Cognitive Triaging of Phishing Attacks
Amber van der Heijden, Luca Allodi
TL;DR
This paper introduces a machine learning-based method to predict phishing attack success by analyzing cognitive vulnerability triggers in emails, enabling better prioritization of remediation efforts.
Contribution
It develops an automated, quantitative triaging mechanism based on cognitive features, grounded in psychology literature, and validated with real-world organizational data.
Findings
Effective triaging mechanism can prioritize high-risk phishing attacks.
Cognitive features significantly predict attack success.
Method improves response efficiency for anti-phishing teams.
Abstract
In this paper we employ quantitative measurements of cognitive vulnerability triggers in phishing emails to predict the degree of success of an attack. To achieve this we rely on the cognitive psychology literature and develop an automated and fully quantitative method based on machine learning and econometrics to construct a triaging mechanism built around the cognitive features of a phishing email; we showcase our approach relying on data from the anti-phishing division of a large financial organization in Europe. Our evaluation shows empirically that an effective triaging mechanism for phishing success can be put in place by response teams to effectively prioritize remediation efforts (e.g. domain takedowns), by first acting on those attacks that are more likely to collect high response rates from potential victims.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSpam and Phishing Detection · Misinformation and Its Impacts · Cybercrime and Law Enforcement Studies