Elmer Lastdrager

Elmer Lastdrager is a PhD student at the Services, Cyber Security and Safety group at the University of Twente. He is currently working in the field of cybercrime science, focussing on the prevention of phishing attacks. Elmer Lastdrager received a Bachelor of Science in Computer Science (2009) and a Master of Science in Computer Security (2011) from the University of Twente. While finishing his PhD thesis, he works as a freelance information security consultant.

Contact Information

Phone: +31 85 303 42 49

Email: elmer (mail) lastdrager.com

PGP key: Download

PGP fingerprint: 479A 9A14 EF96 B639 492C   415D 9068 4E16 542D BBBE

Project: Social-Technical Research on Phishing (STROP)

Phishing is used by offenders to obtain credentials from unsuspecting users. Fake websites, fake emails and even phone-calls are used as a modus operandi. With these credentials, money is stolen, or services are used and billed to the victim’s account. Even though the share of malware attacks is rising, phishing attacks remain a commonly used method of fraud.

The aim of the project is to identify characteristics of victims of phishing attacks and characteristics of offenders, evaluate anti-phishing measures, and propose new methods of reducing the victimisation by offenders using the phishing modus operandi. Whereas currently most research uses either a technical approach (e.g. implement a new protocol) or a social approach (how likely are people to become a victim), this project intends to develop a combined socio-technical approach. This approach includes establishing a theoretical framework and putting phishing in the context of this framework.


Lastdrager, E.E.H. and Carvajal Gallardo, I. and Hartel, P.H. and Junger, M. (2017) How Effective is Anti-Phishing Training for Children?. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), 12-14 July 2017, Santa Clara, California, USA. USENIX Association. ** Distinguished paper award **

Lastdrager, E.E.H. and Hartel, P.H. and Junger, M. (2015) Apate: Anti-Phishing Analysing and Triaging Environment (Poster). In: 36th IEEE Symposium on Security and Privacy, 18-21 May 2015, San Jose, California, USA. IEEE Computer Society.

Lastdrager, E.E.H. (2014) Achieving a Consensual Definition of Phishing Based on a Systematic Review of the Literature. Crime Science, 3. 9:1-9:16. DOI 10.1186/s40163-014-0009-y. ISSN 2193-7680

Lastdrager, E.E.H. and Montoya Morales, A.L. and Hartel, P.H. and Junger, M. (2013) Applying the Lost-Letter Technique to Assess IT Risk Behaviour. In: Proceedings of the 3rd Workshop on Socio-Technical Aspects in Security and Trust, 29 Jun 2013, New Orleans, USA. pp. 2-9. IEEE Computer Society. DOI 10.1186/s40163-014-0009-y. ISBN 978-0-7695-5065-7

Lastdrager, E.E.H. (2011) Securing Patient Information in Medical Databases. Master’s thesis, University of Twente.

Lastdrager, E.E.H. and Pras, A. (2009) Consistency of Network Traffic Repositories: An Overview. In: Proceedings of the Third International Conference on Autonomous Infrastructure, Management and Security (AIMS 2009), 30 Jun - 02 Jul 2009, Enschede, The Netherlands. pp. 173-178. Lecture Notes in Computer Science 5637. Springer Verlag. ISSN 0302-9743 ISBN 978-3-642-02626-3

Lastdrager, E.E.H. and Pras, A. (2009) Consistency analysis of network traffic repositories. In: The Internet of the Future, 15th Open European Summer School and IFIP TC6.6 Workshop, EUNICE 2009, 7-9 Sep 2009, Barcelona, Spain. pp. 217-226. Lecture Notes in Computer Science 5733. Springer Verlag. ISSN 0302-9743 ISBN 978-3-642-03699-6