Paper Info
Title
An Empirical Investigation of the Effect of Target-Related Information in Phishing Attacks
Abstract
Analyzing the role of target-related information in a security attack is an understudied topic in the behavioral information security research field. This paper presents an empirical investigation of the effect of adding information about the target in phishing attacks. Data was collected by conducting two phishing experiments using a sample of 158 employees at five Swedish organizations. The first experiment included a traditional mass-email attack with no target-related information, and the second experiment was a targeted phishing attack in which we included specific information related to the targeted employees' organization. The results showed that the number of organizational employees falling victim to phishing significantly increased when target-related information was added in the attack. During the first experiment 5.1 % clicked on the malicious link compared to 27.2 % of the second phishing attack, and 8.9 % of those executed the binary compared to 3.2 % of the traditional phishing attack. Adding target-related information is an effective way for attackers to significantly increase the effectiveness of their phishing attacks. This is the first study that has showed this significant effect using organizational employees as a sample. The implications of the results are further discussed.
Year
DOI
Venue
2014
10.1109/EDOCW.2014.59
EDOC Workshops
Keywords
Field
DocType
social engineering, phishing, security behavior, experiments, direct observations,technology,communication systems
Information system,Internet privacy,Phishing,Computer science,Computer security,Server,Information security,Social engineering (security),Specific-information
Conference
ISSN
Citations 
PageRank 
2325-6583
0
0.34
References 
Authors
0
4
Name
Order
Citations
PageRank
Hannes Holm119114.59
Waldo Rocha Flores2826.92
Marcus Nohlberg3449.25
Mathias Ekstedt463449.70