Comparative Simulation of Phishing Attacks on a Critical Information Infrastructure Organization: An Empirical Study

Autor: Sirawongphatsara, Patsita, Pornpongtechavanich, Phisit, Phanthuna, Nattapong, Daengsi, Therdpong
Rok vydání: 2024
Předmět:
Druh dokumentu: Working Paper
Popis: Nowadays, cybersecurity is crucial. Therefore, cybersecurity awareness should be a concern for businesses, particularly critical infrastructure organizations. The results of this study, using simulated phishing attacks, indicate that in the first attempt, workers of a Thai railway firm received a phony email purporting to inform recipients of a special deal from a reputable retailer of IT equipment. The findings showed that 10.9% of the 735 workers fell for the scam. This demonstrates a good level of awareness regarding cyber dangers. The workers who were duped by the initial attack received awareness training. Next, a second attempt was carried out. This time, the strategy was for the workers to change their passwords through an email notification from the fake IT staff. According to the findings, 1.4% of the workers fell victim to both attacks (different email content), and a further 8.0% of the workers who did not fall victim to the first attack were deceived. Furthermore, after the statistical analysis, it was confirmed that there is a difference in the relationship between the workers and the two phishing attack simulations using different content. As a result, this study has demonstrated that different types of content can affect levels of awareness.
Comment: 9 pages with 6 figures
Databáze: arXiv