Targeted Attacks 2017 (TA’17)

A workshop held in conjunction with Financial Crypto and Data Security 2017
April 7, 2017
The Palace Hotel

Program Chair                      Markus Jakobsson


09:00 – 09:05  Welcome – Markus Jakobsson
09:05 – 10:00  Invited Talk: Social Engineering the Social Engineer – John Wilson
10:00 – 10:30  X-Platform Phishing Abusing Trust for Targeted Attacks – Hossein Siadati, Toan Nguyen and Nasir Memon
10:30 – 11:00  Break
11:00 – 11:30  What to Phish in a Subject? – Ana Ferreira and Rui Chilro
11:30 – 12:00  Unpacking Spear Phishing Susceptibility – Zinaida Benenson, Freya Gassmann and Robert Landwirth


A targeted attack is one in which contextual information about the intended victim is used to configure the attack; for example, a spear phishing attack is targeted, while a typical spam blast is not. Targeting is performed in order to maximize yield and minimize detection. Being able to assess the yield of attacks enables efforts to predict likely growth of these attacks, as soaring profits fuel more attacks. Similarly, it is important to understand how targeted attacks avoid detection in order to improve detection methods.

It is commonly believed that targeted attacks are enabled by data from account compromises, breaches, and public resources, but the risk associated with various types of data is poorly understood. It is also important to better understand new methods or communication media used for targeted attacks, and how attackers tailor targeted attacks to the media and to their goals – whether this is to distribute malware, obtain data, or coerce a user to perform an action.

The goal of the workshop is to bring together security researchers, practitioners and policy-makers to identify upcoming threats and discuss countermeasures.