Coventry University Featured PhD Programmes
Norwich Research Park Featured PhD Programmes
Norwich Research Park Featured PhD Programmes
University of Kent Featured PhD Programmes
European Molecular Biology Laboratory (Heidelberg) Featured PhD Programmes

Understanding and Protecting Against Spear Phishing in Organisations (Advert Reference: RDF19/EE/CIS/NICHOLSON)

This project is no longer listed on and may not be available.

Click here to search for PhD studentship opportunities
  • Full or part time
    Dr J Nicholson
  • Application Deadline
    No more applications being accepted
  • Funded PhD Project (Students Worldwide)
    Funded PhD Project (Students Worldwide)

Project Description

Phishing is a highly prevalent form of social engineering where an attacker steals sensitive information by sending fraudulent emails that purport to be from a trustworthy source. Over time, phishing attacks have become both socially and contextually smarter, with the result that phishing continues to be a growing problem for organisations and individuals. In the best-case scenario, phishing results in lost productivity due to users deliberating over the authenticity of the email, but in the worst-case scenario individuals and businesses can suffer serious security, financial and/or reputation loss due to stolen credentials or leaked information.
Spear phishing, unlike general phishing, involves calculated intelligence collection and tailored baiting, making it more challenging to effectively target and prevent. In fact, training aimed at educating users about spear phishing has been rather ineffective. Promising methods include combining reporting, warning, and awareness tools, although the feasibility of such interventions heavily rely on the organisation’s culture and resources.

This PhD project will focus predominantly on understanding and mitigating spear phishing in organisations. While the majority of academic work focuses on identifying and preventing employees from clicking links or downloading attachments, this project will concentrate on an emerging and effective method of phishing which involves the collection of seemingly innocuous information from employees with the view of building a body of knowledge on the organisation and launching a high-stakes attack.
This PhD project has two aims: (i) to identify the most prevalent and effective techniques used for spear phishing and intelligence gathering in organisations and (ii) to develop tools and processes for supporting organisations and users in protecting against these threats.

Prospective candidates should have programming experience and ideally an interest in understanding the human aspects of security.
The principal supervisor for this project is James Nicholson.

Eligibility and How to Apply:

Please note eligibility requirement:

• Academic excellence of the proposed student i.e. 2:1 (or equivalent GPA from non-UK universities [preference for 1st class honours]); or a Masters (preference for Merit or above); or APEL evidence of substantial practitioner achievement.
• Appropriate IELTS score, if required.
• Applicants cannot apply for this funding if currently engaged in Doctoral study at Northumbria or elsewhere.

For further details of how to apply, entry requirements and the application form, see

Please note: Applications that do not include a research proposal of approximately 1,000 words (not a copy of the advert), or that do not include the advert reference (e.g. RDF19/EE/CIS/NICHOLSON) will not be considered.

Deadline for applications: Friday 25 January 2019
Start Date: 1 October 2019

Northumbria University is an equal opportunities provider and in welcoming applications for studentships from all sectors of the community we strongly encourage applications from women and under-represented groups.

Funding Notes

The studentship is available to Students Worldwide, and covers full fees and a full stipend, paid for three years at RCUK rates (for 2018/19, this is £14,777 pa).


Nicholson, J., Coventry, L., & Briggs, P. (2017). Can we fight social engineering attacks by social means? Assessing social salience as a means to improve phish detection. In Symposium on Usable Privacy and Security (SOUPS).

FindAPhD. Copyright 2005-2019
All rights reserved.