Taking the bait: A systems analysis of phishing attacks

David Lacey; Paul M Salmon; Patrick Glancy

doi:10.1016/j.promfg.2015.07.185

Back

Taking the bait: A systems analysis of phishing attacks

Conference paper

Open access

Peer reviewed

Taking the bait: A systems analysis of phishing attacks

David Lacey, Paul M Salmon and Patrick Glancy

Procedia Manufacturing, Vol.3, pp.1109-1116

Applied Human Factors and Ergonomics (AHFE) International Conference, 6th (Las Vegas, United States, 26-Jul-2015–30-Jul-2015)

Elsevier BV

2015

DOI: https://doi.org/10.1016/j.promfg.2015.07.185

Files and links (2)

pdf

PDF - Published Version (Open Access)533.33 kBDownload View

Published VersionPDF - Published Version (Open Access)CC BY-NC-ND V4.0, Open Access

url

https://doi.org/10.1016/j.promfg.2015.07.185View

Published Version

Abstract

phishing

sociotechnical systems

work domain analysis (WDA)

cybercrime

identity theft

Phishing attacks are a common feature of online communications. Phishing attacks impact many actors, from individual victims to the corporate and government agencies whose brands are deceptively used. Responding to phishing is big business, driving software security markets, influencing eCommerce uptake and participation, and protecting corporate brand and image. Yet despite its insidious nature and the penetration of phishing throughout online communications, little is known regarding phishing attacks and their responses. This paper is a response to this key knowledge gap, analyzing the tasks and mapping the social interactions of a phishing attack and the associated response. To achieve this, the research team adopted a multi-method approach in examining the underlying functions and interactions involved in a phishing attack and its response by deliberately 'taking the phishing bait', interviewing a sample of individuals that had unwittingly responded to phishing attacks, and engaging with organisations that took response measures to such events. This multi-actor engagement provided critical observations and content about the victim experience and interactions with those responsible for the attacks. The research is highly novel in its application of Work Domain Analysis (WDA) to gain an understanding of the functional structure of phishing attacks and the online transactional environment they target as a sociotechnical system. By examining the functional properties of interactions within the research context, the paper provides a unique perspective of phishing and the inter-linkages and dependencies across multiple levels of abstraction from the initial 'baiting' to the achievement of overall system objectives by cybercriminals. The findings provide opportunities to enhance phishing prevention and detection methodologies, improve individual resilience to such attacks, and pave the way for future efforts in applying sociotechnical systems methods to the cybercrime environment.

Details

Title: Taking the bait: A systems analysis of phishing attacks
Authors: David Lacey (Author) - University of the Sunshine Coast - Faculty of Arts and Business
Paul M Salmon (Author) - University of the Sunshine Coast - Faculty of Arts and Business
Patrick Glancy (Author)
Publication details: Procedia Manufacturing, Vol.3, pp.1109-1116
Conference details: Applied Human Factors and Ergonomics (AHFE) International Conference, 6th (Las Vegas, United States, 26-Jul-2015–30-Jul-2015)
Publisher: Elsevier BV
Date published: 2015
DOI: 10.1016/j.promfg.2015.07.185
ISSN: 2351-9789
ISBN: 9781495160424
Organisation Unit: Centre for Human Factors and Systems Science; Cyber Institute; University of the Sunshine Coast, Queensland; School of Law and Society
Language: English
Record Identifier: 99449505402621
Output Type: Conference paper

Metrics

66 File views/ downloads

675 Record Views