Authors: Kennedy Njenga, Dinko Magaoga
Email plays an important role in the corporate environment and is fast becoming the de facto mode of communication in today’s world of business. There are special mailing systems that manage vast amounts of routing and rerouting of employees’ emails. Of information security concern to these systems is that email recipients are targets of sophisticated spear-phishing attacks which has led to organizational disruptions and resultant privacy breaches. In this work, we propose a framework that envisages using a big database and applying the use of honey tokens to mitigate against spear-phishing threats. The proposed framework is presented and explained in the form of two suggested experiments that describe the creation and implementation of honey tokens. A way of eliciting and analyzing the payload of honey token from aggregated data is suggested. The work concludes by discussing the technical, social and legal implication honey token implementation may have on the broader organizational information security strategy and roadmap.
Keywords: Email; Mailing lists; Information Security; Honey tokens, Spear Phishing