Author(s)

BETTINA ISER, ROMAN BRANDTWEINER

Abstract

Phishing still represents a main security threat in the digital world. Attackers primarily by means of email try to gain access to user’s sensitive personal credentials. By using these credentials, attackers cause disasters on the individual level by inflicting, for example, severe economic losses or reputational damage due to identity theft. Awareness is one important factor to increase resilience. This paper based on recent literature first gives a general overview on social engineering as mean for phishing and then evaluates how awareness as preventive measure is considered effective in the selected literature. Information on phishing is one measure to raise awareness, others are trainings and phishing test campaigns to evaluate risk exposure and increase awareness. With regards on information sharing a case study, focusing on portals and homepages of selected Austrian financial institutions was conducted. In this case, study we emphasis on content and eventual differences in the presentation of information concerning prevention and mitigation.

Keywords

disaster prevention and mitigation, social engineering, phishing, risk awareness, security management