Premium
Phishing email strategies: Understanding cybercriminals' strategies of crafting phishing emails
Author(s) -
Stojnic Tatyana,
Vatsalan Dinusha,
Arachchilage Nalin A. G.
Publication year - 2021
Publication title -
security and privacy
Language(s) - English
Resource type - Journals
ISSN - 2475-6725
DOI - 10.1002/spy2.165
Subject(s) - phishing , computer science , mindset , consistency (knowledge bases) , internet privacy , computer security , world wide web , the internet , artificial intelligence
It is a known fact that cybercriminals often manipulate people to steal sensitive information. However, there has been a lack of research in investigating cybercriminals' strategies and the evolution of strategies when crafting phishing emails to entice people to perform a variety of malicious tasks such as clicking on fraudulent links. This study uses a combination of Natural Language Processing (NLP), topic modeling, and clustering techniques to analyze and evaluate the persuasive techniques/strategies, which cybercriminals use when crafting fraudulent emails. Our experimental results revealed the efficacy of using these techniques in understanding cybercriminals' mindset as well as how certain aspects of these techniques maintained consistency despite the evolution of the strategy from early Nigerian scams to more modern phishing emails. The findings of our study indicate that the most common technique/strategy used by cybercriminals is a combination of creating a sense of urgency while promising a reward. Moreover, despite the evolution of technology, cybercriminals are still effectively using the same persuasive techniques. Based on our findings, we provided several recommendations to improve anti‐phishing software and awareness and training programs.