Persuasion and Phishing: Analysing the Interplay of Persuasion Tactics in Cyber Threats

• URL: http://arxiv.org/abs/2412.18485v1
• Date: Tue, 24 Dec 2024 15:17:44 GMT
• Title: Persuasion and Phishing: Analysing the Interplay of Persuasion Tactics in Cyber Threats
• Authors: Kalam Khadka,
• Abstract summary: This study extends the research of Ferreira and Teles to propose a unique list of persuasion principles in social engineering. It analyzed entire email contents to identify principles of human persuasion in phishing emails. This paper offers additional insights into phishing email tactics and suggests future solutions should leverage socio-technical principles.
• Score: 0.0
• License:
• Abstract: This study extends the research of Ferreira and Teles (2019), who synthesized works by Cialdini (2007), Gragg (2003), and Stajano and Wilson (2011) to propose a unique list of persuasion principles in social engineering. While Ferreira and Teles focused on email subject lines, this research analyzed entire email contents to identify principles of human persuasion in phishing emails. This study also examined the goals and targets of phishing emails, providing a novel contribution to the field. Applying these findings to the ontological model by Mouton et al. (2014) reveals that when social engineers use email for phishing, individuals are the primary targets. The goals are typically unauthorized access, followed by financial gain and service disruption, with Distraction as the most commonly used compliance principle. This research highlights the importance of understanding human persuasion in technology-mediated interactions to develop methods for detecting and preventing phishing emails before they reach users. Despite previous identification of luring elements in phishing emails, empirical findings have been inconsistent. For example, Akbar (2014) found 'authority' and 'scarcity' most common, while Ferreira et al. (2015) identified 'liking' and 'similarity.' In this study, 'Distraction' was most frequently used, followed by 'Deception,' 'Integrity,' and 'Authority.' This paper offers additional insights into phishing email tactics and suggests future solutions should leverage socio-technical principles. Future work will apply this methodology to other social engineering techniques beyond phishing emails, using the ontological model to further inform the research community.

Related papers

• A Survey on the Principles of Persuasion as a Social Engineering Strategy in Phishing [0.7999703756441756]
  The link between principles of persuasion and social engineering attacks is an important topic in cyber security. This survey paper systematically summarizes and presents the current state of the art in understanding the use of principles of persuasion in phishing.
  arXiv  Detail & Related papers  (2024-12-24T15:19:36Z)
• Quantifying Psychological Sophistication of Malicious Emails [4.787538460036984]
  Malicious emails are one significant class of cyber social engineering attacks. Ineffectiveness of current defenses can be attributed to our superficial understanding of the psychological properties that make these attacks successful. We propose an innovative framework that accommodates two important and complementary aspects of sophistication, dubbed Psychological Techniques, PTechs, and Psychological Tactics, PTacs.
  arXiv  Detail & Related papers  (2024-08-22T08:45:46Z)
• Evaluating the Efficacy of Large Language Models in Identifying Phishing Attempts [2.6012482282204004]
  Phishing, a prevalent cybercrime tactic for decades, remains a significant threat in today's digital world. This paper aims to analyze the effectiveness of 15 Large Language Models (LLMs) in detecting phishing attempts.
  arXiv  Detail & Related papers  (2024-04-23T19:55:18Z)
• SoK: Human-Centered Phishing Susceptibility [4.794822439017277]
  We propose a three-stage Phishing Susceptibility Model (PSM) for explaining how humans are involved in phishing detection and prevention. This model reveals several research gaps that need to be addressed to improve users' detection performance.
  arXiv  Detail & Related papers  (2022-02-16T07:26:53Z)
• Identification of Twitter Bots based on an Explainable ML Framework: the US 2020 Elections Case Study [72.61531092316092]
  This paper focuses on the design of a novel system for identifying Twitter bots based on labeled Twitter data. Supervised machine learning (ML) framework is adopted using an Extreme Gradient Boosting (XGBoost) algorithm. Our study also deploys Shapley Additive Explanations (SHAP) for explaining the ML model predictions.
  arXiv  Detail & Related papers  (2021-12-08T14:12:24Z)
• Deep convolutional forest: a dynamic deep ensemble approach for spam detection in text [219.15486286590016]
  This paper introduces a dynamic deep ensemble model for spam detection that adjusts its complexity and extracts features automatically. As a result, the model achieved high precision, recall, f1-score and accuracy of 98.38%.
  arXiv  Detail & Related papers  (2021-10-10T17:19:37Z)
• Falling for Phishing: An Empirical Investigation into People's Email Response Behaviors [10.841507821036458]
  Despite sophisticated phishing email detection systems, humans continue to be tricked by phishing emails. We have carried out an empirical study to investigate people's thought processes when reading their emails. We identify eleven factors that influence people's response decisions to both phishing and legitimate emails.
  arXiv  Detail & Related papers  (2021-08-10T16:19:01Z)
• Fragments of the Past: Curating Peer Support with Perpetrators of Domestic Violence [88.37416552778178]
  We report on a ten-month study where we worked with six support workers and eighteen perpetrators in the design and deployment of Fragments of the Past. We share how crafting digitally-augmented artefacts - 'fragments' - of experiences of desisting from violence can translate messages for motivation and rapport between peers. These insights provide the basis for practical considerations for future network design with challenging populations.
  arXiv  Detail & Related papers  (2021-07-09T22:57:43Z)
• Detecting Cross-Modal Inconsistency to Defend Against Neural Fake News [57.9843300852526]
  We introduce the more realistic and challenging task of defending against machine-generated news that also includes images and captions. To identify the possible weaknesses that adversaries can exploit, we create a NeuralNews dataset composed of 4 different types of generated articles. In addition to the valuable insights gleaned from our user study experiments, we provide a relatively effective approach based on detecting visual-semantic inconsistencies.
  arXiv  Detail & Related papers  (2020-09-16T14:13:15Z)
• Phishing and Spear Phishing: examples in Cyber Espionage and techniques to protect against them [91.3755431537592]
  Phishing attacks have become the most used technique in the online scams, initiating more than 91% of cyberattacks, from 2012 onwards. This study reviews how Phishing and Spear Phishing attacks are carried out by the phishers, through 5 steps which magnify the outcome.
  arXiv  Detail & Related papers  (2020-05-31T18:10:09Z)
• Learning with Weak Supervision for Email Intent Detection [56.71599262462638]
  We propose to leverage user actions as a source of weak supervision to detect intents in emails. We develop an end-to-end robust deep neural network model for email intent identification.
  arXiv  Detail & Related papers  (2020-05-26T23:41:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.