For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
81
views
0
references
 Top references
cited by
0
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
1 collections
    2
    shares
      54
      similar
       All similar

      UK Computing Summit 2025: Navigating change (surviving and beyond) - 29-30 April @ Sheffield Hallam University - Register here.

      scite_
      0
      0
      0
      0
      Smart Citations
      0
      0
      0
      0
      Citing PublicationsSupportingMentioningContrasting
      View Citations

      See how this article has been cited at scite.ai

      scite shows how a scientific paper has been cited by providing the context of the citation, a classification describing whether it supports, mentions, or contrasts the cited claim, and a label indicating in which section the citation was made.

       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Understanding Security Practitioners’ Experiences of Investigating Compromised Email Accounts

      Published
      proceedings-article
      Author(s): , ,
      Publication date (Print):
      Conference name: 37th International BCS Human-Computer Interaction Conference (BCS HCI 24)
      Conference theme: The International BCS Human-Computer Interaction Conference in 2024 was supported by the BCS Interactions Special Interest Group and hosted by the University of Central Lancashire in Preston. The BCS HCI Conference welcomed submissions on all aspects of human-computer interaction. Topics included: user experience (UX), usability testing, interaction design (IxD), human-centred AI (HCAI), education, health, sustainability, the Internet of Things (IoT), interaction technologies, and emerging interactive applications.
      Conference date: 15–17 July 2024
      Keywords: Cybersecurity Practitioners, Account Compromise, Incident Response
      Bookmark

            Abstract

            Content

            Author and article information

            Contributors
            Neeranjan Chitare
            Lynne Coventry
            James Nicholson
            Conference
            Publication date: July 2024
            Publication date (Print): July 2024
            Pages: 136-145
            Affiliations
            [0001]Northumbria University

            Newcastle upon Tyne, UK
            [0002]Abertay University

            Dundee, UK
            Article
            DOI: 10.14236/ewic/BCSHCI2024.13
            SO-VID: 566969de-52ed-405b-a581-15e06c369dc3
            Copyright © © Chitare et al. Published by BCS Learning and Development Ltd. Proceedings of BCS HCI 2024, UK
            License:

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Conference name: 37th International BCS Human-Computer Interaction Conference
            Conference acronym: BCS HCI 24
            Conference number: 37
            Conference location: University of Central Lancashire (UCLan)
            Conference date: 15–17 July 2024
            Conference sponsor: Electronic Workshops in Computing (eWiC)
            Conference theme: The International BCS Human-Computer Interaction Conference in 2024 was supported by the BCS Interactions Special Interest Group and hosted by the University of Central Lancashire in Preston. The BCS HCI Conference welcomed submissions on all aspects of human-computer interaction. Topics included: user experience (UX), usability testing, interaction design (IxD), human-centred AI (HCAI), education, health, sustainability, the Internet of Things (IoT), interaction technologies, and emerging interactive applications.
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/BCSHCI2024.13
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Series title: Electronic Workshops in Computing

            ScienceOpen disciplines: Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            Keywords: Incident Response,Cybersecurity Practitioners,Account Compromise

            REFERENCES

            1. AlabdanR. (2020). Phishing attacks survey: Types, vectors, and technical approaches. In Future Internet (Vol. 12, Issue 10, pp. 1–39). MDPI AG. https://doi.org/10.3390/fi12100168

            2. AldawoodH., & SkinnerG. (2020). Analysis and Findings of Social Engineering Industry Experts Explorative Interviews: Perspectives on Measures, Tools, and Solutions. Ieee Access. https://doi.org/10.1109/access.2020.2983280

            3. AlothmanB., AlhajrafA., AlajmiR., Al FarrajR., AlshareefN., & KhanM. (2022). Developing a Cyber Incident Exercises Model to Educate Security Teams. Electronics 2022, Vol. 11, Page 1575, 11(10), 1575. https://doi.org/10.3390/ELECTRONICS11101575

            4. Aslan, Ç. B., SağlamR. B., & LiS. (2018). Automatic Detection of Cyber Security Related Accounts on Online Social Networks. Proceedings of the 9th International Conference on Social Media and Society, 236–240. https://doi.org/10.1145/3217804.3217919

            5. BallreichF. L., VolkamerM., MüllmannD., BerensB. M., HäußlerE.M., & RenaudK.V. (2023). Encouraging Organisational Information Security Incident Reporting. Proceedings of the 2023 European Symposium on Usable Security, 224–236. https://doi.org/10.1145/3617072.3617098

            6. BastosL. S., EconomouT., da GomesM.F., M. VillelaD. A., CoelhoF. C., CruzO. G., StonerO., BaileyT., & CodeçoC.T. (2019). A Modelling Approach for Correcting Reporting Delays in Disease Surveillance Data. Statistics in Medicine. https://doi.org/10.1002/sim.8303

            7. Bayl-SmithP., TaibR., YuK., & WigginsM. (2022). Response to a phishing attack: persuasion and protection motivation in an organizational context. Information & Computer Security, 30(1), 63–78. https://doi.org/10.1108/ICS-02-2021-0021

            8. BianG., ZhangR., & ShaoB. (2022). Identity-Based Privacy Preserving Remote Data Integrity Checking With a Designated Verifier. IEEE Access, 10, 40556–40570. https://doi.org/10.1109/ACCESS.2022.3166920

            9. BraunV., & ClarkeV. (2012). Thematic analysis. In APA handbook of research methods in psychology, Vol 2: Research designs: Quantitative, qualitative, neuropsychological, and biological. American Psychological Association. https://doi.org/10.1037/13620-004

            10. ByrneD. (2022). A worked example of Braun and Clarke’s approach to reflexive thematic analysis. Quality & Quantity, 56(3), 1391–1412. https://doi.org/10.1007/s11135-021-01182-y

            11. CanhamM., PoseyC., StricklandD., & ConstantinoM. (2021). Phishing for Long Tails: Examining Organizational Repeat Clickers and Protective Stewards. SAGE Open, 11(1), 215824402199065. https://doi.org/10.1177/2158244021990656

            12. ChitareN., CoventryL., & NicholsonJ. (2023). “It may take ages”: Understanding Human-Centred Lateral Phishing Attack Detection in Organisations. Proceedings of the 2023 European Symposium on Usable Security, 344–355. https://doi.org/10.1145/3617072.3617116

            13. Cyber security breaches survey. (2024, April 9). Department for Science, Innovation & Technology, UK. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cybersecurity-breaches-survey-2024#summary

            14. EftimieS., MoinescuR., & RacuciuC. (2022). Spear-Phishing Susceptibility Stemming From Personality Traits. IEEE Access, 10, 73548–73561. https://doi.org/10.1109/ACCESS.2022.3190009

            15. El AassalA., BakiS., DasA., & VermaR.M. (2020). An In-Depth Benchmarking and Evaluation of Phishing Detection Research for Security Needs. IEEE Access, 8, 22170–22192. https://doi.org/10.1109/ACCESS.2020.2969780

            16. Fabio Natalucci, Mahvash QureshiS., & Felix Suntheim. (2024, April 9). Rising Cyber Threats Pose Serious Concerns for Financial Stability. IMF. https://www.imf.org/en/Blogs/Articles/2024/04/ 09/rising-cyber-threats-pose-seriousconcerns-for-financial-stability

            17. FinamoreA., SahaS., Modelo-HowardG., LeeS. J., BocchiE., GrimaudoL., MelliaM., & BaralisE. (2015). Macroscopic view of malware in home networks. 2015 12th Annual IEEE Consumer Communications and Networking Conference, CCNC 2015, 262–266. https://doi.org/10.1109/CCNC.2015.7157987

            18. Gamagedara ArachchilageN.A., LoveS., & BeznosovK. (2016). Phishing Threat Avoidance Behaviour: An Empirical Investigation. Computers in Human Behavior. https://doi.org/10.1016/j.chb.2016.02.065

            19. IBM Report. (2024, February 21). Cybercriminals Intensify Attacks on User Identities in the UK, Complicating Recovery Efforts for Enterprises. https://uk.newsroom.ibm.com/IBM-Report-Cybercriminals-Intensify-Attacks-on-User-Identities-in-the-UK-Complicating-Recovery-Efforts-for-Enterprises

            20. KellerF. B., SchochD., StierS., & YangJ.H. (2020). Political Astroturfing on Twitter: How to Coordinate a Disinformation Campaign. Political Communication, 37(2), 256–280. https://doi.org/10.1080/10584609.2019.1661888

            21. KwakY., LeeS., DamianoA., & VishwanathA. (2020). Why do users not report spear phishing emails? Telematics and Informatics, 48, 101343. https://doi.org/10.1016/j.tele.2020.101343

            22. LampropoulosG., & SiakasK. (2023). Enhancing and securing cyber-physical systems and Industry 4.0 through digital twins: A critical review. Journal of Software: Evolution and Process, 35(7), e2494. https://doi.org/10.1002/SMR.2494

            23. LiL., HeW., XuL., AshI., AnwarM., & YuanX. (2019). Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management, 45, 13–24. https://doi.org/10.1016/j.ijinfomgt.2018.10.017

            24. NicholsonJ., CoventryL., & BriggsP. (2017). Introducing the Cybersurvival Task: Assessing and Addressing Staff Beliefs about Effective Cyber Protection. USENIX Symposium on Usable Privacy and Security (SOUPS). https://www.usenix.org/conference/soups2018/presentation/nicholson

            25. PattersonC. M., NurseJ. R. C., & FranqueiraV.N.L. (2023). Learning from cyber security incidents: A systematic review and future research agenda. Computers & Security, 132, 103309. https://doi.org/10.1016/j.cose.2023.103309

            26. PattersonC. M., NurseJ. R., & FranqueiraV.N. (2024). ‘I don’t think we’re there yet’: The practices and challenges of organisational learning from cyber security incidents This document version Additional information Versions of research works ‘I don’t think we’re there yet’: The practices and challenges of organisational learning from cyber security incidents Keywords: Cyber security incidents Organisational learning Post-incident review Cyber resilience Learning practices Lessons learned Neo-institutional theory Isomorphic pressures. Computers & Security, 139, 103699. https://doi.org/10.1016/j.cose.2023.103699

            27. RajivanP., & GonzalezC. (2018). Creative persuasion: A study on adversarial behaviors and strategies in phishing attacks. Frontiers in Psychology, 9(FEB), 323697. https://doi.org/10.3389/FPSYG.2018.00135/BIBTEX

            28. RantosK., SpyrosA., PapanikolaouA., KritsasA., IlioudisC., & KatosV. (2020). Interoperability Challenges in the Cybersecurity Information Sharing Ecosystem. Computers 2020, Vol. 9, Page 18, 9(1), 18. https://doi.org/10.3390/COMPUTERS9010018

            29. RuanX., WuZ., WangH., & JajodiaS. (2016). Profiling Online Social Behaviors for Compromised Account Detection. IEEE Transactions on Information Forensics and Security, 11(1), 176–187. https://doi.org/10.1109/TIFS.2015.2482465

            30. SakhawatA. R., FatimaA., AbbasS., AhmadM., & KhanM.A. (2024). Emerging Technologies for Enhancing Robust Cybersecurity Measures for Business Intelligence in Healthcare 5.0. In https://services.igiglobal.com/resolvedoi/resolve.aspx?doi=10.4018/979-8-3693-0839-4.ch012 (pp. 270–293). IGI Global. https://doi.org/10.4018/979-8-3693-0839-4.ch012

            31. Saud Al-MusibN., Mohammad Al-SerhaniF., HumayunM., & JhanjhiN.Z. (2023). Business email compromise (BEC) attacks. Materials Today: Proceedings, 81, 497–503. https://doi.org/10.1016/j.matpr.2021.03.647

            32. ShahS., ShahB., AminA., Al-ObeidatF., ChowF., MoreiraF. J. L., & AnwarS. (2019). Compromised user credentials detection in a digital enterprise using behavioral analytics. Future Generation Computer Systems, 93, 407–417. https://doi.org/10.1016/J.FUTURE.2018.09.064

            33. StojnicT., VatsalanD., & ArachchilageN.A.G. (2021). Phishing email strategies: Understanding cybercriminals’ strategies of crafting phishing emails. https://doi.org/10.1002/spy2.165

            34. ZhuE., ChenY., YeC., LiX., & FengL. (2019). OFS-NN: An Effective Phishing Websites Detection Model Based on Optimal Feature Selection and Neural Network. Ieee Access. https://doi.org/10.1109/access.2019.2920655

            Comments

            Comment on this article