Rajivan Prashanth, Gonzalez Cleotilde
Dynamic Decision Making Laboratory, Social and Decision Sciences, Carnegie Mellon University, Pittsburgh, PA, United States.
Front Psychol. 2018 Feb 21;9:135. doi: 10.3389/fpsyg.2018.00135. eCollection 2018.
Success of phishing attacks depend on effective exploitation of human weaknesses. This research explores a largely ignored, but crucial aspect of phishing: the adversarial behavior. We aim at understanding human behaviors and strategies that adversaries use, and how these may determine the end-user response to phishing emails. We accomplish this through a novel experiment paradigm involving two phases. In the adversarial phase, 105 participants played the role of a phishing adversary who were incentivized to produce multiple phishing emails that would evade detection and persuade end-users to respond. In the end-user phase, 340 participants performed an email management task, where they examined and classified phishing emails generated by participants in phase-one along with benign emails. Participants in the adversary role, self-reported the strategies they employed in each email they created, and responded to a test of individual creativity. Data from both phases of the study was combined and analyzed, to measure the effect of adversarial behaviors on end-user response to phishing emails. We found that participants who persistently used specific attack strategies (e.g., sending notifications, use of authoritative tone, or expressing shared interest) in all their attempts were overall more successful, compared to others who explored different strategies in each attempt. We also found that strategies largely determined whether an end-user was more likely to respond to an email immediately, or delete it. Individual creativity was not a reliable predictor of adversarial performance, but it was a predictor of an adversary's ability to evade detection. In summary, the phishing example provided initially, the strategies used, and the participants' persistence with some of the strategies led to higher performance in persuading end-users to respond to phishing emails. These insights may be used to inform tools and training procedures to detect phishing strategies in emails.
网络钓鱼攻击的成功取决于对人类弱点的有效利用。本研究探讨了网络钓鱼中一个很大程度上被忽视但至关重要的方面:对抗行为。我们旨在了解攻击者使用的人类行为和策略,以及这些行为和策略如何决定最终用户对网络钓鱼电子邮件的反应。我们通过一个涉及两个阶段的新颖实验范式来实现这一目标。在对抗阶段,105名参与者扮演网络钓鱼攻击者的角色,他们受到激励,要生成多封能逃避检测并说服最终用户做出回应的网络钓鱼电子邮件。在最终用户阶段,340名参与者执行一项电子邮件管理任务,他们要检查并分类第一阶段参与者生成的网络钓鱼电子邮件以及良性电子邮件。扮演攻击者角色的参与者自我报告了他们在创建的每封电子邮件中所采用的策略,并对个人创造力测试做出了回应。研究两个阶段的数据被合并并进行分析,以衡量对抗行为对最终用户对网络钓鱼电子邮件反应的影响。我们发现,与那些每次尝试都探索不同策略的参与者相比,在所有尝试中持续使用特定攻击策略(例如发送通知、使用权威语气或表达共同兴趣)的参与者总体上更成功。我们还发现,策略在很大程度上决定了最终用户是更有可能立即回复电子邮件还是删除它。个人创造力不是对抗表现的可靠预测指标,但它是攻击者逃避检测能力的预测指标。总之,最初提供的网络钓鱼示例、所使用的策略以及参与者对某些策略的坚持,导致在说服最终用户回复网络钓鱼电子邮件方面表现更高。这些见解可用于为检测电子邮件中网络钓鱼策略的工具和培训程序提供信息。
Zotero 插件
