Catch me if you can: Can we predict who will fall for phishing emails?

User-profiling is an interesting approach to countering phishing. In fact, the idea that user training might be implemented via tailored software somewhat resembles an approach to anti-malware that Jeff Debrosse and I discussed at Virus Bulletin a few years ago. Malice Through the Looking Glass: Behaviour Analysis for the Next Decade.

When we talk about behaviour analysis in this sector of the industry we’re usually referring to examination of the way that a program behaves in order to assess how likely it is to be malicious. The idea we put forward was that another (supplementary) approach would be to analyse the behaviour of the PC user and use that analysis to flag risky behaviour and attempt some sort of remediation. We didn’t consider implementation details – Virus Bulletin doesn’t like you to go over 6,000 words! – but one approach in a corporate product would be to alert not only the user, but the system administrator, who might recommend training for instance. In a training tool, risky behaviour might be addressed by switching the subject to a different, more intensive module, for instance. I’d think that would be compatible with the future research envisaged by the authors of the paper.