AI-Based Phishing Countermeasures

Faculty Mentor Name

Sameer Abufardeh, Catalina Aranzazu-Suescun, Terry Reinsch

Format Preference

Poster

Abstract

In the cybersecurity ecosystem, humans are often the weakest link. End users, through no fault of their own, can unwittingly become the targets of social engineering attacks designed to extract sensitive information. To establish an effective defense, we must understand both the mechanics and psychology of phishing, analyzing how attackers exploit and users respond to these deceptive tactics. Our research focuses on the human factor, analyzing potential victim profiles to understand their vulnerabilities. Phishing attacks exploit innate human traits like trust, helpfulness, and fear of loss or legal trouble. Trust: Attacks masquerade as legitimate entities, lulling victims into clicking malicious links or opening compromised attachments. Urgency: By creating a sense of imminent danger, like account closure threats, attackers pressure victims into acting hastily, often bypassing critical thinking. Fear: Threat of legal or financial repercussions can trigger panic, leading to rash decisions. Lack of Security Training/Awareness: Particularly among older users, a lack of cybersecurity awareness leaves individuals ill-equipped to recognize or respond to phishing attempts. Our project aims to combat phishing attacks through innovative training programs and robust technical controls. This comprehensive approach will result in the following deliverables: research paper detailing our findings and insights, cybersecurity presentations to educate audiences, a technical report outlining recommended control implications to guide organizations in strengthening their defenses, and a publicly available online training program. Following the research phase, we plan to develop AI-based software solutions while adhering to the Secure Software Development Life Cycle (SSDLC) framework. This ensures the resulting software is secure and reliable.

Share

COinS
 

AI-Based Phishing Countermeasures

In the cybersecurity ecosystem, humans are often the weakest link. End users, through no fault of their own, can unwittingly become the targets of social engineering attacks designed to extract sensitive information. To establish an effective defense, we must understand both the mechanics and psychology of phishing, analyzing how attackers exploit and users respond to these deceptive tactics. Our research focuses on the human factor, analyzing potential victim profiles to understand their vulnerabilities. Phishing attacks exploit innate human traits like trust, helpfulness, and fear of loss or legal trouble. Trust: Attacks masquerade as legitimate entities, lulling victims into clicking malicious links or opening compromised attachments. Urgency: By creating a sense of imminent danger, like account closure threats, attackers pressure victims into acting hastily, often bypassing critical thinking. Fear: Threat of legal or financial repercussions can trigger panic, leading to rash decisions. Lack of Security Training/Awareness: Particularly among older users, a lack of cybersecurity awareness leaves individuals ill-equipped to recognize or respond to phishing attempts. Our project aims to combat phishing attacks through innovative training programs and robust technical controls. This comprehensive approach will result in the following deliverables: research paper detailing our findings and insights, cybersecurity presentations to educate audiences, a technical report outlining recommended control implications to guide organizations in strengthening their defenses, and a publicly available online training program. Following the research phase, we plan to develop AI-based software solutions while adhering to the Secure Software Development Life Cycle (SSDLC) framework. This ensures the resulting software is secure and reliable.