Phishing emails have permeated our digital communication, taking advantage of vulnerabilities that the information technology system poses to users. Given the potential for further cybersecurity incidents, theft of personally identifiable information, and damage to organizations’ assets, cybersecurity professionals have implemented various mitigation practices to combat phishing emails. This paper categorizes current mitigation practices in relation to a sequential schema adopted from the situational crime prevention approach, so as to enable a more organized and strategic assessment of human and environmental vulnerabilities. Our model could be useful for cybersecurity professionals to further advance mitigation measures as an incident progresses and for criminologists and other academic researchers to reduce the severity of subsequent criminal incidents.

网络钓鱼电子邮件已经渗透到我们的数字通信中，利用信息技术系统给用户带来的漏洞。鉴于可能发生进一步的网络安全事件、个人身份信息被盗以及组织资产受损，网络安全专业人员已经实施了各种缓解措施来打击网络钓鱼电子邮件。本文根据情景犯罪预防方法中采用的顺序模式对当前的缓解措施进行了分类，以便能够对人类和环境脆弱性进行更有组织和战略性的评估。