An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited

Tanusree Sharma; Masooda Bashir

doi:10.1007/978-3-030-52581-1_7

An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Humans continue to be considered as the weakest link in securing systems. While there are a variety of sophisticated system attacks, phishing emails continues to be successful in gaining users attention and leading to disastrous security consequences. In designing strategies to protect users from fraudulent phishing emails, system designers need to know which attack approaches and type of content seems to exploit human limitations and vulnerabilities. In this study, we are focusing on the attackers’ footprints (emails) and examining the phishing email content and characteristics utilizing publicly available phishing attack repository databases. We analyzed several variables to gain a better understanding of the techniques and language used in these emails to capture users’ attention. Our findings reveal that the words primarily used in these emails are targeting users’ emotional tendencies and triggers to apply their attacks. In addition, attackers employ user-targeted words and subjects that exploits certain emotional triggers such as fear and anticipation. We believe our human centered study and findings is a critical step forward towards improving detection and training programs to decrease phishing attacks and to promote the inclusion of human factors in securing systems.

Original language	English (US)
Title of host publication	Advances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity
Editors	Isabella Corradini, Enrico Nardelli, Tareq Ahram
Publisher	Springer
Pages	49-55
Number of pages	7
ISBN (Print)	9783030525804
DOIs	https://doi.org/10.1007/978-3-030-52581-1_7
State	Published - 2020
Event	AHFE Virtual Conference on Human Factors in Cybersecurity, 2020 - San Diego, United States Duration: Jul 16 2020 → Jul 20 2020

Publication series

Name	Advances in Intelligent Systems and Computing
Volume	1219 AISC
ISSN (Print)	2194-5357
ISSN (Electronic)	2194-5365

Conference

Conference	AHFE Virtual Conference on Human Factors in Cybersecurity, 2020
Country/Territory	United States
City	San Diego
Period	7/16/20 → 7/20/20

Keywords

Cybersecurity
Emotion
Human factors
Phishing email
Psychology

ASJC Scopus subject areas

Control and Systems Engineering
General Computer Science

Online availability

10.1007/978-3-030-52581-1_7

Library availability

Discover UIUC Full Text

Cite this

Sharma, T., & Bashir, M. (2020). An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited. In I. Corradini, E. Nardelli, & T. Ahram (Eds.), Advances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity (pp. 49-55). (Advances in Intelligent Systems and Computing; Vol. 1219 AISC). Springer. https://doi.org/10.1007/978-3-030-52581-1_7

An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited. / Sharma, Tanusree; Bashir, Masooda.
Advances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity. ed. / Isabella Corradini; Enrico Nardelli; Tareq Ahram. Springer, 2020. p. 49-55 (Advances in Intelligent Systems and Computing; Vol. 1219 AISC).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sharma, T & Bashir, M 2020, An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited. in I Corradini, E Nardelli & T Ahram (eds), Advances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity. Advances in Intelligent Systems and Computing, vol. 1219 AISC, Springer, pp. 49-55, AHFE Virtual Conference on Human Factors in Cybersecurity, 2020, San Diego, United States, 7/16/20. https://doi.org/10.1007/978-3-030-52581-1_7

@inproceedings{2110cf405348457d803b748dfadaf08a,

title = "An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited",

abstract = "Humans continue to be considered as the weakest link in securing systems. While there are a variety of sophisticated system attacks, phishing emails continues to be successful in gaining users attention and leading to disastrous security consequences. In designing strategies to protect users from fraudulent phishing emails, system designers need to know which attack approaches and type of content seems to exploit human limitations and vulnerabilities. In this study, we are focusing on the attackers{\textquoteright} footprints (emails) and examining the phishing email content and characteristics utilizing publicly available phishing attack repository databases. We analyzed several variables to gain a better understanding of the techniques and language used in these emails to capture users{\textquoteright} attention. Our findings reveal that the words primarily used in these emails are targeting users{\textquoteright} emotional tendencies and triggers to apply their attacks. In addition, attackers employ user-targeted words and subjects that exploits certain emotional triggers such as fear and anticipation. We believe our human centered study and findings is a critical step forward towards improving detection and training programs to decrease phishing attacks and to promote the inclusion of human factors in securing systems.",

keywords = "Cybersecurity, Emotion, Human factors, Phishing email, Psychology",

author = "Tanusree Sharma and Masooda Bashir",

note = "Publisher Copyright: {\textcopyright} 2020, The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG.; AHFE Virtual Conference on Human Factors in Cybersecurity, 2020 ; Conference date: 16-07-2020 Through 20-07-2020",

year = "2020",

doi = "10.1007/978-3-030-52581-1_7",

language = "English (US)",

isbn = "9783030525804",

series = "Advances in Intelligent Systems and Computing",

publisher = "Springer",

pages = "49--55",

editor = "Isabella Corradini and Enrico Nardelli and Tareq Ahram",

booktitle = "Advances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity",

address = "Germany",

}

TY - GEN

T1 - An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited

AU - Sharma, Tanusree

AU - Bashir, Masooda

PY - 2020

Y1 - 2020

N2 - Humans continue to be considered as the weakest link in securing systems. While there are a variety of sophisticated system attacks, phishing emails continues to be successful in gaining users attention and leading to disastrous security consequences. In designing strategies to protect users from fraudulent phishing emails, system designers need to know which attack approaches and type of content seems to exploit human limitations and vulnerabilities. In this study, we are focusing on the attackers’ footprints (emails) and examining the phishing email content and characteristics utilizing publicly available phishing attack repository databases. We analyzed several variables to gain a better understanding of the techniques and language used in these emails to capture users’ attention. Our findings reveal that the words primarily used in these emails are targeting users’ emotional tendencies and triggers to apply their attacks. In addition, attackers employ user-targeted words and subjects that exploits certain emotional triggers such as fear and anticipation. We believe our human centered study and findings is a critical step forward towards improving detection and training programs to decrease phishing attacks and to promote the inclusion of human factors in securing systems.

AB - Humans continue to be considered as the weakest link in securing systems. While there are a variety of sophisticated system attacks, phishing emails continues to be successful in gaining users attention and leading to disastrous security consequences. In designing strategies to protect users from fraudulent phishing emails, system designers need to know which attack approaches and type of content seems to exploit human limitations and vulnerabilities. In this study, we are focusing on the attackers’ footprints (emails) and examining the phishing email content and characteristics utilizing publicly available phishing attack repository databases. We analyzed several variables to gain a better understanding of the techniques and language used in these emails to capture users’ attention. Our findings reveal that the words primarily used in these emails are targeting users’ emotional tendencies and triggers to apply their attacks. In addition, attackers employ user-targeted words and subjects that exploits certain emotional triggers such as fear and anticipation. We believe our human centered study and findings is a critical step forward towards improving detection and training programs to decrease phishing attacks and to promote the inclusion of human factors in securing systems.

KW - Cybersecurity

KW - Emotion

KW - Human factors

KW - Phishing email

KW - Psychology

UR - http://www.scopus.com/inward/record.url?scp=85088526327&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85088526327&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-52581-1_7

DO - 10.1007/978-3-030-52581-1_7

M3 - Conference contribution

AN - SCOPUS:85088526327

SN - 9783030525804

T3 - Advances in Intelligent Systems and Computing

SP - 49

EP - 55

BT - Advances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity

A2 - Corradini, Isabella

A2 - Nardelli, Enrico

A2 - Ahram, Tareq

PB - Springer

T2 - AHFE Virtual Conference on Human Factors in Cybersecurity, 2020

Y2 - 16 July 2020 through 20 July 2020

ER -

An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this