TY - GEN
T1 - An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited
AU - Sharma, Tanusree
AU - Bashir, Masooda
N1 - Publisher Copyright:
© 2020, The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2020
Y1 - 2020
N2 - Humans continue to be considered as the weakest link in securing systems. While there are a variety of sophisticated system attacks, phishing emails continues to be successful in gaining users attention and leading to disastrous security consequences. In designing strategies to protect users from fraudulent phishing emails, system designers need to know which attack approaches and type of content seems to exploit human limitations and vulnerabilities. In this study, we are focusing on the attackers’ footprints (emails) and examining the phishing email content and characteristics utilizing publicly available phishing attack repository databases. We analyzed several variables to gain a better understanding of the techniques and language used in these emails to capture users’ attention. Our findings reveal that the words primarily used in these emails are targeting users’ emotional tendencies and triggers to apply their attacks. In addition, attackers employ user-targeted words and subjects that exploits certain emotional triggers such as fear and anticipation. We believe our human centered study and findings is a critical step forward towards improving detection and training programs to decrease phishing attacks and to promote the inclusion of human factors in securing systems.
AB - Humans continue to be considered as the weakest link in securing systems. While there are a variety of sophisticated system attacks, phishing emails continues to be successful in gaining users attention and leading to disastrous security consequences. In designing strategies to protect users from fraudulent phishing emails, system designers need to know which attack approaches and type of content seems to exploit human limitations and vulnerabilities. In this study, we are focusing on the attackers’ footprints (emails) and examining the phishing email content and characteristics utilizing publicly available phishing attack repository databases. We analyzed several variables to gain a better understanding of the techniques and language used in these emails to capture users’ attention. Our findings reveal that the words primarily used in these emails are targeting users’ emotional tendencies and triggers to apply their attacks. In addition, attackers employ user-targeted words and subjects that exploits certain emotional triggers such as fear and anticipation. We believe our human centered study and findings is a critical step forward towards improving detection and training programs to decrease phishing attacks and to promote the inclusion of human factors in securing systems.
UR - http://www.scopus.com/inward/record.url?scp=85088526327&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85088526327&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-52581-1_7
DO - 10.1007/978-3-030-52581-1_7
M3 - Conference contribution
AN - SCOPUS:85088526327
SN - 9783030525804
T3 - Advances in Intelligent Systems and Computing
SP - 49
EP - 55
BT - Advances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity
A2 - Corradini, Isabella
A2 - Nardelli, Enrico
A2 - Ahram, Tareq
PB - Springer
T2 - AHFE Virtual Conference on Human Factors in Cybersecurity, 2020
Y2 - 16 July 2020 through 20 July 2020
ER -