Cognitive Triaging of Phishing Attacks
This addresses phishing attack prioritization for anti-phishing teams in financial organizations, but it is incremental as it applies existing methods to a specific domain.
The paper tackled the problem of predicting phishing attack success by using cognitive vulnerability triggers in emails, and the result was an automated triaging mechanism that helps prioritize remediation efforts based on likely high response rates.
In this paper we employ quantitative measurements of cognitive vulnerability triggers in phishing emails to predict the degree of success of an attack. To achieve this we rely on the cognitive psychology literature and develop an automated and fully quantitative method based on machine learning and econometrics to construct a triaging mechanism built around the cognitive features of a phishing email; we showcase our approach relying on data from the anti-phishing division of a large financial organization in Europe. Our evaluation shows empirically that an effective triaging mechanism for phishing success can be put in place by response teams to effectively prioritize remediation efforts (e.g. domain takedowns), by first acting on those attacks that are more likely to collect high response rates from potential victims.