The Use of Usable Security and Security Education to Fight Phishing Attacks

Event start date
Event start time
12.00
Place

Pinni B building, auditorium 1100, address: Kanslerinrinne 1.

Doctoral defence of M.Sc. Sunil Chaudhary

The Use of Usable Security and Security Education to Fight Phishing Attacks

The field of science of the dissertation is Computer Science.

The opponent is Professor Sokratis Katsikas (Norwegian University of Science and Technology). University Researcher Eleni Berki acts as the custos.

The language of the dissertation defence is English.

The Use of Usable Security and Security Education to Fight  Phishing Attacks

Big Phisher Watches ...YOU!

Better information security tools and cyber-security education, …Pleeeease!!

Do you REALLY think that your online activities are secure? WHO is watching your steps when you are online, and WHY?

Phishing is a fraudulent activity that is carried out using techniques such as email, website search, phone-call, SMS, and other ways. These techniques appear to come from legitimate and trusted parties, such as banks, online payment services, e-commerce services or personal acquaintances that sometimes can be friends and relatives. But are the senders really the ones who claim to be? Or are they just phishers and masquerades?

WATCH OUT, overconfident people!! Stylish phishers can fool you.

Phishing activities are mainly designed to allure people in order to provide sensitive personal information such as online banking details, credit card data, and passwords, which will, ultimately, be used to commit fraudulent activities online and, in many cases, steal money. Nowadays, phishing attacks are mean and more vicious and malicious than ever. Phishing can be arranged by professional cyber-criminals as organized (cyber) crime. Sophisticated phishers have the skills and know-how, and use advanced social engineering techniques to make people fall into their trap. Social engineering is about manipulating and exploiting the vulnerabilities of human nature using also psychology. Social engineering techniques induce panic, greed or curiosity in people in order to urge them to respond to the phishing emails or phone calls, and disclose their confidential information. Every year, individuals, businesses organizations, and government agencies world-wide experience big losses because of social engineering and phishing in particular. These losses are directly in terms of billions of dollars and indirectly in terms of reduction in business, loss of productivity, and various psychological sufferings.

Are you worried and frustrated that you can so easily fall for the phishing baits? It is NOT all YOUR fault!!!

In phishing and other types of cybercrime, people (who are normally online services’ users) are often condemned for their stupidity and carelessness, and are often criticized negatively, considered to be as the root cause of online security problems. This could be partially true! On the other hand, this research study perceives the current citizens, and online service users in particular, as strong countermeasures against phishing and social engineering, only if they can act knowledgeably.

So, WHAT should be done?

This doctoral dissertation advocates that in order to enable people make safe and secure decisions in the cyberspace, people should be equipped with suitable and effective knowledge, tools and technology. In particular, people could be a) facilitated by good quality anti-phishing applications and b) educated about phishing and social engineering.

Albeit security education and anti-phishing applications exist, they do not seem to be so successful, essentially because they are not sufficiently updated to cater for new and emerging phishing and social engineering attacks. Phishing is an ever-changing and ever-growing activity for vulnerable people in a continually altering socio-technical domain and there exist so many varying situations that can be used for people’s exploitation by intelligent phishers. Therefore, this research study investigated ways, techniques, methods and strategies through which security education and anti-phishing applications can be updated and enhanced and, thus, become more helpful against phishing and social engineering. The outcomes of this study can assist cyber-security researchers and software professionals and practitioners to design human-centered anti-phishing solutions; thus increase the wisdom and effectiveness of the people, who are the weakest link but also the main stakeholders in the information security domain. Additionally, educational curricula designers and policy makers should focus to design education for future citizens and information security professionals, based on the current and future needs for security and considering people’s learning preferences and thinking styles.

                                               ******

The dissertation is published in the publication series of Acta Universitatis Tamperensis; 2238, Tampere University Press, Tampere 2016. ISBN 978-952-03-0291-7, ISSN 1455-1616. The dissertation is also published in the e-series Acta Electronica Universitatis Tamperensis; 1738, Tampere University Press 2016. ISBN  978-952-03-0292-4, ISSN 1456-954X.

Additional information

Sunil Chaudhary, Tel. +358 46 596 2110, sunil.chaudhary@uta.fi