Download PDFOpen PDF in browserEnd-to-end mapping of a spear-phishing attack on Higher Education Institution in EU9 pages•Published: October 12, 2021AbstractSpear-phishing is a growing threat to the education sector. This analysis maps a specific attacker and demonstrate a likelihood 15% to be attacked by this attacker. The analysis uses open source intelligence tools to reveal a continued pattern where the actor is reusing infrastructure and procedure against several HEI in Europe.For a spear-phising attack to become successful, it has to be able to lure the enduser. This study includes a user vulnerability assessment on the specific spear-phishing attacks used in two comparable studies consisting of 36,851 respondents from two educational institutions. The studies show that without prior training, the concrete spear-phishing attack will lure 20 to 49% of all users. To investigate the high risk of this attack to endusers an eye-tracking study was conducted. The study shows that respondents generally spend more time viewing phishing indicator than one expect by chance, but there seems to be no correlation between viewing indicators and lured to action. Endusers seems to rate the trustworthiness of mails by an overall reading. As a consequence endusers are easily lured by the attacker because of the trustworthiness of the specific spear-phishing mail. Keyphrases: cybersecurity, eye tracking study, open source, spear phishing In: Spiros Bolis, Jean-François Desnos, Lazaros Merakos and Raimund Vogl (editors). Proceedings of the European University Information Systems Conference 2021, vol 78, pages 89-97.
|
