MODELING EMAIL PHISHING ATTACKS
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Saudi Digital Library
Abstract
Cheating, beguiling, and misleading information exist all around us; understanding
deception and its consequences is crucial in our information environment. This study investigates
deception in phishing emails that successfully bypassed Microsoft 365 filtering system. We
devised a model that explains why some people are deceived and how targeted individuals and
organizations can prevent or counter attacks. The theoretical framework used in this study is
Anderson’s functional ontology construction (FOC). The methodology involves quantitative and
qualitative descriptive design, where the data source is the set of phishing emails archived from a
Tier 1 University. We looked for term frequency-inverse document frequency (Tf-idf) and the
distribution of words over documents (topic modeling) and found the subjects of phishing emails
that targeted educational organizations are related to finances, jobs, and technologies. Also, our
analysis shows the phishing emails in the dataset come under six categories; reward, urgency,
curiosity, fear, job, and entertainment. Results indicate that staff and students were primarily
targeted, and a list of the most used verbs for deception was compiled. We uncovered the stimuli
being used by scammers and types of reinforcements used to misinform the target to ensure
successful trapping via phishing emails. We identified how scammers pick their targets and how
they tailor and systematically orchestrate individual attack on targets. The limitations of this study
pertain to the sample size and the collection method. Future work will focus on implementing the
derived model into software that can perform deception identification, target alerting and
protection against advanced email phishing.