Reducing Phish-Prone By Simulated Attacks And Trainings by Muhammad Ahsan

Abstract

Phishing attacks continue to be a pervasive and serious cybersecurity threat, exploiting human vulnerability and causing significant financial and reputational damage. This thesis presents the development and evaluation of a comprehensive phishing simulation and awareness tool that integrates Cialdini's principles of persuasion and elements of a cyber drill. The primary objective is to reduce individuals' susceptibility to phishing attacks by providing realistic simulations, targeted training, and reinforcing the principles of persuasion. The thesis begins with a thorough exploration of Cialdini's principles of persuasion, including reciprocity, authority, commitment/consistency, social proof, liking, and scarcity. These principles serve as a theoretical foundation for designing persuasive phishing simulations payloads that exploit human cognitive biases and decision-making processes, thereby increasing users' awareness of social engineering techniques. Drawing upon this theoretical framework, a phishing simulation and awareness tool is developed, incorporating a variety of persuasive strategies and utilizing realistic phishing techniques. The tool enables users to experience simulated phishing attacks in a controlled environment, providing immediate feedback and educational resources to enhance their understanding and response to such threats. By analyzing user interactions and behavior patterns, the tool generates comprehensive reports that identify specific areas for improvement in users' phishing awareness and response. To further strengthen users' preparedness, the tool incorporates elements of a cyber drill, creating an engaging and gamified learning experience. Participants are exposed to targeted trainings based on their performance in simulated phishing campaigns. The tool employs interactive modules, immediate feedback, and adaptive learning techniques to reinforce users' knowledge and decision-making skills, fostering a proactive and resilient approach to phishing threats. The effectiveness of the developed tool is evaluated through a series of controlled experiments involving participants with varying levels of cybersecurity awareness. The evaluation focuses on measuring the reduction in participants' susceptibility to phishing attacks after engaging with the simulation and awareness tool. Additionally, user feedback and qualitative analysis are collected to assess the tool's usability and effectiveness in improving users' resilience against phishing threats. The results of the study demonstrate the efficacy of the phishing simulation and awareness tool in reducing individuals' phish-prone behavior. The findings highlight the positive impact of integrating Cialdini's principles of persuasion and cyber drill techniques, revealing a significant improvement in participants' phishing awareness, decision-making skills, and resistance to social engineering attempts. This research contributes to the field of cybersecurity by offering a practical and effective approach to mitigating the risks associated with phishing attacks, ultimately enhancing the overall cybersecurity posture of individuals and organizations.