Phishing is a highly prevalent and effective form of cyber-attack where an adversary steals sensitive information by sending fraudulent emails that purport to be from a trustworthy source. Spear phishing, unlike general phishing, involves targeted and calculated intelligence collection and tailored baiting, making it more challenging to effectively prevent. In fact, training aimed at educating users about spear phishing has been rather ineffective. Promising methods include combining reporting, warning, and awareness tools, although the feasibility of such interventions heavily relies on an organisation’s culture and resources.
This Cybersecurity PhD project will focus on understanding and mitigating Business Email Compromise (BEC) spear phishing in organisations. While the majority of existing research focuses on identifying and preventing employees from clicking links or downloading attachments, this project will concentrate on an emerging and effective method of phishing which involves the collection of innocuous information from low-level employees with the view of launching a tailored attack on desirable people with special clearances (e.g. financial).
This PhD project aims to: (i) identify the most prevalent and effective techniques used for BEC spear phishing and intelligence gathering in organisations and (ii) develop tools and processes for supporting organisations and users in protecting against these threats.
Northumbria University has been recognised as an Academic Centre of Excellence in Cyber Security Research by the NCSC and EPSRC, and is home to one of the largest and most successful Human Computer Interaction groups in the world. The student will work with friendly colleagues across disciplines and will be based in the new state-of-the art £7m Computer and Information Sciences building in the Newcastle city centre.
Prospective candidates should have a background in computing, psychology, or related disciplines. Programming experience, or strong interest in learning to program, is highly desirable. Applicants will also ideally have an interest in usable security.
This project is supervised by Dr James Nicholson. The second supervisor will be Professor Lynne Coventry.
Please note eligibility requirement:
• Academic excellence of the proposed student i.e. 2:1 (or equivalent GPA from non-UK universities [preference for 1st class honours]); or a Masters (preference for Merit or above); or APEL evidence of substantial practitioner achievement.
• Appropriate IELTS score, if required.
• Applicants cannot apply for this funding if currently engaged in Doctoral study at Northumbria or elsewhere.
For further details of how to apply, entry requirements and the application form, see https://www.northumbria.ac.uk/research/postgraduate-research-degrees/how-to-apply/
Please note: Applications that do not include a research proposal of approximately 1,000 words (not a copy of the advert), or that do not include the advert reference (e.g. RDF20/EE/CIS/NICHOLSON) will not be considered.
Deadline for applications: Friday 24 January 2020
Start Date: 1 October 2020
Northumbria University takes pride in, and values, the quality and diversity of our staff. We welcome applications from all members of the community. The University holds an Athena SWAN Bronze award in recognition of our commitment to improving employment practices for the advancement of gender equality.
Nicholson, J., Coventry, L., & Briggs, P. (2017). Can we fight social engineering attacks by social means? Assessing social salience as a means to improve phish detection. In Symposium on Usable Privacy and Security (SOUPS).
Ferreira, A., Coventry, L., & Lenzini, G. (2015). Principles of persuasion in social engineering and their use in phishing. In International Conference on Human Aspects of Information Security, Privacy, and Trust (pp. 36-47). Springer, Cham.