Techniques for assisting users in making security decisions

• Online Access: http://hdl.handle.net/2047/D20253675

We are witnessing an arms race between attackers and security experts in todays Internet. Attackers hide their intentions and mimic legitimate behaviour to evade detection. Prominent attacks target end- users systems with a wide range of goals, such as monetary, financial, political, espionage, destructive. In this thesis, I examined two well-known instances of these attacks. One of these attacks is the widespread use of trick banners that use social engineering techniques to lure victims into clicking on deceptive fake links and potentially leading to a malicious domain or malware. Other examined approaches involve e-mail attacks, such as spearphishing and e-mail attachment attacks. By impersonating trusted e-mail senders through carefully crafted messages and spoofed metadata, adversaries can trick victims into launching attachments containing malicious code or into clicking on malicious links that grant attackers a foothold into otherwise well-protected networks. Unfortunately, current mitigations are unreliable and relying on fallible malware detection techniques or user education.