Analysing Persuasion Principles in Phishing Emails

2014 
As the barrier to abuse system vulnerabilities has been raised significantly with time, attacking users’ psyche has rapidly become a more efficient and effective alternative. The usage of email as an electronic means of communication has been exploited by phishers to deliver their attacks. The success of a phishing attack through distributed emails is determined by the response from the unsuspecting victims. Although persuasion can be used as a tool for a good reason, it can also be used for a malicious reason by phishers to get a positive response from an intended victim in phishing emails. To protect users from phishing attacks on the email level, system designers and security professionals need to understand how phishers use persuasion techniques in phishing emails. In this thesis, we present an analysis of persuasion techniques in phishing emails. Our research is aimed at understanding the characteristics of phishing emails, by considering persuasion techniques in the real world analysis. We have conducted a quantitative analysis on our dataset that consists of reported phishing emails between August 2013 and December 2013. The findings are mainly observed from three different viewpoints: general structural properties; persuasion principles characteristics; and their relationships. We have found that financial institutions are the most common target with high number of occurrences in our dataset. Three important findings of our research are that: (1) authority is the most popular persuasion technique regardless of the target and the reason used; (2) depending on the target types and the reason types, the next most popular persuasion principles are scarcity, consistency, and likeability; and (3) scarcity principle has a high involvement with administrator target type and account-related concerns.
    • Correction
    • Source
    • Cite
    • Save
    • Machine Reading By IdeaReader
    20
    References
    15
    Citations
    NaN
    KQI
    []