Thesis (Selection of subject)Thesis (Selection of subject)(version: 372)
Thesis details
   Login via CAS
Psychology of Phishing Attacks During Crises: The Case of Covid-19 Pandemic
Thesis title in Czech: Psychologie phishingových útoků během krizí: Případ pandemie COVID-19
Thesis title in English: Psychology of Phishing Attacks During Crises: The Case of Covid-19 Pandemic
Key words: COVID-19, phishing, sociální inženýrství, psychologie, přesvědčování, krize, pandemie, impersonace, pretexting
English key words: COVID-19, phishing, social engineering, psychology, persuasion, crises, pandemic, impersonation, pretexting
Academic year of topic announcement: 2019/2020
Thesis type: diploma thesis
Thesis language: angličtina
Department: Department of Security Studies (23-KBS)
Supervisor: David Erkomaishvili, Ph.D.
Author: hidden - assigned by the advisor
Date of registration: 03.01.2021
Date of assignment: 03.01.2021
Date and time of defence: 22.09.2021 08:00
Venue of defence: Pekařská 16, JPEK312, 312, Malá učebna, 3.patro
Date of electronic submission:27.07.2021
Date of proceeded defence: 22.09.2021
Opponents: Mgr. Petr Špelda, Ph.D.
 
 
 
URKUND check:
References
AKBAR, Nurul, 2014. Analysing persuasion principles in phishing emails. Enschede. Master Thesis. University of Twente.
ANDRESS, Jason, 2014. The Basics of Information Security: Understanding the Fundamentals of Infosec in Theory and Practice. Oxford: Syngress.
ANTUŠÁK, Emil and Josef VILÁŠEK, 2016. Základy teorie krizového managementu. Praha: Karolinum.
BARYSHEVTSEV, Maxim and Joseph MCGLYNN, 2020. Persuasive Appeals Predict Credibility Judgments of Phishing Messages. Cyberpsychology, Behavior, and Social Networking. 23(5), 297-302.
BENNETT, Peter, Kenneth CALMAN, Sarah CURTIS and Denis FISCHBACHER-SMITH, 2010. Risk Communication and Public Health. Oxford: Oxford University Press.
CIALDINI, Robert, 2006. Influence: The Psychology of Persuasion. New York: Harper Business.
EVERY-PALMER, Susanna et al., 2020. Psychological distress, anxiety, family violence, suicidality, and wellbeing in New Zealand during the COVID-19 lockdown: A cross-sectional study. PLoS ONE [online]. 15(11) [cit. 2021-1-2]. Available at: https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0241658
FERREIRA, Ana, Lynne COVENTRY and Gabriele LENZINI, 2015. Principles of Persuasion in Social Engineering and Their Use in Phishing. In: TRYFONAS, Theo and Ioannis ASKOXYLAKIS, ed. Human Aspects of Information Security, Privacy, and Trust. Cham: Springer, s. 36-47.
FERREIRA, Ana and Soraia TELES, 2019. Persuasion: How phishing emails can influence users and bypass security measures. International Journal of Human-Computer Studies. 125, 19–31.
GARAYEV, Vener, 2013. Crisis, Definition of. In: PENUEL, K. Bradley, Matt STATLER a Ryan HAGEN. Encyclopedia of Crisis Management. Los Angeles: SAGE Publications, s. 186-187. ISBN 9781452226125.
GIDDENS, Anthony, 1991. Modernity and Self-identity: Self and Society in the Late Modern Age. Stanford: Stanford University Press.
GRAGG, David, 2003. A Multi-Level Defense Against Social Engineering. Maryland: SANS Institute.
HADNAGY, Christopher, 2010. Social Engineering. Indianapolis: John Wiley & Sons.
HANCOCK, Peter A. and Gerald MATTHEWS, 2015. Stress and Attention. In: FAWCETT, Jonathan, Alan KINGSTONE and Evan RISKO, ed. The Handbook of Attention. Cambridge: The MIT Press, s. 547-568.
HOLT, Thomas J. a Danielle C. GRAVES, 2007. A Qualitative Analysis of Advance Fee Fraud E-mail Schemes. International Journal of Cyber Criminology. 1(1), 137-154.
JAKOBSSON, Markus and Steven MYERS, 2007. Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft. New Jersey: John Wiley & Sons.
JENKINS, Rachel and Howard MELTZER, 2012. The Mental Health Impacts of Disasters [online]. London: Government Office for Science [cit. 2020-11-29]. Available at: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/286994/12-1297-mental-health-impacts-of-disasters.pdf
MASLOW, Abraham Harold, 1943. A Theory of Human Motivation. Psychological Review. 50, 370-396.
MITNICK, Kevin D. and William L. SIMON, 2011. The Art of Deception: Controlling the Human Element of Security. Indianapolis: John Wiley.
ONO, Eisuke et al., 2011. Relationship between Social Interaction and Mental Health. 2011 IEEE/SICE International Symposium on System Integration (SII) [online]. 246-249 [cit. 2021-1-2]. Available at: https://ieeexplore.ieee.org/document/6147454
PARSONS, Kathryn et al., 2019. Predicting susceptibility to social influence in phishing emails. International Journal of Human-Computer Studies. 128, 17-26.
PETZOLD, Moritz Bruno et al., 2020. Risk, resilience, psychological distress, and anxiety at the beginning of the COVID‐19 pandemic in Germany. Brain and Behavior [online]. 10(9) [cit. 2021-1-2]. Available at: https://onlinelibrary.wiley.com/doi/10.1002/brb3.1745
RAPHAEL, Beverley, 2000. Disaster Mental Health Response Handbook. Sydney: NSW Health.
SAGARIN, Brad and Kevin MITNICK, 2012. The Path of Least Resistance. In: KENRICK, Douglas T., Noah J. GOLDSTEIN and Sanford L. BRAVER, ed. Six Degrees of Social Influence: Science, Application, and the Psychology of Robert Cialdini. Oxford: Oxford University Press, pp. 27-38.
SAMMONS, John and Michael CROSS, 2015. The Basics of Cyber Safety: Computer and Mobile Device Safety Made Easy. Cambridge: Syngress.
SCHWARZ, Andreas, Matthew W. SEEGER and Claudia AUER, 2016. The Handbook of International Crisis Communication Research. Chichester: Wiley-Blackwell.
STAJANO, Frank and Paul WILSON, 2011. Understanding Scam Victims: Seven Principles for Systems Security. Communications of the ACM [online]. 54(3), 70-75 [cit. 2021-1-6].
TALEVI‬, Dalila et al., 2020. Mental health outcomes of the CoViD-19 pandemic. Riv Psichiatr [online]. 55(3), 137-144 [cit. 2021-1-2]. Available at: https://www.rivistadipsichiatria.it/archivio/3382/articoli/33569/
VERMA, Rakesh et al., 2018. Phishing During and After Disaster: Hurricane Harvey. 2018 Resilience Week (RWS). 88-94.
WATSON, Gavin, Andrew MASON and Richard ACKROYD, 2014. Social Engineering Penetration Testing: Executing Social Engineering Pen Tests, Assessments and Defense. Oxford: Syngress.
WILLIAMS, Emma J. and Danielle POLAGE, 2019. How persuasive is phishing email? The role of authentic design, influence and current events in email judgements. Behaviour & Information Technology. 38(2), 184–197.
WREN, Kevin, 1999. Social Influences. London: Routledge.
WRIGHT, Ryan T. et al., 2014. Influence Techniques in Phishing Attacks: An Examination of Vulnerability and Resistance. Information Systems Research [online]. 25(2), 385–400 [cit. 2021-1-6].
YOUDE, Jeremy, 2013. The Rockefeller and Gates Foundations in Global Health Governance. Global Society. 27(2), 139-158.
YOUDE, Jeremy, 2018. Contemporary Global Health Governance Actors. Global Health Governance in International Society. Oxford: Oxford University Press.
ZARAKOL, Ayşe, 2017. States and ontological security. Cooperation and Conflict [online]. 52(1), 48-68 [cit. 2021-3-12]. Available at: https://www.jstor.org/stable/10.2307/48512930
ZIMMERMAN, Rae, 2013. Crisis communication. In: PENUEL, K. Bradley, Matt STATLER and Ryan HAGEN, ed. Encyclopedia of Crisis Management. Los Angeles: SAGE Publications, pp. 188-193.
Preliminary scope of work
Obecně platí, že události a okolnosti, které doprovázejí krize, jako jsou ztráta blízkých, materiální ztráty, dislokace nebo fyzická újma, mají celkově negativní dopad na duševní zdraví lidí. Právě tento narušený stav člověka ho činí zranitelným vůči manipulaci sociálních inženýrů, kteří to chtějí zneužít k svému vlastnímu obohacení. To byl také případ pandemie COVID-19, bezprecedentní krize v moderní historii, během níž rychle rostl počet phishingových a podvodných kampaní, jakmile byli lidé donuceni k tomu, aby zůstali v bezpečí doma a trávili většinu času online. Tato práce proto analyzuje psychologickou hru kyberzločinců na vzorku více než 200 e-mailů, aby zjistila, jak byla tato situace zneužívána a jaké ponaučení z ní plynou, aby se podobným případům do budoucna zabránilo. Její součásti jsou také teoretické a analytické rámce pro výzkumníky, kteří je mohou aplikovat také na jiné typy krizí. Výsledky přispívají do oblasti psychologie, počítačové kriminality i krizového řízení.
Preliminary scope of work in English
Events and circumstances that accompany crises such as losses of loved ones, losses of material resources, dislocation, or physical harm, have an overall negative impact on people’s mental health. It is this impaired state of man which makes him vulnerable to manipulation of social engineers who wants to take advantage of him in order to enrich themselves. This was also the case of the COVID-19 pandemic, the unprecedented crisis in modern history, during which phishing and fraud campaigns rapidly increased as people have been forced to stay safe at home and spent most of a day online. This work analyzes the psychological strategies of cybercriminals on a sample of more than 200 phishing e-mails in order to understand how the situation was abused and what can be learnt to prevent it in the future. It also provides theoretical and research frameworks for researchers who can apply it also on other types of crises. The results contribute to the fields of psychology, cybercrime as well as crisis management.
 
Charles University | Information system of Charles University | http://www.cuni.cz/UKEN-329.html