Abstract
ABSTRACT While phishing has evolved over the years, it still exploits one of the weakest links in any information system — humans. The present study aims at describing who the potential phishing victims are. We constructed two types of phishing messages that represented two basic categories of phishing e-mails: regular and spear-phishing. In cooperation with the IT management of a municipality in the southwestern region of the United States, we sent these messages to the municipality’s employees and collected demographic data about individuals employed by the organization. We then applied eight supervised learning methods to classify the municipality’s employees into two groups: phished and not-phished. Our results indicate that spear-phishing yields a significantly higher response rate than regular phishing and that some machine learning methods yield high classification accuracy in predicting phishing victims. We finally provide discussion of the results as well as the future implications.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
