An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited

Tanusree Sharma, Masooda Bashir

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Humans continue to be considered as the weakest link in securing systems. While there are a variety of sophisticated system attacks, phishing emails continues to be successful in gaining users attention and leading to disastrous security consequences. In designing strategies to protect users from fraudulent phishing emails, system designers need to know which attack approaches and type of content seems to exploit human limitations and vulnerabilities. In this study, we are focusing on the attackers’ footprints (emails) and examining the phishing email content and characteristics utilizing publicly available phishing attack repository databases. We analyzed several variables to gain a better understanding of the techniques and language used in these emails to capture users’ attention. Our findings reveal that the words primarily used in these emails are targeting users’ emotional tendencies and triggers to apply their attacks. In addition, attackers employ user-targeted words and subjects that exploits certain emotional triggers such as fear and anticipation. We believe our human centered study and findings is a critical step forward towards improving detection and training programs to decrease phishing attacks and to promote the inclusion of human factors in securing systems.

Original languageEnglish (US)
Title of host publicationAdvances in Human Factors in Cybersecurity - AHFE 2020 Virtual Conference on Human Factors in Cybersecurity
EditorsIsabella Corradini, Enrico Nardelli, Tareq Ahram
Number of pages7
ISBN (Print)9783030525804
StatePublished - 2020
EventAHFE Virtual Conference on Human Factors in Cybersecurity, 2020 - San Diego, United States
Duration: Jul 16 2020Jul 20 2020

Publication series

NameAdvances in Intelligent Systems and Computing
Volume1219 AISC
ISSN (Print)2194-5357
ISSN (Electronic)2194-5365


ConferenceAHFE Virtual Conference on Human Factors in Cybersecurity, 2020
Country/TerritoryUnited States
CitySan Diego


  • Cybersecurity
  • Emotion
  • Human factors
  • Phishing email
  • Psychology

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Computer Science(all)


Dive into the research topics of 'An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited'. Together they form a unique fingerprint.

Cite this