Download PDFOpen PDF in browser

End-to-end mapping of a spear-phishing attack on Higher Education Institution in EU

9 pagesPublished: October 12, 2021

Abstract

Spear-phishing is a growing threat to the education sector. This analysis maps a specific attacker and demonstrate a likelihood 15% to be attacked by this attacker. The analysis uses open source intelligence tools to reveal a continued pattern where the actor is reusing infrastructure and procedure against several HEI in Europe.
For a spear-phising attack to become successful, it has to be able to lure the enduser. This study includes a user vulnerability assessment on the specific spear-phishing attacks used in two comparable studies consisting of 36,851 respondents from two educational institutions. The studies show that without prior training, the concrete spear-phishing attack will lure 20 to 49% of all users.
To investigate the high risk of this attack to endusers an eye-tracking study was conducted. The study shows that respondents generally spend more time viewing phishing indicator than one expect by chance, but there seems to be no correlation between viewing indicators and lured to action. Endusers seems to rate the trustworthiness of mails by an overall reading. As a consequence endusers are easily lured by the attacker because of the trustworthiness of the specific spear-phishing mail.

Keyphrases: Cybersecurity, eye-tracking study, open source, spear phishing

In: Spiros Bolis, Jean-François Desnos, Lazaros Merakos and Raimund Vogl (editors). Proceedings of the European University Information Systems Conference 2021, vol 78, pages 89--97

Links:
BibTeX entry
@inproceedings{EUNIS2021:End_to_end_mapping_of_spear_phishing,
  author    = {Kurt Gammelgaard Nielsen and Helle Betina Kristensen},
  title     = {End-to-end mapping of a spear-phishing attack on Higher Education Institution in EU},
  booktitle = {Proceedings of the European University Information Systems Conference 2021},
  editor    = {Spiros Bolis and Jean-Fran\textbackslash{}c\{c\}ois Desnos and Lazaros Merakos and Raimund Vogl},
  series    = {EPiC Series in Computing},
  volume    = {78},
  pages     = {89--97},
  year      = {2021},
  publisher = {EasyChair},
  bibsource = {EasyChair, https://easychair.org},
  issn      = {2398-7340},
  url       = {https://easychair.org/publications/paper/mGFD},
  doi       = {10.29007/53wk}}
Download PDFOpen PDF in browser