one size does not fit all demographic differences in
play

One Size Does Not Fit All: Demographic Differences in Spear Phishing - PowerPoint PPT Presentation

Nov 18, 2023 •175 likes •390 views

One Size Does Not Fit All: Demographic Differences in Spear Phishing Susceptibilty Cameron Merrill CS 563 Advanced Computer Security October 10th 2018 Oliveira et al. 2017 at a glance CHI 2017 Spear Phishing Susceptibility: = F(

  1. One Size Does Not Fit All: Demographic Differences in Spear Phishing Susceptibilty Cameron Merrill CS 563 Advanced Computer Security October 10th 2018

  2. Oliveira et al. 2017 at a glance • CHI 2017 • Spear Phishing Susceptibility: – = F( Age , Principle of Influence, Life Domain ) • Age : – Old vs Young • Principles of Influence (Weapons): – Common human heuristics in decision making • Life Domain: – Context of the weapon Background

  3. Phishing Background

  4. Phishing • First step in advanced persistent threats • Low cost, difficult attribution – SMTP Spoofing • Successful attacks leverage psychological principles of influence to gain trust in target user Background

  5. Phishing Interventions – Technical Interventions • Real Time Warnings / Monitoring • Filtering – User Training – Anti Phishing technologies have been around for nearly two decades…. Background

  6. Phishing Phishing Campaigns by Year ( "APWG Phishing Attack Trends Reports”) Background

  7. Principles of Influence • Influence: The Psychology of Persuasion (Cialdini 1984) • Key Principles of Influence: – Reciprocity – Commitment – Social Proof – Authority – Liking – Scarcity Background

  8. Life Domains • Financial • Health • Ideological • Legal • Security • Social Background

  9. Weapon and Life Domain • “You can save 20 percent on your next electric bill by filling out our online survey within the next three days. Your participation will allow us to provide Regional Utilities with accurate information as to how they can improve their services. Take advantage of this limited time opportunity by clicking the link below: < link >” • Weapon: – Scarcity (“within the next three days”) • Domain: – Financial (electrical bill) Background

  10. “Our resources have indicated that you have a parking violation • from 12/17/2015 at SW 89th Avenue at 3:34pm. Please go to our website to obtain more information about the violation and to pay your fine or refute your ticket: < link >, Sincerely, Parking Enforcement” • Weapon: • Life Domain: – Reciprocity Domain: – Financial • – Health – Commitment – Legal Weapon: – Ideological – Social Proof • – Authority – Authority – Legal – Liking – Security – Scarcity – Social Background

  11. Methods • 21 day study examining internet use for one hour a day • Participants (N=158) – 100 Younger (56% female) – 58 Older (43% female) • Each day of study, subjects were sent one simulated spear phishing email counter balanced across weapon/domain • Susceptibility self awareness LIKERT questionnaire Methods

  12. Study Framework Methods

  13. Results • 40% of participants clicked at least one link • Older women most susceptible demographic • Large discrepancy between actual behavioral susceptibility and self reported susceptibility, specifically amongst older users – people think they are better than they actually are (go figure) Results

  14. Results – Weapon susceptibility • Older Adults: – Reciprocation, Scarcity • Younger: – Scarcity, Authority Results

  15. Results – Life Domains • Legal significantly more effective than all others • Ideological significantly more effective than financial Results

  16. Study Constraints • Susceptibility awareness measured using LIKERT scale, analyzed using parametric measures = not ideal • No temporal analysis to rule out learned effect • How do we know for sure the users read the email before clicking the link? Results

  17. Takeaways • Demographic differences yield measurable differences in decision making heuristics across age, gender • One size does not fit all: – Security interventions, communication, training needs to be tailored to specific demographics Demographics in Security

  18. Older Adults • Lucrative and plentiful targets: fastest growing segment of the U.S> population • Often have accumulated financial assets and/or hold powerful positions in finances and politics • Cognitive processing capacity and sensitivity to deception decline with age • Self reported trust increases Demographics in Security

  19. How can we do better? • Avoiding usability studies solely on “WEIRD” subjects – W estern, E ducated, from I ndustrialized, R ich, D emocratic countries • Be careful how you measure susceptibility Demographics in Security

  20. Questions? Demographics in Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DEMOGRAPHIC DIFFERENCES IN MASSACHUSETTS ALL PAYER CLAIMS DATA (MA APCD) BEFORE AND AFTER

DEMOGRAPHIC DIFFERENCES IN MASSACHUSETTS ALL PAYER CLAIMS DATA (MA APCD) BEFORE AND AFTER

DEMOGRAPHIC DIFFERENCES IN MASSACHUSETTS ALL PAYER CLAIMS DATA (MA APCD) BEFORE AND AFTER GOBEILLE Sylvia D. Hobbs, MPH, Anne Medinus, PhD August 2020 CENTER FOR HEALTH INFORMATION AND ANALYSIS Population-Based Data and the MA APCD Applicants

385 views • 14 slides
BIOE 301 Review of Last Time Sample size calculations Ensure differences between treatment

BIOE 301 Review of Last Time Sample size calculations Ensure differences between treatment

Lecture Eighteen BIOE 301 Review of Last Time Sample size calculations Ensure differences between treatment &amp; control group are real Type I Error: (False Positive) Mistakenly conclude there is a difference between the two

850 views • 26 slides
6. Individual Differences Differences: Big Questions Are some differences changeable and

6. Individual Differences Differences: Big Questions Are some differences changeable and

6. Individual Differences Differences: Big Questions Are some differences changeable and how much? What effect does community and environment play? What can teachers do to accommodate differences? 6.1 The Nature-Nurture

742 views • 52 slides
Demographic Update October 9, 2017 Population and Survey Analysts Demographic Update

Demographic Update October 9, 2017 Population and Survey Analysts Demographic Update

Dripping Springs I.S.D. Demographic Update October 9, 2017 Population and Survey Analysts Demographic Update Demographic Trends Economic Trends Housing Projections Students per Home Projected Student Enrollment School Districts with

449 views • 43 slides
Chinas One-Child Policy Identifying the Economic, Social, and Demographic Consequences

Chinas One-Child Policy Identifying the Economic, Social, and Demographic Consequences

Background Pop. Size Pop. Aging Sex Ratio Human Capital Personality Optional Readings Chinas One-Child Policy Identifying the Economic, Social, and Demographic Consequences Jeffrey R. Bloem Public Affairs 8331 - Economic Demography

1.29k views • 110 slides
A Unified Statistical Framework for Demographic Rates Using Demographic and Health Survey Data

A Unified Statistical Framework for Demographic Rates Using Demographic and Health Survey Data

A Unified Statistical Framework for Demographic Rates Using Demographic and Health Survey Data Thomas W. Pullum tom.pullum@icf.com The Demographic and Health Surveys Program Draft of October 25, 2017 Prepared for the IUSSP International Population

487 views • 22 slides
Demographic Forecast Overview Variables to prepare: Population Households Household

Demographic Forecast Overview Variables to prepare: Population Households Household

Demographic Forecast Overview Variables to prepare: Population Households Household size Jobs (with categories) Household income Non-standard generators Two-part process: County-level Small-area level

433 views • 20 slides
Biomedical Engineering Ensure differences between treatment &amp; control group are real for

Biomedical Engineering Ensure differences between treatment &amp; control group are real for

Review of Last Time Sample size calculations Biomedical Engineering Ensure differences between treatment &amp; control group are real for Global Health Type I Error: (False Positive) Mistakenly conclude there is a difference

64 views • 5 slides
Lab 2 discussion Last Time Debugging Its a science use experiments to refine

Lab 2 discussion Last Time Debugging Its a science use experiments to refine

size= 64 correct= 0 size= 73 correct= 0 Shuying Liang size= 107 correct= 1 size= 107 correct= 0 size= 108 correct= 0 size= 108 correct= 1 Please do not handin a .doc file, a .zip file, a .tar file, size= 111 correct= 1 size=

430 views • 7 slides
International Recruitment Tools &amp; Techniques: One Size Doesnt Fit All MAY 29, 2015 11

International Recruitment Tools &amp; Techniques: One Size Doesnt Fit All MAY 29, 2015 11

International Recruitment Tools &amp; Techniques: One Size Doesnt Fit All MAY 29, 2015 11 A.M.-12:15 P.M 1 Session Introduction With the demographic downturn in the United States and increased competition for international students, growing

538 views • 49 slides
Py Python Lists Similar to an array but some important differences: lists do not have a fixed

Py Python Lists Similar to an array but some important differences: lists do not have a fixed

2/5/20 Py Python Lists Similar to an array but some important differences: lists do not have a fixed size lists are heterogeneous can insert delete at arbitrary positions within list CS 224 Introduction to Python Spring 2020

400 views • 6 slides
DEMOGRAPHIC STUDY FOR THE NEW PROVIDENCE SCHOOL DISTRICT May 20, 2019 STATISTICAL FORECASTING

DEMOGRAPHIC STUDY FOR THE NEW PROVIDENCE SCHOOL DISTRICT May 20, 2019 STATISTICAL FORECASTING

DEMOGRAPHIC STUDY FOR THE NEW PROVIDENCE SCHOOL DISTRICT May 20, 2019 STATISTICAL FORECASTING Provide demographic services for school districts in the New York-New Jersey metropolitan area since 1998. Performed demographic studies

748 views • 35 slides
Designing for differences Dan Smith 2 Designing for Differences - Goals Be familiar with

Designing for differences Dan Smith 2 Designing for Differences - Goals Be familiar with

1 Designing for differences Dan Smith 2 Designing for Differences - Goals Be familiar with the issues that affect usability and interaction for different individual and groups of people Know the basic tools for designing interactive

525 views • 26 slides
Date: Monday, 25/Jul/2016 10:45am - 12:15pm 1A: Demographic Issues: Demographic Dividend, Ageing,

Date: Monday, 25/Jul/2016 10:45am - 12:15pm 1A: Demographic Issues: Demographic Dividend, Ageing,

Date: Monday, 25/Jul/2016 10:45am - 12:15pm 1A: Demographic Issues: Demographic Dividend, Ageing, Youth, Migration Session Chair: Shofwan Shofwan , Faculty of Economics and Business University of Brawijaya; shofwan1705@gmail.com WERE YOU BORN AT

348 views • 20 slides
DEMOGRAPHIC STUDY FOR THE CLINTON TOWNSHIP SCHOOL DISTRICT October 27, 2014 STATISTICAL

DEMOGRAPHIC STUDY FOR THE CLINTON TOWNSHIP SCHOOL DISTRICT October 27, 2014 STATISTICAL

DEMOGRAPHIC STUDY FOR THE CLINTON TOWNSHIP SCHOOL DISTRICT October 27, 2014 STATISTICAL FORECASTING Provide demographic services for school districts in the New York-New Jersey metropolitan area. Performed demographic studies for

541 views • 36 slides
WEST ORANGE PUBLIC SCHOOLS August 28, 2017 STATISTICAL FORECASTING Provide demographic

WEST ORANGE PUBLIC SCHOOLS August 28, 2017 STATISTICAL FORECASTING Provide demographic

DEMOGRAPHIC STUDY FOR THE WEST ORANGE PUBLIC SCHOOLS August 28, 2017 STATISTICAL FORECASTING Provide demographic services for school districts in the New York-New Jersey metropolitan area since 1998. Performed demographic studies for

638 views • 49 slides
Transfer Learnin ing and Domain in Adaptatio ion Prof. Leal-Taix and Prof. Niessner 1 Big

Transfer Learnin ing and Domain in Adaptatio ion Prof. Leal-Taix and Prof. Niessner 1 Big

Transfer Learnin ing and Domain in Adaptatio ion Prof. Leal-Taix and Prof. Niessner 1 Big iggest Cri riticis ism of f Computer Vis ision Works on constructed datasets, but not in the real world and thats also true for

564 views • 22 slides
Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly

Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly

Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly internal problem Protection: mechanism for controlling the access of programs, processes, or users to the resources defined by a computer

499 views • 16 slides
Ofcoms role in cyber security UKNOF Edinburgh Huw Saunders Director, Network Infrastructure

Ofcoms role in cyber security UKNOF Edinburgh Huw Saunders Director, Network Infrastructure

Ofcoms role in cyber security UKNOF Edinburgh Huw Saunders Director, Network Infrastructure PROMOTING CHOICE SECURING STANDARDS PREVENTING HARM Ofcom and cyber security Area of growing importance across all sectors, with

216 views • 7 slides
A new stub resolver Willem Toorop willem@nlnetlabs.nl API is: A DNS API specification (for

A new stub resolver Willem Toorop willem@nlnetlabs.nl API is: A DNS API specification (for

A new stub resolver Willem Toorop willem@nlnetlabs.nl API is: A DNS API specification (for resolving) by and for application developers (for application) First implementation by LABS and From Verisign: From NLnet Labs: Theogene Bucuti,

1.63k views • 113 slides
CHARIOT: A DOMAIN SPECIFIC LANGUAGE FOR EXTENSIBLE

CHARIOT: A DOMAIN SPECIFIC LANGUAGE FOR EXTENSIBLE

Extensible CPS Subhav Pradhan CHARIOT: A DOMAIN SPECIFIC LANGUAGE FOR EXTENSIBLE CYBER-PHYSICAL SYSTEMS Presented at DSM 2015, Pittsburgh, PA Subhav Pradhan , Abhishek Dubey, Aniruddha Gokhale, and

245 views • 11 slides
Probing lepton flavour universality in B (0) K (0 ) + decays at CMS

Probing lepton flavour universality in B (0) K (0 ) + decays at CMS

Probing lepton flavour universality in B (0) K (0 ) + decays at CMS Author: Julia-Suzana Dancu Supervisor: Dr Oliver Buchm uller Post-doc: Dr Matthias Komm 1/11 Lepton Universality Tests at CMS February 28, 2019

580 views • 19 slides
Width and Serialization of Classical Planning Problems Nir Lipovetzky 1 Hctor Geffner 1 , 2 DTIC

Width and Serialization of Classical Planning Problems Nir Lipovetzky 1 Hctor Geffner 1 , 2 DTIC

Width and Serialization of Classical Planning Problems Nir Lipovetzky 1 Hctor Geffner 1 , 2 DTIC Universitat Pompeu Fabra 1 Barcelona, Spain ICREA 2 Barcelona, Spain ECAI-2012; Montpellier Nir Lipovetzky, Hctor Geffner Width and

545 views • 20 slides
TECHNOLOGY PARK OAK FOREST SITE A Site Proposal to the Little Rock Technology Park Authority

TECHNOLOGY PARK OAK FOREST SITE A Site Proposal to the Little Rock Technology Park Authority

TECHNOLOGY PARK OAK FOREST SITE A Site Proposal to the Little Rock Technology Park Authority Joel E. Anderson, Chancellor University of Arkansas at Little Rock October 9, 2013 Childrens Library 10 th and Madison Residential area

423 views • 18 slides

More recommend