Perceptual representation of spam and phishing emails

Patel, Pooja; Sarno, Dawn M.; Lewis, Joanna; Shoss, Mindy K.; Neider, Mark; Bohil, Corey J.

doi:10.1002/acp.3594

Cited by 12 publications

(6 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The experiment was programmed and run in SR Research Ltd’s Experiment Builder. Stimuli were real emails, obtained from either the researcher’s inboxes/junk folders or web searches, and have been validated in previous studies (Sarno et al, 2020, Sarno et al, 2017; Patel et al, 2019; Williams et al, 2019). Participants had unlimited time to view the 100 emails.…”

Section: Methodsmentioning

confidence: 99%

So Many Phish, So Little Time: Exploring Email Task Factors and Phishing Susceptibility

Sarno

Neider

2021

Hum Factors

Self Cite

View full text Add to dashboard Cite

Objective The present studies examine how task factors (e.g., email load, phishing prevalence) influence email performance. Background Phishing emails are a paramount cybersecurity threat for the modern email user. Research attempting to understand how users are susceptible to phishing attacks has been limited and has not fully explored how task factors (e.g., prevalence, email load) influence accurate detection. Method In three experiments, participants classified emails as either legitimate or not legitimate and reported on a variety of other categorizations. The first two experiments examined how email load and phishing prevalence influence phishing detection independently. The third experiment examined the interaction of these two factors to determine whether they have compounding effects. All three experiments utilized individual difference variables to examine how cognitive, behavioral, and personality factors may influence classifications. Results Experiment 1 suggests that high email load can make the task appear more challenging. Experiment 2 indicates that low phishing prevalence can decrease sensitivity for phishing emails. Experiment 3 demonstrates that high levels of email load can decrease classification accuracy under 50/50 prevalence rates. Notably, performance was poor across all experiments, with phishing detection near chance levels and low discriminability for emails. Participants demonstrated poor metacognition with over confidence, low self-reported difficulty, and low perceived threat for the emails. Conclusion Overall, the present studies suggest that high email load and low phishing prevalence can influence email classifications. Application Organizations and researchers should consider the influences of both email load and phishing prevalence when implementing phishing interventions.

show abstract

Section: Methodsmentioning

confidence: 99%

So Many Phish, So Little Time: Exploring Email Task Factors and Phishing Susceptibility

Sarno

Neider

2021

Hum Factors

Self Cite

View full text Add to dashboard Cite

show abstract

“…In the second part, we analyze publications studying the training materials themselves (e.g., how the documents should be structured or whether more graphics should be used than text). [50,96], trust symbols [111,120,129], spelling [130], links [130], content consistency [130], personalization [130], visual appearance [95,119,130], urgency [130], social presence [87] Spelling errors [84], link destination [127] Topic Shipping [50], order [50], received fax [50], complaint [50], banks [136], government institutions [136] Other gain [55], other loss [55], individual gain [55], individual loss [55] Link URL Categories 5, 6 [128], same protocol [79], contains secure or similar terms [128] Categories 1, 2, 7 [128] Design Clone of original [79,124] -Survey a. Form of the training: Based on their results, Kumaraguru et al [82] suggest that users learn more effectively when the training materials are presented after the users have fallen victim to a simulated attack.…”

Section: Introductionmentioning

confidence: 99%

Don’t click: towards an effective anti-phishing training. A comparative literature review

Jampen

Gür

Sutter

et al. 2020

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

The security threat posed by email-based phishing campaigns targeted at employees is a well-known problem experienced by many organizations. Attacks are reported each year, and a reduction in the number of such attacks is unlikely to occur in the near future (see Fig. 1). A common type of phishing attack involves an attacker attempting to trick victims into clicking on links sent via email. Such links redirect victims to websites that are carefully designed to mimic those of legitimate organizations with the goal of convincing users to provide their personal information and credentials. Attackers then use the phished data to execute their schemes further. Phishing attacks may be used to obtain access to an organization's internal servers and steal company secrets or to steal victims' personal information, such as credit card details [1]. In this publication, we focus on email-based phishing attacks, as this is currently the most commonly used channel and poses a significant threat to both individuals and companies globally

show abstract

“…Phishing is related to spam and refers to deceptive computer-based ways to trick individuals into reacting to the e-mail and disclosing sensitive information. Spam messages are delivered through compromised e-mail systems using an alternate e-mail address [84].…”

Section: Spam and Phishingmentioning

confidence: 99%

Survey on Deep Learning Approaches for Detection of Email Security Threat

Saeed,

Aghbari

2023

CMC

View full text Add to dashboard Cite

Emailing is among the cheapest and most easily accessible platforms, and covers every idea of the present century like banking, personal login database, academic information, invitation, marketing, advertisement, social engineering, model creation on cyber-based technologies, etc. The uncontrolled development and easy access to the internet are the reasons for the increased insecurity in email communication. Therefore, this review paper aims to investigate deep learning approaches for detecting the threats associated with e-mail security. This study compiles the literature related to the deep learning methodologies, which are applicable for providing safety in the field of cyber security of email in different organizations. Relevant data were extracted from different research depositories. The paper discusses various solutions for handling these threats. Different challenges and issues are also investigated for e-mail security threats including social engineering, malware, spam, and phishing in the existing solutions to identify the core current problem and set the road for future studies. The review analysis showed that communication media is the common platform for attackers to conduct fraudulent activities via spoofed e-mails and fake websites and this research has combined the merit and demerits of the deep learning approaches adaption in email security threat by the usage of models and technologies. The study highlighted the contrasts of deep learning approaches in detecting email security threats. This review study has set criteria to include studies that deal with at least one of the six machine models in cyber security.

show abstract

Perceptual representation of spam and phishing emails

Cited by 12 publications

References 20 publications

So Many Phish, So Little Time: Exploring Email Task Factors and Phishing Susceptibility

So Many Phish, So Little Time: Exploring Email Task Factors and Phishing Susceptibility

Don’t click: towards an effective anti-phishing training. A comparative literature review

Survey on Deep Learning Approaches for Detection of Email Security Threat

Contact Info

Product

Resources

About