Phishing in Large Organizations


Daniele Lain (ETH)
Kari Kostiainen (ETH)
Prof. Srdjan Capkun (ETH)

Industry partner

Die Post


Phishing emails are deceptive messages made for data stealing and malware propagation. In this type of attack, miscreants pose as legitimate organizations (e.g., banks and financial institutions, delivery companies, shopping websites), and send emails crafted to look like the impersonated organization’s. These emails try to solicit a sense of urgency by prompting users to act swiftly, such as changing compromised passwords. Links in these emails lead to deceptive websites that often include login pages to try and trick the user into submitting their credentials. Other means for the attack can be opening malicious attachments or drive-by downloads of malware.

Phishing is a real threat to corporations: employees falling for phishing and revealing corporate credentials can be the first step for further attacks and data breaches. Phishing leads to significant economic losses: estimates put the yearly cost of phishing attacks in the order of millions of dollars for companies that fall victim. For this reason, it is of paramount importance to understand the most effective ways to protect users from phishing attacks.

In this project, in partnership with the Swiss Post, we aim to understand phishing in large organizations from the point of view of employees and IT departments. On employees, our measurements are improving how phishing training is delivered and understood, and we are developing novel user interfaces to help people spot potential attacks. On IT departments and defenders, we are analyzing novel countermeasures to deploy in organizations for early detection of phishing attacks.