Phishing: An economic analysis of cybercrime perpetrators

Cybercrime, one of the most important security topics, will continue to emerge as a more critical security threat within the next years. Among the different attacks, phishing is of special interest because of its negative impact for the economy. In this paper, we develop a simulation study based on the work of Fultz and Grossklags. To extend their analysis of cybercrime by an economic view, we customized their model and used it as basis for our analysis. Based on the data from recent literature, our assessment gives insights into the perpetrator's behavior and allows us to quantify the effectiveness of countermeasures. Due to the fact that mainly risk-seeking persons are responsible for these attacks, countermeasures aiming at increasing the penalties are not very effective. We discovered that better control of dark markets to prevent the trading of stolen data has a much higher impact. In general, results of our simulation can be used to analyze the perpetrator's economic motives and to establish a basis for effective countermeasures. (C) 2016 Elsevier Ltd. All rights reserved.