University of Birmingham Featured PhD Programmes
Heriot-Watt University Featured PhD Programmes
King’s College London Featured PhD Programmes
Anglia Ruskin University Featured PhD Programmes
University of Manchester Featured PhD Programmes

Understanding and Protecting Against Spear Phishing in Organisations (Advert Reference: RDF19/EE/CIS/NICHOLSON)

  • Full or part time
  • Application Deadline
    Friday, January 25, 2019
  • Funded PhD Project (Students Worldwide)
    Funded PhD Project (Students Worldwide)

Project Description

Phishing is a highly prevalent form of social engineering where an attacker steals sensitive information by sending fraudulent emails that purport to be from a trustworthy source. Over time, phishing attacks have become both socially and contextually smarter, with the result that phishing continues to be a growing problem for organisations and individuals. In the best-case scenario, phishing results in lost productivity due to users deliberating over the authenticity of the email, but in the worst-case scenario individuals and businesses can suffer serious security, financial and/or reputation loss due to stolen credentials or leaked information.
Spear phishing, unlike general phishing, involves calculated intelligence collection and tailored baiting, making it more challenging to effectively target and prevent. In fact, training aimed at educating users about spear phishing has been rather ineffective. Promising methods include combining reporting, warning, and awareness tools, although the feasibility of such interventions heavily rely on the organisation’s culture and resources.

This PhD project will focus predominantly on understanding and mitigating spear phishing in organisations. While the majority of academic work focuses on identifying and preventing employees from clicking links or downloading attachments, this project will concentrate on an emerging and effective method of phishing which involves the collection of seemingly innocuous information from employees with the view of building a body of knowledge on the organisation and launching a high-stakes attack.
This PhD project has two aims: (i) to identify the most prevalent and effective techniques used for spear phishing and intelligence gathering in organisations and (ii) to develop tools and processes for supporting organisations and users in protecting against these threats.

Prospective candidates should have programming experience and ideally an interest in understanding the human aspects of security.
The principal supervisor for this project is James Nicholson.

Eligibility and How to Apply:

Please note eligibility requirement:

• Academic excellence of the proposed student i.e. 2:1 (or equivalent GPA from non-UK universities [preference for 1st class honours]); or a Masters (preference for Merit or above); or APEL evidence of substantial practitioner achievement.
• Appropriate IELTS score, if required.
• Applicants cannot apply for this funding if currently engaged in Doctoral study at Northumbria or elsewhere.

For further details of how to apply, entry requirements and the application form, see

Please note: Applications that do not include a research proposal of approximately 1,000 words (not a copy of the advert), or that do not include the advert reference (e.g. RDF19/EE/CIS/NICHOLSON) will not be considered.

Deadline for applications: Friday 25 January 2019
Start Date: 1 October 2019

Northumbria University is an equal opportunities provider and in welcoming applications for studentships from all sectors of the community we strongly encourage applications from women and under-represented groups.

Funding Notes

The studentship is available to Students Worldwide, and covers full fees and a full stipend, paid for three years at RCUK rates (for 2018/19, this is £14,777 pa).


Nicholson, J., Coventry, L., & Briggs, P. (2017). Can we fight social engineering attacks by social means? Assessing social salience as a means to improve phish detection. In Symposium on Usable Privacy and Security (SOUPS).

Email Now

Insert previous message below for editing? 
You haven’t included a message. Providing a specific message means universities will take your enquiry more seriously and helps them provide the information you need.
Why not add a message here
* required field
Send a copy to me for my own records.

Your enquiry has been emailed successfully

FindAPhD. Copyright 2005-2019
All rights reserved.