A framework to evaluate the phishing exposure in a corporate environment

Rugeiro, Paulo Alexandre Souza

A framework to evaluate the phishing exposure in a corporate environment

Bibliographic Details
Main Author:	Rugeiro, Paulo Alexandre Souza
Publication Date:	2023
Format:	Master thesis
Language:	eng
Source:	Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Download full:	http://hdl.handle.net/10451/62836
Summary:	Trabalho de Projeto de Mestrado, Segurança Informática, 2024, Universidade de Lisboa, Faculdade de Ciências

Item metadata

id	RCAP_8c14e21dec4b1415acf76fe15d940aa3
oai_identifier_str	oai:repositorio.ulisboa.pt:10451/62836
network_acronym_str	RCAP
network_name_str	Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str	https://opendoar.ac.uk/repository/7160
spelling	A framework to evaluate the phishing exposure in a corporate environmentPhishingSpear-phishingSmishingEngenharia socialPrinciples of Persuasion in Social EngineeringTeses de mestrado - 2024Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaTrabalho de Projeto de Mestrado, Segurança Informática, 2024, Universidade de Lisboa, Faculdade de CiênciasOver the years phishing has evolved and while the most classic approach consists of creating a single email and sending it to as many people as possible hoping that someone will be tricked into carrying out the operation that the attacker intends, the more targeted approach (spear-phishing), consists of previously studying the environment and possible victims in order to personalise attacks for each one of the victims. In addition to this more targeted technique, attackers have also used new approaches such as smishing - text messages. Every human is vulnerable to these attacks since we are all born with “human vulnerabilities” because they are associated with something that we all have: brain, thought, subconscious. Attackers use Principles of Persuasion in Social Engineering to make victims act in an emotional and instinctive way being tricked into carrying out an unwanted operation. During this study, a framework was proposed consisting of six open-source elements/tools that allowed campaigns to be planned, designed and carried out. Additionally, the possibility of integrating a tool that allows sending text messages (Twilio) to the proposed framework was studied, thus adding the functionality of carrying out smishing campaign simulations and at the same time taking advantage of all the other features that the framework already has. To this end, the base programming code of the tool chosen for creating the campaigns (Gophish) was modified to allow the insertion of new data, the victims’ mobile phone number, as well as a script created in the Python programming language that collects the information of victims of the Gophish tool, constructs and sends the text message, all via the APIs of both mentioned tools. It should be noted that this integration was merely experimental and no simulation was carried out in the client’s business environment.Calha, Mário João BarataRepositório da Universidade de LisboaRugeiro, Paulo Alexandre Souza2024-02-22T15:37:01Z202420232024-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10451/62836enginfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-03-17T15:11:57Zoai:repositorio.ulisboa.pt:10451/62836Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-29T03:36:27.300221Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv	A framework to evaluate the phishing exposure in a corporate environment
title	A framework to evaluate the phishing exposure in a corporate environment
spellingShingle	A framework to evaluate the phishing exposure in a corporate environment Rugeiro, Paulo Alexandre Souza Phishing Spear-phishing Smishing Engenharia social Principles of Persuasion in Social Engineering Teses de mestrado - 2024 Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
title_short	A framework to evaluate the phishing exposure in a corporate environment
title_full	A framework to evaluate the phishing exposure in a corporate environment
title_fullStr	A framework to evaluate the phishing exposure in a corporate environment
title_full_unstemmed	A framework to evaluate the phishing exposure in a corporate environment
title_sort	A framework to evaluate the phishing exposure in a corporate environment
author	Rugeiro, Paulo Alexandre Souza
author_facet	Rugeiro, Paulo Alexandre Souza
author_role	author
dc.contributor.none.fl_str_mv	Calha, Mário João Barata Repositório da Universidade de Lisboa
dc.contributor.author.fl_str_mv	Rugeiro, Paulo Alexandre Souza
dc.subject.por.fl_str_mv	Phishing Spear-phishing Smishing Engenharia social Principles of Persuasion in Social Engineering Teses de mestrado - 2024 Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
topic	Phishing Spear-phishing Smishing Engenharia social Principles of Persuasion in Social Engineering Teses de mestrado - 2024 Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
description	Trabalho de Projeto de Mestrado, Segurança Informática, 2024, Universidade de Lisboa, Faculdade de Ciências
publishDate	2023
dc.date.none.fl_str_mv	2023 2024-02-22T15:37:01Z 2024 2024-01-01T00:00:00Z
dc.type.status.fl_str_mv	info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv	info:eu-repo/semantics/masterThesis
format	masterThesis
status_str	publishedVersion
dc.identifier.uri.fl_str_mv	http://hdl.handle.net/10451/62836
url	http://hdl.handle.net/10451/62836
dc.language.iso.fl_str_mv	eng
language	eng
dc.rights.driver.fl_str_mv	info:eu-repo/semantics/openAccess
eu_rights_str_mv	openAccess
dc.format.none.fl_str_mv	application/pdf
dc.source.none.fl_str_mv	reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia instacron:RCAAP
instname_str	FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str	RCAAP
institution	RCAAP
reponame_str	Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection	Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv	Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv	info@rcaap.pt
_version_	1833601761865105408

A framework to evaluate the phishing exposure in a corporate environment

Similar Items