Recognition of Phishing Attacks and its Impact: A Case Study

Abstract

A phishing attack is a cyber-attack that uses social engineering to steal sensitive information or plant malware in the target machine. The attack can also serve as a backdoor for an attacker to carry out another cyber attack. Phishing attack has changed within the past years. One can deploy phishing attacks in various ways, such as emails, SMS, calls, etc. As phishers develop ways to improve phishing attacks, these attacks may pass through security technology. Hence, safeguarding against phishing attacks may depend on humans identifying these attacks. This paper studies how to train people to recognise phishing attacks and their impact. The recognition could help to safeguard against an attack because humans will be able to detect these attacks. This thesis used an experimental ATTF (Awareness, Training, Testing, Feedback) approach. Firstly, we have carried out a simulation to know how aware staff is of recognising phishing emails. Next, we have distributed a questionnaire to explore how humans understand phishing attacks. In the last step, we performed a post-simulation to see whether the participants learnt to recognise the phishing attacks. With humans being able to recognise phishing attacks, it reduces the probability of attack victims. In these cases where security technology fails to detect phishing attacks, the human trained to recognise these attacks can identify them and carry out the steps required to safeguard against them. The recognition of phishing is a good practice because of the changes with the phishing attacks. If attackers continue to be creative with their attacks and humans are continuously trained on the trends and indicators of phishing, targets will prevent themselves from being victims of the attack.