magistrsko delo
Alex Crgol (Author), Simon Vrhovec (Mentor)

Abstract

V sodobnih organizacijah se uporabniki na vseh ravneh pogosto zanašajo na digitalno komunikacijo, kot je elektronska pošta, da bi izpolnili svoje delovne naloge. Posledično je ribarjenje preko elektronske pošte postalo ena najpogostejših groženj informacijske varnosti. Da bi se lahko zaščitili pred to grožnjo, številne organizacije vlagajo velik delež svojih sredstev v varnost in usposabljanje uporabnikov. Toda izobraževanja na temo zlonamerne elektronske pošte niso enako uspešna. Za našo raziskavo smo med študenti UM FVV v študijskem letu 2021/2022 naredili eksperiment, v katerem smo izvedli kampanje ciljanega ribarjenje preko elektronske pošte. V sodelovanju s Fakulteto za varnostne vede in Študentskim svetom Fakultete za varnostne vede smo v prvi fazi raziskave polovici naključno izbranih študentov UM FVV poslali anketne vprašalnike, kjer so morali na dejanskih primerih prepoznati, ali gre za ribarjenja preko elektronske pošte ali ne. Študenti so bili v tej fazi razdeljeni v 4 naključne skupine; vsaka skupina je prejela 4 fotografije primerov elektronske pošte. S pomočjo statističnih testov nam je uspelo opaziti določene statistično značilne razlike med skupinami, vendar nam ni uspelo natančno določiti jasne ločnice med skupinami glede na njihovo težavnost. V drugi fazi in četrti fazi raziskave smo študentom UM FVV poslali prilagojena sporočila ribarjenja preko elektronske pošte in spremljali njihovo dovzetnost za tovrstne napade. Študenti so v določenem časovnem obdobju prejeli dve sporočili ribarjenja. Obe sporočili sta bili zastavljeni tako, da sta bili težavnostno enakovredni, čeprav smo opazili, da je bilo drugo sporočilo za študente bistveno težje od prvega. Glavni namen te študije je bil ugotoviti, ali obstaja povezava med rezultati ankete (njihovim znanjem) in rezultati testiranja ribarjenja preko elektronske pošte med študenti (njihovim odzivom). Tretja faza raziskave je vključevala izobraževanje, ki se je izvajalo med prvo in drugo kampanjo ribarjenja. Tukaj so bili vsi sodelujoči študenti razdeljeni v dve izobraževalni skupini ter v eno kontrolno skupino, ki ni bila deležna nobenega izobraževanja. Prva izobraževalna skupina je imela izobraževanje s slikovnim gradivom, druga izobraževalna skupina pa je imela izobraževanje s povezavo do interaktivnega kviza o ribarjenju preko elektronske pošte. Na podlagi vseh pridobljenih rezultatov smo ugotovili, da so bili študenti, ki so se izobraževali s slikovnim gradivom, deležni najslabših rezultatov, kar v praksi pomeni, da so se na ribarjenje preko elektronske pošte odzvali slabše kot pred izobraževanjem. Pri študentih, ki so se izobraževali s povezavo, pa nismo zaznali statistično značilnih povezav med izobraževanjem in dejanskim odzivom na ribarjenje, zato tukaj nismo mogli oceniti, ali je ta način izobraževanja bil učinkovit. Na splošno v sklopu raziskave nismo odkrili učinkovite metode izobraževanja za študente, ki bi pripomogla k izboljšanju prepoznave ribarjenja preko elektronske pošte.

Keywords

informacijska varnost;ribarjenje;magistrska dela;

Data

Language: Slovenian
Year of publishing:
Typology: 2.09 - Master's Thesis
Organization: UM FVV - Faculty of Criminal Justice
Publisher: [A. Crgol]
UDC: 004.056(043.2)
COBISS: 151425795 Link will open in a new window
Views: 34
Downloads: 5
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: Recognition of phishing emails among students
Secondary abstract: In modern organizations, users at all levels often rely on digital communication, such as email, to complete their work tasks. As a result, phishing emails have become one of the most common threats to information security. To protect against this threat, many organizations invest a large proportion of their resources in security and user training. However, education on the topic of malicious e-mail is not equally successful. For our research, we experimented with the students of the UM FVV in the academic year 2021/2022 in which we carried out targeted fishing campaigns via e-mail. In cooperation with the Faculty of Criminal Justice and Security and the Student Council of the Faculty of Criminal Justice and Security, in the first phase of the research, we sent questionnaires to half of the randomly selected students of UM FVV in which they had to identify, based on actual cases (photos), whether it was phishing or not. At this stage, the students were divided into 4 random groups and each group received 4 photos of email examples. With the help of statistical tests, we were able to observe certain statistically significant differences between the group, but we were not able to clearly define a clear dividing line between the groups according to their difficulty. In the second and fourth phases of the research, we sent customized phishing messages to FVV UM students via e-mail and monitored their susceptibility to such attacks. Students received two phishing messages in a certain period. Both messages were set to be of equal difficulty although we noticed that the second message was significantly more difficult for the students than the first. The main purpose of this study was to determine whether there is a connection between the results of the survey (their knowledge) and the results of the email phishing test among college students (their responses). The third phase of the research included education which was carried out during the first and second phishing campaigns. Here, all participating students were divided into two educational groups and one control group which did not receive any education. The first training group included education with photo material, and the second training group included education with a link to an interactive phishing quiz via e-mail. Based on all the obtained results, we found that the students who were educated with visual material received the worst results, which in practice means that they reacted worse to phishing via e-mail than before the education. In the case of students who were educated with a connection, we did not detect statistically significant connections between the education and the actual response to phishing. Therefore, we could not assess here whether this method of education was effective. In general, as part of the research, we did not discover an effective method of education for students that would help to improve the recognition of phishing via e-mail.
Secondary keywords: Phishing prevare;Elektronska pošta;Varstvo podatkov (računalništvo);Univerzitetna in visokošolska dela;
Type (COBISS): Master's thesis/paper
Thesis comment: Univ. v Mariboru, Fak. za varnostne vede, Ljubljana
Pages: X f., [66] str.
ID: 18852011
Recommended works:
, magistrsko delo
, diplomsko delo visokošolskega študijskega programa Informacijska varnost
, magistrsko delo