Skip to main content

Research Repository

See what's under the surface

Advanced Search

Tools and techniques for improving cyber situational awareness of targeted phishing attacks

Legg, Phil; Blackman, Tim

Authors

Profile Image

Dr Phil Legg Phil.Legg@uwe.ac.uk
Associate Professor in Cyber Security

Tim Blackman tim.blackman@uwe.ac.uk



Abstract

© 2019 IEEE. Phishing attacks continue to be one of the most common attack vectors used online today to deceive users, such that attackers can obtain unauthorised access or steal sensitive information. Phishing campaigns often vary in their level of sophistication, from mass distribution of generic content, such as delivery notifications, online purchase orders, and claims of winning the lottery, through to bespoke and highly-personalised messages that convincingly impersonate genuine communications (e.g., spearphishing attacks). There is a distinct trade-off here between the scale of an attack versus the effort required to curate content that is likely to convince an individual to carry out an action (typically, clicking a malicious hyperlink). In this short paper, we conduct a preliminary study on a recent realworld incident that strikes a balance between attacking at scale and personalised content. We adopt different visualisation tools and techniques for better assessing the scale and impact of the attack, that can be used both by security professionals to analyse the security incident, but could also be used to inform employees as a form of security awareness and training. We pitched the approach to IT professionals working in information security, who believe this may provide improved awareness of how targeted phishing campaigns can impact an organisation, and could contribute towards a pro-active step of how analysts will examine and mitigate the impact of future attacks across the organisation.

Start Date Jun 3, 2019
Publication Date Jun 1, 2019
Publisher Institute of Electrical and Electronics Engineers (IEEE)
Peer Reviewed Peer Reviewed
ISBN 9781728102320
APA6 Citation Legg, P., & Blackman, T. (2019). Tools and techniques for improving cyber situational awareness of targeted phishing attacks. https://doi.org/10.1109/CyberSA.2019.8899406
DOI https://doi.org/10.1109/CyberSA.2019.8899406
Keywords cyber situational awareness, phishing, visualisation, user experience
Publisher URL https://doi.org/10.1109/CyberSA.2019.8899406

Files

phishing_poster_version-4.pdf (13.6 Mb)
PDF

Licence
http://www.rioxx.net/licenses/all-rights-reserved

Copyright Statement
(c) 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.







You might also like



Downloadable Citations

;