“It may take ages”: Understanding Human-Centred Lateral Phishing Attack Detection in Organisations

Neeranjan Chitare*, Lynne Coventry, James Nicholson

*Corresponding author for this work

Research output: Contribution to conferencePaperpeer-review

27 Downloads (Pure)


Lateral phishing attacks can be devastating for users and organisational IT teams as these originate from legitimate, but compromised, email accounts that benefit from the implicit trust between sender and recipients. In this paper, we begin to explore the human-centred space of lateral phishing attacks through interviews with 5 security practitioners and 17 employees from the UK and India. We report how security practitioners predominantly rely on employees to alert them to compromised accounts, and how this can create a delay during which the attack can continue. Our interviews with employees, on the other hand, found that individuals may not be reliable; they struggled to detect slight changes to messages, and over-relied on markers that cannot identify lateral attacks. We discuss the symbiotic relationship between security practitioners and employees for combatting lateral phishing attacks within organisations, and present recommendations for improving resistance to these attacks.
Original languageEnglish
Number of pages25
Publication statusAccepted/In press - 15 Aug 2023
EventEuroUSEC 2023: The 2023 European Symposium on Usable Security - Copenhagen, Denmark
Duration: 16 Oct 202317 Oct 2023


ConferenceEuroUSEC 2023
Internet address

Cite this