End-to-end mapping of a spear-phishing attack on Higher Education Institution in EU

Spear-phishing is a growing threat to the education sector. This analysis maps a specific attacker and demonstrate a likelihood 15% to be attacked by this attacker. The analysis uses open source intelligence tools to reveal a continued pattern where the actor is reusing infrastructure and procedure against several HEI in Europe. For a spear-phising attack to become successful, it has to be able to lure the enduser. This study includes a user vulnerability assessment on the specific spear-phishing attacks used in two comparable studies consisting of 36,851 respondents from two educational institutions. The studies show that without prior training, the concrete spear-phishing attack will lure 20 to 49% of all users. To investigate the high risk of this attack to endusers an eye-tracking study was conducted. The study shows that respondents generally spend more time viewing phishing indicator than one expect by chance, but there seems to be no correlation between viewing indicators and lured to action. Endusers seems to rate the trustworthiness of mails by an overall reading. As a consequence endusers are easily lured by the attacker because of the trustworthiness of the specific spear-phishing mail.