Abstract
Phishing attacks are common social engineering cyber attacks in which threat actors masquerade as reputable entities to mislead recipients into performing specific actions, such as revealing financial information, system login credentials, or installing malware. Grasping the phishing attack process is crucial to prevent and counteract this type of scam. Although useful, current conceptual models describing phishing attacks do not provide an unambiguous characterization to support human understanding, communication, and computational tasks. They are informal drawings, diagrams, data models, or schemata of application-focused RDF/OWL ontologies. Instead, we approach the problem by leveraging the Unified Foundational Ontology (UFO) and OntoUML modeling language to propose a Phishing Attack Process Ontology (PAPO), making ontological commitments explicit. We show that this ontological model supports risk identification, according to ISO 31000, and satisfies important quality requirements, including domain adequacy, transparency, logical and ontological coherence, generality, as well as the FAIR principles. By providing ontological foundations for the investigation and fight against phishing attacks, PAPO paves the way for rigorous representation of corresponding real-world scenarios and enhanced applications, such as systems interoperability, data modeling, knowledge-based systems, discrete event simulations, design of phishing detection systems, and evaluation of security mechanisms’ effectiveness.