AES - Achieve Effective and sustainable Anti-phishing Solutions - FHSE

We explore innovative solutions to enhance employees' resilience against social engineering attacks.

The project at a glance

Start date:

15 Jan 2022
Duration in months:

48
Funding:

University of Luxembourg
Principal Investigator(s):

Christine SCHILTZ

Xiaowei CHEN

Anastasia SERGEEVA

About

Phishing emails trick individuals into divulging confidential information to attackers, often containing malware or links to rogue websites. Despite advances in computing power and algorithms that enable large companies to filter out most threats. However, a deal eventually ends up in the mailboxes of employees who are then left alone with the burden and the responsibility of not becoming the next victim. There is a pressing need to enhance security awareness to bolster individuals’ resilience. Among the various anti-phishing training exercises, Phishing-as-a-Service (PhaaS) is particularly promising as it combines simulated phishing attacks with security awareness training. This project examines current PhaaS solutions and develops new experimental approaches to improve their effectiveness and sustainability, inducing behavioral changes that will lead to a reduction in the click ratio of phishing emails and an increase in the reporting of suspicious emails. Specifically, controlled experiments, data analysis, HCI techniques, and longitudinal studies will be employed to address the following questions: * What motivates and discourages employees in phishing interventions? * How can phishing interventions be made more effective and engaging? * What motivates employees to act more securely when handling information assets in the workplace?