Prevention and mitigation measures against phishing emails: a sequential schema model

Abstract

Phishing emails have permeated our digital communication, taking advantage of vulnerabilities that the information technology system poses to users. Given the potential for further cybersecurity incidents, theft of personally identifiable information, and damage to organizations’ assets, cybersecurity professionals have implemented various mitigation practices to combat phishing emails. This paper categorizes current mitigation practices in relation to a sequential schema adopted from the situational crime prevention approach, so as to enable a more organized and strategic assessment of human and environmental vulnerabilities. Our model could be useful for cybersecurity professionals to further advance mitigation measures as an incident progresses and for criminologists and other academic researchers to reduce the severity of subsequent criminal incidents.