Cargando…
Creative Persuasion: A Study on Adversarial Behaviors and Strategies in Phishing Attacks
Success of phishing attacks depend on effective exploitation of human weaknesses. This research explores a largely ignored, but crucial aspect of phishing: the adversarial behavior. We aim at understanding human behaviors and strategies that adversaries use, and how these may determine the end-user...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Frontiers Media S.A.
2018
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5826381/ https://www.ncbi.nlm.nih.gov/pubmed/29515478 http://dx.doi.org/10.3389/fpsyg.2018.00135 |
| _version_ | 1783302342822592512 |
|---|---|
| author | Rajivan, Prashanth Gonzalez, Cleotilde |
| author_facet | Rajivan, Prashanth Gonzalez, Cleotilde |
| author_sort | Rajivan, Prashanth |
| collection | PubMed |
| description | Success of phishing attacks depend on effective exploitation of human weaknesses. This research explores a largely ignored, but crucial aspect of phishing: the adversarial behavior. We aim at understanding human behaviors and strategies that adversaries use, and how these may determine the end-user response to phishing emails. We accomplish this through a novel experiment paradigm involving two phases. In the adversarial phase, 105 participants played the role of a phishing adversary who were incentivized to produce multiple phishing emails that would evade detection and persuade end-users to respond. In the end-user phase, 340 participants performed an email management task, where they examined and classified phishing emails generated by participants in phase-one along with benign emails. Participants in the adversary role, self-reported the strategies they employed in each email they created, and responded to a test of individual creativity. Data from both phases of the study was combined and analyzed, to measure the effect of adversarial behaviors on end-user response to phishing emails. We found that participants who persistently used specific attack strategies (e.g., sending notifications, use of authoritative tone, or expressing shared interest) in all their attempts were overall more successful, compared to others who explored different strategies in each attempt. We also found that strategies largely determined whether an end-user was more likely to respond to an email immediately, or delete it. Individual creativity was not a reliable predictor of adversarial performance, but it was a predictor of an adversary's ability to evade detection. In summary, the phishing example provided initially, the strategies used, and the participants' persistence with some of the strategies led to higher performance in persuading end-users to respond to phishing emails. These insights may be used to inform tools and training procedures to detect phishing strategies in emails. |
| format | Online Article Text |
| id | pubmed-5826381 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2018 |
| publisher | Frontiers Media S.A. |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-58263812018-03-07 Creative Persuasion: A Study on Adversarial Behaviors and Strategies in Phishing Attacks Rajivan, Prashanth Gonzalez, Cleotilde Front Psychol Psychology Success of phishing attacks depend on effective exploitation of human weaknesses. This research explores a largely ignored, but crucial aspect of phishing: the adversarial behavior. We aim at understanding human behaviors and strategies that adversaries use, and how these may determine the end-user response to phishing emails. We accomplish this through a novel experiment paradigm involving two phases. In the adversarial phase, 105 participants played the role of a phishing adversary who were incentivized to produce multiple phishing emails that would evade detection and persuade end-users to respond. In the end-user phase, 340 participants performed an email management task, where they examined and classified phishing emails generated by participants in phase-one along with benign emails. Participants in the adversary role, self-reported the strategies they employed in each email they created, and responded to a test of individual creativity. Data from both phases of the study was combined and analyzed, to measure the effect of adversarial behaviors on end-user response to phishing emails. We found that participants who persistently used specific attack strategies (e.g., sending notifications, use of authoritative tone, or expressing shared interest) in all their attempts were overall more successful, compared to others who explored different strategies in each attempt. We also found that strategies largely determined whether an end-user was more likely to respond to an email immediately, or delete it. Individual creativity was not a reliable predictor of adversarial performance, but it was a predictor of an adversary's ability to evade detection. In summary, the phishing example provided initially, the strategies used, and the participants' persistence with some of the strategies led to higher performance in persuading end-users to respond to phishing emails. These insights may be used to inform tools and training procedures to detect phishing strategies in emails. Frontiers Media S.A. 2018-02-21 /pmc/articles/PMC5826381/ /pubmed/29515478 http://dx.doi.org/10.3389/fpsyg.2018.00135 Text en Copyright © 2018 Rajivan and Gonzalez. http://creativecommons.org/licenses/by/4.0/ This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) and the copyright owner are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms. |
| spellingShingle | Psychology Rajivan, Prashanth Gonzalez, Cleotilde Creative Persuasion: A Study on Adversarial Behaviors and Strategies in Phishing Attacks |
| title | Creative Persuasion: A Study on Adversarial Behaviors and Strategies in Phishing Attacks |
| title_full | Creative Persuasion: A Study on Adversarial Behaviors and Strategies in Phishing Attacks |
| title_fullStr | Creative Persuasion: A Study on Adversarial Behaviors and Strategies in Phishing Attacks |
| title_full_unstemmed | Creative Persuasion: A Study on Adversarial Behaviors and Strategies in Phishing Attacks |
| title_short | Creative Persuasion: A Study on Adversarial Behaviors and Strategies in Phishing Attacks |
| title_sort | creative persuasion: a study on adversarial behaviors and strategies in phishing attacks |
| topic | Psychology |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5826381/ https://www.ncbi.nlm.nih.gov/pubmed/29515478 http://dx.doi.org/10.3389/fpsyg.2018.00135 |
| work_keys_str_mv | AT rajivanprashanth creativepersuasionastudyonadversarialbehaviorsandstrategiesinphishingattacks AT gonzalezcleotilde creativepersuasionastudyonadversarialbehaviorsandstrategiesinphishingattacks |