[PDF]

hacking human vulnerability to phishing


Sohaib Ayub

03/10/2024

Supervised by Amir Javed; Moderated by Fernando Alva Manchego

Phishing poses a significant and persistent threat in the realm of cybersecurity, targeting individuals, businesses, and organisations alike. This insidious tactic involves cybercriminals masquerading as trustworthy entities, such as banks, government agencies, or reputable companies, to deceive unsuspecting victims into divulging sensitive information, such as login credentials, financial details, or personal data. The sophistication of phishing attacks continues to evolve, with perpetrators employing increasingly convincing techniques, such as personalised messages, spoofed email addresses, and fake websites meticulously crafted to mimic legitimate ones. Furthermore, the rise of social engineering tactics has made it easier for attackers to manipulate human psychology, exploiting emotions like urgency, fear, or curiosity to coerce individuals into taking the desired action. The success of phishing attacks lies in the cybercriminal's ability to exploit human vulnerabilities rather than relying solely on technical weaknesses. To combat the phishing problem effectively, organisations must prioritise cybersecurity awareness and education, implement robust email security measures, conduct regular phishing simulations and training exercises, and foster a culture of vigilance among employees. The project aims to uncover factors that users are susceptible to by tracking their eye movements. You will be required to conduct a study where you will be displaying different phishing emails to users and observing words/areas where usersspend more time to identify a relationship between words used and susceptibility to phishing emails.


Final Report (03/10/2024) [Zip Archive]

Publication Form