spear phishing email versus facebook
play

Spear Phishing: Email versus Facebook Joint work with Freya - PowerPoint PPT Presentation

Dagstuhl Seminar: Cybersafety in Modern Online Social Networks September 2017 Spear Phishing: Email versus Facebook Joint work with Freya Gassmann, Anna Girard, Nadina Hintz, Robert Landwirth, Andreas Luder Zinaida Benenson


  1. Dagstuhl Seminar: Cybersafety in Modern Online Social Networks September 2017 Spear Phishing: Email versus Facebook Joint work with Freya Gassmann, Anna Girard, Nadina Hintz, Robert Landwirth, Andreas Luder Zinaida Benenson zinaida.benenson@fau.de Friedrich-Alexander-Universität Erlangen-Nürnberg

  2. Study 2 Study 1 Hey <receiver’s first name>, Hey , the New Year’s Eve party was here are the pictures great! here are the pictures: from the last week: http://131.188.31.163 / photocloud/ <USER ID> Benenson, Z., Girard, A. Hintz, N., Luder, A. Benenson, Z., Gassmann, F., Landwirth, R. Susceptibility to URL-based Internet Attacks: Unpacking Spear Phishing Susceptibility. Facebook vs. Email. Targeted Attacks Workshop 2017 6th International Workshop on SEcurity and SOCial Networking 2014 Spear Phishing: Email vs. Facebook Zinaida Benenson 2 Dagstuhl, Sept. 2017

  3. Clicking Behavior: Email vs. Facebook Addressing by name important in emails, but not on Facebook? Disclaimer: Study 1 ≠ Study 2!!! (different user groups, different messages) 100% 56% 42.5% 50% 38% 89/158 20% 119/280 90/240 194/975 0% Studie 1: E-Mail Studie 1: Studie 2: E-Mail Studie 2: Study 1: Study 1: Study 2: Study 2: Facebook Facebook Email Facebook Email Facebook Spear Phishing: Email vs. Facebook Zinaida Benenson 3 Dagstuhl, Sept. 2017

  4. How Do People Explain Their Clicking or Non-Clicking? Spear Phishing: Email vs. Facebook Zinaida Benenson 4 Dagstuhl, Sept. 2017

  5. Reasons for Clicking (117 answers, some people reported multiple reasons) • Curiosity: 34% • Fits recipient’s context: 27% • Investigation: 17% • Known sender: 16% • … • Fear: 7% Spear Phishing: Email vs. Facebook Zinaida Benenson 5 Dagstuhl, Sept. 2017

  6. Could This Happen to YOU? Spear Phishing: Email vs. Facebook Zinaida Benenson 6 Dagstuhl, Sept. 2017

  7. From: john.smith@turner.com To: zinaida.benenson@fau.de Subject: CNN request -- about your upcoming Black Hat talk Zinaida, John at CNN here. I’m the news network’s cybersecurity reporter. Here’s a link to my work, in case you’re not familiar with it. I saw the description of your upcoming Black Hat talk. Your topic looks fantastic! Can we get an exclusive look at your research and write the first news story about it? Luckily, this message was genuine Cheers, But it could have been an attack! John Smith All targeting information was available online john.smith@CNN.com Spear Phishing: Email vs. Facebook Zinaida Benenson 7 Dagstuhl, Sept. 2017

  8. Targeting • General principles – Personalization – Plausibility of content & context – Emotions (positive and negative) – Automatic reactions • Email versus Facebook – Interface: salience of the sender – Communication patterns – Handling of messages – Trustworthiness of the platform? Spear Phishing: Email vs. Facebook Zinaida Benenson 8 Dagstuhl, Sept. 2017

Recommend


More recommend