Litcius/Paper detail

Phishing email strategies: Understanding cybercriminals' strategies of crafting phishing emails

Tatyana Stojnic, Dinusha Vatsalan, Nalin Asanka Gamagedara Arachchilage

2021Security and Privacy35 citationsDOI

Abstract

Abstract It is a known fact that cybercriminals often manipulate people to steal sensitive information. However, there has been a lack of research in investigating cybercriminals' strategies and the evolution of strategies when crafting phishing emails to entice people to perform a variety of malicious tasks such as clicking on fraudulent links. This study uses a combination of Natural Language Processing (NLP), topic modeling, and clustering techniques to analyze and evaluate the persuasive techniques/strategies, which cybercriminals use when crafting fraudulent emails. Our experimental results revealed the efficacy of using these techniques in understanding cybercriminals' mindset as well as how certain aspects of these techniques maintained consistency despite the evolution of the strategy from early Nigerian scams to more modern phishing emails. The findings of our study indicate that the most common technique/strategy used by cybercriminals is a combination of creating a sense of urgency while promising a reward. Moreover, despite the evolution of technology, cybercriminals are still effectively using the same persuasive techniques. Based on our findings, we provided several recommendations to improve anti‐phishing software and awareness and training programs.

Topics & Concepts

PhishingComputer scienceMindsetConsistency (knowledge bases)Internet privacyComputer securityWorld Wide WebThe InternetArtificial intelligenceSpam and Phishing DetectionCybercrime and Law Enforcement StudiesMisinformation and Its Impacts