A Security Risk Scale to Enhance Phishing Detection.

Karamagi, Robert Method (2023) A Security Risk Scale to Enhance Phishing Detection. Masters thesis, The Open University of Tanzania.

PDF - Submitted Version Available under License Creative Commons Attribution. Download (6MB)

Abstract

Cybersecurity defense techniques have evolved with time, which has led to attackers needing to deploy more resources to break into systems. As humans are the weakest link to security, social engineering remains highly marketable for hackers to gain unauthorized entry into information systems. Due to the increased ease and need for communication globally, phishing has become the most common method threat actors use to trick victims into unintentionally submitting their data. There are many ways in which the victim may be convinced to believe in the false email and regard it as a legitimate one. In this study, an experimental test was conducted to determine the emotion that will result in significant user interaction when manipulated in a phishing email. Data was collected from 327 users inquiring about the rate they receive phishing emails and the probability of interacting with the phishing emails, based on the Likert scale. In this study, we have found that a major cause of successful phishing attacks where emotions are triggered, is manipulation of curiosity, fear, authority, and empathy emotions out of 10 social engineering techniques. A security risk scale to enhance phishing detection has been developed. The scale consists of critical, high, medium, and low severity levels of risk. To assist in solving this problem of susceptibility to phishing attacks by manipulation of emotions, it is recommended that organizations with mail servers train their staff on the use of this developed security risk scale and all its features in relation to phishing attacks triggered by emotions. This will resolve the ever-growing security problem of social engineering attacks through phishing emails.

Actions (login required)

View Item