Falling for Phishing: An Empirical Investigation into People's Email Response Behaviors

• URL: http://arxiv.org/abs/2108.04766v2
• Date: Thu, 7 Oct 2021 01:38:14 GMT
• Title: Falling for Phishing: An Empirical Investigation into People's Email Response Behaviors
• Authors: Asangi Jayatilaka and Nalin Asanka Gamagedara Arachchilage and Muhammad Ali Babar
• Abstract summary: Despite sophisticated phishing email detection systems, humans continue to be tricked by phishing emails. We have carried out an empirical study to investigate people's thought processes when reading their emails. We identify eleven factors that influence people's response decisions to both phishing and legitimate emails.
• Score: 10.841507821036458
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Despite sophisticated phishing email detection systems, and training and awareness programs, humans continue to be tricked by phishing emails. In an attempt to better understand why phishing email attacks still work and how best to mitigate them, we have carried out an empirical study to investigate people's thought processes when reading their emails. We used a scenario-based role-play "think aloud" method and follow-up interviews to collect data from 19 participants. The experiment was conducted using a simulated web email client, and real phishing and legitimate emails adapted to the given scenario. The analysis of the collected data has enabled us to identify eleven factors that influence people's response decisions to both phishing and legitimate emails. Furthermore, based on the user study findings, we discuss novel insights into flaws in the general email decision-making behaviors that could make people susceptible to phishing attacks.

Related papers

• Eyes on the Phish(er): Towards Understanding Users' Email Processing Pattern and Mental Models in Phishing Detection [0.4543820534430522]
  This study examines how workload affects susceptibility to phishing. We use eye-tracking technology to observe participants' reading patterns and interactions with phishing emails. Our results provide concrete evidence that attention to the email sender can reduce phishing susceptibility.
  arXiv  Detail & Related papers  (2024-09-12T02:57:49Z)
• Nudging Users to Change Breached Passwords Using the Protection Motivation Theory [58.87688846800743]
  We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords. Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
  arXiv  Detail & Related papers  (2024-05-24T07:51:15Z)
• Evaluating the Efficacy of Large Language Models in Identifying Phishing Attempts [2.6012482282204004]
  Phishing, a prevalent cybercrime tactic for decades, remains a significant threat in today's digital world. This paper aims to analyze the effectiveness of 15 Large Language Models (LLMs) in detecting phishing attempts.
  arXiv  Detail & Related papers  (2024-04-23T19:55:18Z)
• ChatSpamDetector: Leveraging Large Language Models for Effective Phishing Email Detection [2.3999111269325266]
  This study introduces ChatSpamDetector, a system that uses large language models (LLMs) to detect phishing emails. By converting email data into a prompt suitable for LLM analysis, the system provides a highly accurate determination of whether an email is phishing or not. We conducted an evaluation using a comprehensive phishing email dataset and compared our system to several LLMs and baseline systems.
  arXiv  Detail & Related papers  (2024-02-28T06:28:15Z)
• Prompted Contextual Vectors for Spear-Phishing Detection [45.07804966535239]
  Spear-phishing attacks present a significant security challenge. We propose a detection approach based on a novel document vectorization method. Our method achieves a 91% F1 score in identifying LLM-generated spear-phishing emails.
  arXiv  Detail & Related papers  (2024-02-13T09:12:55Z)
• Why People Still Fall for Phishing Emails: An Empirical Investigation into How Users Make Email Response Decisions [6.875312133832078]
  How users make email response decisions is a missing piece in the puzzle to identifying why people still fall for phishing emails. We conduct an empirical study using a think-aloud method to investigate how people make'response decisions' while reading emails. We develop a theoretical model that explains how people could be driven to respond to emails based on the identified elements of users' email decision-making processes.
  arXiv  Detail & Related papers  (2024-01-24T03:00:49Z)
• Email Summarization to Assist Users in Phishing Identification [1.433758865948252]
  Cyber-phishing attacks are more precise, targeted, and tailored by training data to activate only in the presence of specific information or cues. This work leverages transformer-based machine learning to analyze prospective psychological triggers. We then amalgamate this information and present it to the user to allow them to (i) easily decide whether the email is "phishy" and (ii) self-learn advanced malicious patterns.
  arXiv  Detail & Related papers  (2022-03-24T23:03:46Z)
• Deep convolutional forest: a dynamic deep ensemble approach for spam detection in text [219.15486286590016]
  This paper introduces a dynamic deep ensemble model for spam detection that adjusts its complexity and extracts features automatically. As a result, the model achieved high precision, recall, f1-score and accuracy of 98.38%.
  arXiv  Detail & Related papers  (2021-10-10T17:19:37Z)
• Robust and Verifiable Information Embedding Attacks to Deep Neural Networks via Error-Correcting Codes [81.85509264573948]
  In the era of deep learning, a user often leverages a third-party machine learning tool to train a deep neural network (DNN) classifier. In an information embedding attack, an attacker is the provider of a malicious third-party machine learning tool. In this work, we aim to design information embedding attacks that are verifiable and robust against popular post-processing methods.
  arXiv  Detail & Related papers  (2020-10-26T17:42:42Z)
• Phishing and Spear Phishing: examples in Cyber Espionage and techniques to protect against them [91.3755431537592]
  Phishing attacks have become the most used technique in the online scams, initiating more than 91% of cyberattacks, from 2012 onwards. This study reviews how Phishing and Spear Phishing attacks are carried out by the phishers, through 5 steps which magnify the outcome.
  arXiv  Detail & Related papers  (2020-05-31T18:10:09Z)
• Learning with Weak Supervision for Email Intent Detection [56.71599262462638]
  We propose to leverage user actions as a source of weak supervision to detect intents in emails. We develop an end-to-end robust deep neural network model for email intent identification.
  arXiv  Detail & Related papers  (2020-05-26T23:41:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.