| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | March 18, 2014 |
| Latest Amendment Date: | June 16, 2015 |
| Award Number: | 1359601 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Nina Amla
namla@nsf.gov (703)292-7991 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | March 1, 2014 |
| End Date: | February 28, 2017 (Estimated) |
| Total Intended Award Amount: | $203,648.00 |
| Total Awarded Amount to Date: | $219,648.00 |
| Funds Obligated to Date: |
FY 2015 = $16,000.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
70 WASHINGTON SQ S NEW YORK NY US 10012-1019 (212)998-2121 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
NY US 11201-3840 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001516DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
A safe and productive society increasingly depends on a safe and trustworthy cyberspace. However, extensive research has repeatedly shown that the human factor is often the weakest part in cyberspace, and that users of information systems are often exposed to great risks when they respond to credible-looking emails. Thus, spear phishing attacks - which attempt to get personal or confidential information from users through well-targeted deceptive emails - represent a particularly severe security threat.
Addressing this threat, in this project we use a combination of surveys and experiments to examine the psychological, educational and cultural factors that contribute to the users' vulnerability and response to spear phishing attacks, and their ability to detect deception. An important aspect of the project is an in vivo, multi-site setting: studies are conducted in university and commercial enterprise setting, as well as across different cultures - in all cases using realistic spear phishing email attacks. Using a three-dimensional experimental design, in this cross-disciplinary research project we (i) identify the underlying factors for the success of different spear phishing attack strategies; (ii) develop novel types of cyber-defenses that are tailored to users' idiosyncratic characteristics; (iii) validate the usefulness of personality-targeted defense in a comparative, multi-organizational, real-world settings; and (iv) develop a new, collaborative avenue for cross-disciplinary research of social scientists and computer scientists.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
In this project, the research team studied the effects of the interaction between personality traits and other personal characteristics on the one hand, and spear-phishing attack strategies on the other, on users’ online security behavior. The team sought to identify the underlying factors for the success of spear-phishing attacks using different spear-phishing attack strategies, analyze the relationship between personality traits and susceptibility to phishing, and explore the utility of personality-targeted defense in in vivo, multi-organizational, real-world settings. As part of the project, the team developed a series of online experiment to address the project’s objectives. In one study, the team developed an experiment in which three different spear-phishing messages, reflecting different persuasion strategies, were sent to unsuspecting users whose responses to the messages were recorded. The team found that spear-phishing messages that evoked curiosity were the most successful in deceiving people compared to those that relied on greed or urgency. In another study, the team examined the effectiveness of the use of social engineering attacks for inducing users to reveal their SMS verification codes. Throughout the project, graduate and undergraduate students have been trained in interdisciplinary research on cyber-security. The findings resulting from these studies were reported in peer reviewed journals.
Last Modified: 04/16/2017
Modified by: Oded Nov
Please report errors in award information by writing to: awardsearch@nsf.gov.
