Spear Phishing: Email versus Facebook Joint work with Freya - - PowerPoint PPT Presentation

spear phishing email versus facebook
SMART_READER_LITE
LIVE PREVIEW

Spear Phishing: Email versus Facebook Joint work with Freya - - PowerPoint PPT Presentation

Aug 16, 2022 264 likes •358 views

Dagstuhl Seminar: Cybersafety in Modern Online Social Networks September 2017 Spear Phishing: Email versus Facebook Joint work with Freya Gassmann, Anna Girard, Nadina Hintz, Robert Landwirth, Andreas Luder Zinaida Benenson

slide-1
SLIDE 1

Spear Phishing: Email versus Facebook

Joint work with Freya Gassmann, Anna Girard, Nadina Hintz, Robert Landwirth, Andreas Luder Zinaida Benenson

zinaida.benenson@fau.de Friedrich-Alexander-Universität Erlangen-Nürnberg

Dagstuhl Seminar: Cybersafety in Modern Online Social Networks September 2017

slide-2
SLIDE 2

Study 1

Dagstuhl, Sept. 2017 Spear Phishing: Email vs. Facebook Zinaida Benenson 2

Hey, the New Year’s Eve party was great! here are the pictures: Hey <receiver’s first name>, here are the pictures from the last week: http://131.188.31.163/photocloud/<USER ID> Study 2

Benenson, Z., Girard, A. Hintz, N., Luder, A. Susceptibility to URL-based Internet Attacks: Facebook vs. Email. 6th International Workshop on SEcurity and SOCial Networking 2014 Benenson, Z., Gassmann, F., Landwirth, R. Unpacking Spear Phishing Susceptibility. Targeted Attacks Workshop 2017

slide-3
SLIDE 3

Clicking Behavior: Email vs. Facebook

Dagstuhl, Sept. 2017 Spear Phishing: Email vs. Facebook Zinaida Benenson 3

0% 50% 100% Studie 1: E-Mail Studie 1: Facebook Studie 2: E-Mail Studie 2: Facebook

20% 42.5% 56% 38%

89/158 90/240

194/975

119/280

Study 1: Email Study 1: Facebook Study 2: Email Study 2: Facebook Addressing by name important in emails, but not on Facebook?

Disclaimer: Study 1 ≠ Study 2!!! (different user groups, different messages)

slide-4
SLIDE 4

How Do People Explain Their Clicking or Non-Clicking?

Dagstuhl, Sept. 2017 Spear Phishing: Email vs. Facebook Zinaida Benenson 4

slide-5
SLIDE 5

Reasons for Clicking

(117 answers, some people reported multiple reasons)

  • Curiosity: 34%
  • Fits recipient’s context: 27%
  • Investigation: 17%
  • Known sender: 16%
  • Fear: 7%

5 Dagstuhl, Sept. 2017 Spear Phishing: Email vs. Facebook Zinaida Benenson

slide-6
SLIDE 6

Could This Happen to YOU?

Dagstuhl, Sept. 2017 Spear Phishing: Email vs. Facebook Zinaida Benenson 6

slide-7
SLIDE 7

From: john.smith@turner.com To: zinaida.benenson@fau.de Subject: CNN request -- about your upcoming Black Hat talk Zinaida, John at CNN here. I’m the news network’s cybersecurity reporter. Here’s a link to my work, in case you’re not familiar with it. I saw the description of your upcoming Black Hat talk. Your topic looks fantastic! Can we get an exclusive look at your research and write the first news story about it? Cheers, John Smith john.smith@CNN.com

7 Dagstuhl, Sept. 2017 Spear Phishing: Email vs. Facebook Zinaida Benenson

Luckily, this message was genuine But it could have been an attack! All targeting information was available online

slide-8
SLIDE 8

Targeting

  • General principles

– Personalization – Plausibility of content & context – Emotions (positive and negative) – Automatic reactions

  • Email versus Facebook

– Interface: salience of the sender – Communication patterns – Handling of messages – Trustworthiness of the platform?

Dagstuhl, Sept. 2017 Spear Phishing: Email vs. Facebook Zinaida Benenson 8