Phishing susceptibility rate for multinational organizations
Authors
Date
2023Copyright
© The Author(s)
This master's thesis focuses on phishing as phenomenon, and specifically comparing the effectiveness of phishing emails that ask for credentials on a fake login page versus (Data entry attack) those that just require the victim to click a link (Click only attack). It also explores the effectiveness of phishing emails written in English when the recipients are non-native English speakers (NNES).
Phishing is defined as a scalable act of deception to obtain information, but it may involve different methods and goals. Phishing methods such as smishing (via SMS) and vishing (fake phone calls). Spear phishing targets a specific individual or small group, while whaling focuses on high-value targets. Phishing attacks can aim to gather information or inject malware into computer systems, and common tactics include impersonating trusted entities and creating fake login pages. Countermeasures against phishing attacks are necessary, as they account for 95% of successful attacks. A comprehensive approach is required, including technical countermeasures, information security policies and anti-phishing train-ing.
As part of their anti-phishing training, cybersecurity department of one multinational organization has sent simulated phishing emails to their users. They have started to suspect that certain types of phishing emails, and with certain language (English or local language), are more successful than others. They have wanted to get concrete evidence for their suspicion to be able to enhance their anti-phishing training. To our knowledge, there have not been previous studies for this topic in a similar setting. A simulated phishing study was conducted on employees of the company. The employees received five phishing emails in either English or their local language, and then either Click only or Data entry phishing attack. The anti-phishing training system tagged participants as susceptible if they clicked the link or provided their credentials.
This master’s thesis reveals that click only phishing attacks are more successful than data entry attacks. Additionally, we found that phishing emails in participants' native or local language have a higher success rate compared to those in English, supporting previous findings and suggesting that attackers using the local language achieve greater success.
...
Keywords
Metadata
Show full item recordCollections
- Pro gradu -tutkielmat [29556]
License
Related items
Showing items with similar title or keywords.
-
Diamagnetic susceptibility from a nonadiabatic path-integral simulation of few-electron systems
Tolvanen, Alpi; Tiihonen, Juha; Rantala, Tapio T. (American Physical Society (APS), 2022)Diamagnetism is the response of dynamical compositions of charged particles, electrons, and nuclei, to an incident magnetic field. In this paper, we study how the finite temperature and finite nuclear masses affect the ... -
Kalasteluviestintä ilmiönä ja kiireellisyyden kokemuksen vaikutus huijauksen onnistumiseen
Uusitalo, Minna (2019)Tässä tutkielmassa halutaan lisätä ymmärrystä kalasteluviestinnästä ilmiönä, sekä tarkastella kalasteluviesteissä käytettyjen, kiireellisyyden kokemusta lisäävien elementtien vaikutusta vastaanottajan toimintaan. Kiireellisyyden ... -
Kalasteluhyökkäykset, huijaussivustot ja niiltä suojautuminen
Savolainen, Markus (2023)Kalasteluhyökkäykset ja niihin liittyvät huijaussivustot ovat ajankohtaisia uhkia, sekä myös suosituimpia hyökkäysmuotoja, joita kyberrikolliset käyttävät. Tämän tutkimuksen tavoitteena oli muodostaa kokonaiskuva ... -
Cyber Operations in Ukraine : Emerging Patterns in Cases
Takamaa, Markus; Lehto, Martti (Academic Conferences International Ltd, 2024)The Ukrainian state has been a target of cyber-related incidents since the annexation of Crimea in 2014. Cyberattacks have targeted Ukrainian critical infrastructure, government offices, and several public and private ... -
Utilizing Vector Database Management Systems in Cyber Security
Taipalus Toni; Grahn Hilkka; Turtiainen Hannu; Costin Andrei (Academic Conferences International Ltd, 2024)The rising popularity of phenomena such as ubiquitous computing and IoT poses increasingly high demands for data management, and it is not uncommon that database management systems (DBMS) must be capable of reading and ...