Dissertation Defense: NAVIGATING WITH SHARKS: HOW THE MARKETING PRACTICES HELP TO CREATE SUCCESSFUL PHISHING EMAILS

Friday, October 20, 2023 10 a.m. to noon

Announcing the Final Examination of Erica Leite De Castilho Grao for the degree of Doctor of Philosophy 

A phishing email is a crime where a scammer sends an email to get sensitive data. Everyday phishing email attacks impact billions of people worldwide. Preparing users to better identify phishing and avoid risky engagement with it is essential to combat this threat. We consider that as phishing emails and email marketing aim to target email clicks, scammers can use marketing practices in phishing emails to achieve their goals. However, the security research community doesn't explore deeply the similarities between phishing and email marketing. This study presents a distinctive framework known as the Phishing Engagement Marketing Optimization (PEMO). The primary objective of PEMO is to provide practices commonly used in email marketing to be applied to phishing simulations. This work presents the methodology to apply PEMO to phishing simulations and a hypothetical scenario to help understanding. We also determined which PEMO practices have a significant effect on phishing email engagement. To address the research problem, we ran an experiment with 400 participants to evaluate how they engage with 100 emails, where 92 were original emails and 8 were phishing emails. We also collected information about the motive of the decision-making behavior. Results showed that lower-risk participants, classified here as non-offenders, were not able to recognize phishing which applied Usability and Influence or Persuasion and Usability practices. In addition, higher-risk participants, classified here as offenders, increased replied and forwarded engagements with phishing which applied Persuasion practices. This work can help information security specialists better prepare users to avoid risky engagements with phishing attacks that apply marketing practices by designing phishing simulations that leverage those same practices.

Committee in Charge:
Benjamin Sawyer, Chair, IEMS
Ozlem Garibay , IEMS UCF
Waldemar Karwowski , IEMS UCF
Matthew Canham , External - Belay7 

Read More

Location:


Contact:

College of Graduate Studies 407-823-2766 editor@ucf.edu

Calendar:

Graduate Thesis and Dissertation

Category:

Uncategorized/Other

Tags:

engineering doctoral Thesis and Dissertation defense