C4I & Cyber Seminar: An Experimental Study of Susceptibility to Phishing at George Mason University

Presentation: Kathryn Laskey, Ph.D

Phishing emails have become a major attack vector that can result in loss of confidential information by users and organizations. Research on factors that affect people’s susceptibility to phishing is an essential step in improving cybersecurity awareness and designing protective strategies. This talk describes a study of phishing susceptibility conducted at George Mason University in Fall 2018. This simulated phishing experiment targeted 6,938 faculty and staff at George Mason University. Three different simulated phishing emails were distributed over a period of three weeks. Each user received all three phishing emails, one each week, each on a different day of the week. People who clicked on the link were taken to a randomly chosen landing page. Data on clicking behavior was cross-referenced human resources data. Confidentiality was ensured by de-identifying data prior to analysis and aggregating to ensure that no individual user could be identified. This talk presents initial results and analysis of effects on click behavior of demographic factors, email content, and landing page. We conclude by discussing implications for counter-phishing policy.

Kathryn Blackmond Laskey is Professor of Systems Engineering and Operations Research and Associate Director of the C4I and Cyber Center at George Mason University. She teaches and performs research on multi-source information fusion, decision theoretic knowledge representation and reasoning methodology, data analytics, and decision support. She has worked in diverse application areas, including modeling the emplacement of improvised explosive devices, detecting insider threats, predicting aircraft delays, managing terrorist risk at public facilities, and planning military engagements. She serves on the Board of the International Society of Information Fusion and the Washington Metropolitan Area chapter of INCOSE. She is past board chair of the Association for Uncertainty in Arti-ficial Intelligence.

2:00 pm - 3:00 pm

C4I Center ENGR 4705