Therefore, we first conducted a semi-structured in-depth interview with online fraud victims to investigate the individual and social factors that affect victims' mental states. Grounded theory analysis showed five core factors influencing scam compliance: psychological traits, empirical factors, motivation, cognitive biases, and emotional imbalance. Based on our findings of psychological processes and deception's influential factors, we then designed warnings to inform victims of fraud, particularly for those involving novel types of scams. Tested on a real-life setting, our designed warnings effectively enhanced warning compliance, allowing more fraud victims to avoid financial losses.

public, environmental & occupational health,environmental sciences

Abdulbasit A. Darem,Tareq M. Alkhaldi,Muteeb Alahmari,Asma A. Alhashmi,Abdullah M. Alashjaee,Sultan M. Alanazi,Shouki A. Ebad

DOI: https://doi.org/10.1080/10447318.2024.2415750

IF: 4.92

2024-10-25

International Journal of Human-Computer Interaction

Abstract:Cyber-attacks have become a serious global cybersecurity issue, affecting sectors such as petroleum, finance, health, and industry. The financial and banking sectors are particularly vulnerable, experiencing disproportionate harm due to the escalating complexity of digital threats. Recent academic efforts have focused on developing countermeasures, but these have primarily concentrated on technical solutions, which alone are insufficient. The persistent success of cyber-attacks highlights the need for a better understanding of human susceptibility to cyber scams. This research addresses the gap by investigating the psychological and social factors that lead individuals to fall for scam emails and links. It also explores how hackers exploit social engineering tactics to target victims and seeks to reverse these tactics to enhance protection. By understanding why people fall for cyber scams, the research aims to develop more effective cybersecurity measures, contributing significantly to the ongoing battle against cyber-attacks.

computer science, cybernetics,ergonomics

Theodore Longtchi,Rosana Montañez Rodriguez,Kora Gwartney,Ekzhin Ear,David P. Azari,Christopher P. Kelley,Shouhuai Xu

2024-08-22

Abstract:Malicious emails including Phishing, Spam, and Scam are one significant class of cyber social engineering attacks. Despite numerous defenses to counter them, the problem remains largely open. The ineffectiveness of current defenses can be attributed to our superficial understanding of the psychological properties that make these attacks successful. This problem motivates us to investigate the psychological sophistication, or sophistication for short, of malicious emails. We propose an innovative framework that accommodates two important and complementary aspects of sophistication, dubbed Psychological Techniques, PTechs, and Psychological Tactics, PTacs. We propose metrics and grading rules for human experts to assess the sophistication of malicious emails via the lens of these PTechs and PTacs. To demonstrate the usefulness of the framework, we conduct a case study based on 1,036 malicious emails assessed by four independent graders. Our results show that malicious emails are psychologically sophisticated, while exhibiting both commonalities and different patterns in terms of their PTechs and PTacs. Results also show that previous studies might have focused on dealing with the less proliferated PTechs such as Persuasion and PTacs such as Reward, rather than the most proliferated PTechs such as Attention Grabbing and Impersonation, and PTacs such as Fit and Form and Familiarity that are identified in this study. We also found among others that social events are widely exploited by attackers in contextualizing their malicious emails. These findings could be leveraged to guide the design of effective defenses against malicious emails.

Cryptography and Security

M. Tariq Banday,Jameel A. Qadri

DOI: https://doi.org/10.48550/arXiv.1112.5732

2011-12-24

Abstract:In today's business environment, it is difficult to imagine a workplace without access to the web, yet a variety of email born viruses, spyware, adware, Trojan horses, phishing attacks, directory harvest attacks, DoS attacks, and other threats combine to attack businesses and customers. This paper is an attempt to review phishing - a constantly growing and evolving threat to Internet based commercial transactions. Various phishing approaches that include vishing, spear phishng, pharming, keyloggers, malware, web Trojans, and others will be discussed. This paper also highlights the latest phishing analysis made by Anti-Phishing Working Group (APWG) and Korean Internet Security Center.

Cryptography and Security