AI-Based Phishing Countermeasures
Faculty Mentor Name
Sameer Abufardeh, Catalina Aranzazu-Suescun, Terry Reinsch
Format Preference
Poster
Abstract
In the cybersecurity ecosystem, humans are often the weakest link. End users, through no fault of their own, can unwittingly become the targets of social engineering attacks designed to extract sensitive information. To establish an effective defense, we must understand both the mechanics and psychology of phishing, analyzing how attackers exploit and users respond to these deceptive tactics. Our research focuses on the human factor, analyzing potential victim profiles to understand their vulnerabilities. Phishing attacks exploit innate human traits like trust, helpfulness, and fear of loss or legal trouble. Trust: Attacks masquerade as legitimate entities, lulling victims into clicking malicious links or opening compromised attachments. Urgency: By creating a sense of imminent danger, like account closure threats, attackers pressure victims into acting hastily, often bypassing critical thinking. Fear: Threat of legal or financial repercussions can trigger panic, leading to rash decisions. Lack of Security Training/Awareness: Particularly among older users, a lack of cybersecurity awareness leaves individuals ill-equipped to recognize or respond to phishing attempts. Our project aims to combat phishing attacks through innovative training programs and robust technical controls. This comprehensive approach will result in the following deliverables: research paper detailing our findings and insights, cybersecurity presentations to educate audiences, a technical report outlining recommended control implications to guide organizations in strengthening their defenses, and a publicly available online training program. Following the research phase, we plan to develop AI-based software solutions while adhering to the Secure Software Development Life Cycle (SSDLC) framework. This ensures the resulting software is secure and reliable.
AI-Based Phishing Countermeasures
In the cybersecurity ecosystem, humans are often the weakest link. End users, through no fault of their own, can unwittingly become the targets of social engineering attacks designed to extract sensitive information. To establish an effective defense, we must understand both the mechanics and psychology of phishing, analyzing how attackers exploit and users respond to these deceptive tactics. Our research focuses on the human factor, analyzing potential victim profiles to understand their vulnerabilities. Phishing attacks exploit innate human traits like trust, helpfulness, and fear of loss or legal trouble. Trust: Attacks masquerade as legitimate entities, lulling victims into clicking malicious links or opening compromised attachments. Urgency: By creating a sense of imminent danger, like account closure threats, attackers pressure victims into acting hastily, often bypassing critical thinking. Fear: Threat of legal or financial repercussions can trigger panic, leading to rash decisions. Lack of Security Training/Awareness: Particularly among older users, a lack of cybersecurity awareness leaves individuals ill-equipped to recognize or respond to phishing attempts. Our project aims to combat phishing attacks through innovative training programs and robust technical controls. This comprehensive approach will result in the following deliverables: research paper detailing our findings and insights, cybersecurity presentations to educate audiences, a technical report outlining recommended control implications to guide organizations in strengthening their defenses, and a publicly available online training program. Following the research phase, we plan to develop AI-based software solutions while adhering to the Secure Software Development Life Cycle (SSDLC) framework. This ensures the resulting software is secure and reliable.