Phishing

file

Visible to the public Use of Phishing Training to Improve Security Warning Compliance: Evidence From a Field Experiment

Submitted by rproctor on Tue, 03/07/2017 - 9:23pm. Contributors:

ABSTRACT: The current approach to protect users from phishing attacks is to display a warning when the webpage is considered suspicious. We hypothesize that users are capable of making correct informed decisions when the warning also conveys the reasons why it is displayed.

file

Visible to the public Improving Cybersecurity Through Human Systems Integration 29 June 2016

Submitted by rzager on Mon, 08/08/2016 - 1:32pm. Contributors:

Advanced Persistent Threat (APT) attackers accomplish their attack objectives by co-opting users' credentials. Traditional cyber defenses leave users vulnerable to APT attacks which employ spearphishing. The success of spearphishing attacks is not a data processing failure, but is the result of defenders failing to apply the principles of Human System Integration to the problem of spearphishing. We discuss an alternative defensive strategy which addresses human performance capabilities and limitations to disrupt spearphishing attacks.