On identifying phishing emails: Uncertainty in machine and human judgment

A phishing email is an email in which the sender is engaged in social engineering for the purpose of eliciting private data from the recipient. It is estimated that the loss due to phishing in 2012 was over $1.5 billion. The recommended defense against phishing attacks is to educate a user how not to fall for them. Such campaigns are not the most effective solution, and software systems has been created to identify phishing emails. By and large, these systems are crisp. In this paper, we will report on human perception in identifying phishing emails and apply the fuzzy analysis to the experiment results in order to show that a fuzzy system is much more appropriate for dealing with identification of such emails. We will also demonstrate the system's acceptability to a human user.