This research aims to describe and analyze phishing emails. The problem of phishing, types of message content of phishing emails, and the basic techniques of phishing email attacks are explained by way of introduction. The study also includes a review of the relevant literature on Web of Science and analyzes articles that deal with the threat of phishing attacks and defense against them. Data collected within a time interval of two months from two email accounts of one of the authors of the study was used for the analysis of 200 email messages. Data has been resented in tabular form, to allow further statistical processing using functions such as sum, average and frequency analysis. The core part of the study involved the classification and segmentation of emails according to the main goals of the sent message. The text analytical software Tovek, was used for the analysis, Contribution of the manuscript is in the understanding of phishing emails and extending the knowledge base in education and training in phishing email defense. The discussion compares the results of this research with those of the studies mentioned in the "Introduction" and "Literature review" sections. Furthermore, the emerging problems and limitations of the use of text analytical software are described, and finally the issue is devoted to problems with obtaining personal data from recipients' emails. The "Conclusion" section summarizes the contributions of this research.
Citation: Ladislav Burita, Petr Matoulek, Kamil Halouzka, Pavel Kozak. Analysis of phishing emails[J]. AIMS Electronics and Electrical Engineering, 2021, 5(1): 93-116. doi: 10.3934/electreng.2021006
This research aims to describe and analyze phishing emails. The problem of phishing, types of message content of phishing emails, and the basic techniques of phishing email attacks are explained by way of introduction. The study also includes a review of the relevant literature on Web of Science and analyzes articles that deal with the threat of phishing attacks and defense against them. Data collected within a time interval of two months from two email accounts of one of the authors of the study was used for the analysis of 200 email messages. Data has been resented in tabular form, to allow further statistical processing using functions such as sum, average and frequency analysis. The core part of the study involved the classification and segmentation of emails according to the main goals of the sent message. The text analytical software Tovek, was used for the analysis, Contribution of the manuscript is in the understanding of phishing emails and extending the knowledge base in education and training in phishing email defense. The discussion compares the results of this research with those of the studies mentioned in the "Introduction" and "Literature review" sections. Furthermore, the emerging problems and limitations of the use of text analytical software are described, and finally the issue is devoted to problems with obtaining personal data from recipients' emails. The "Conclusion" section summarizes the contributions of this research.
[1] | Hong J (2012) The state of phishing attacks. Communications of the ACM 55: 74-81. |
[2] | Singer PW, Friedman A (2014) Cybersecurity: What Everyone Needs to Know. 1st Eds, Oxford University Press. |
[3] | Krombholz K, Hobel H, Huber M, et al. (2015) Advanced social engineering attacks. J Inf Secur Appl 22: 113-122. |
[4] | Ducklin P (2020) Phishingové triky aneb 10 nejběžnějších podvodů roku 2020 (Phishing tricks or the 10 most common scams of 2020). IT SYSTEMS. Available from: https://www.systemonline.cz/it-security/phishingove-triky.htm |
[5] | Becton L (2020) The Importance of Digital Literacy in K-12, Available from: https://www.educationcorner.com/importance-digital-literacy-k-12.html |
[6] | Parsons K, Butavicius M, Delfabbro P, et al. (2019) Predicting susceptibility to social influence in phishing emails. Int J Hum-Comput St 128: 17-26. doi: 10.1016/j.ijhcs.2019.02.007 |
[7] | Lin T, Capecci DE, Ellis DM, et al. (2019) Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and Email Content. ACM T Comput-Hum Int 26: 1-28. |
[8] | Adewumi OA, Akinyelu AA (2016) A hybrid firefly and support vector machine classifier for phishing email detection. Kybernetes 45: 977-994. doi: 10.1108/K-07-2014-0129 |
[9] | Sami S, Nauman A, Li Z (2018) Detection of online phishing email using dynamic evolving neural network based on reinforcement learning. Decis Support Syst 107: 88-102. doi: 10.1016/j.dss.2018.01.001 |
[10] | Zhao M, An B, Kiekintveld C (2016) Optimizing Personalized Email Filtering Thresholds to Mitigate Sequential Spear Phishing Attacks. In: Proceedings of 30th Association-for-the-Advancement-of-Artificial-Intelligence (AAAI) Conference on Artificial Intelligence 30: 658-664. |
[11] | Wang J, Li Y, Rao HR (2016) Overconfidence in Phishing Email Detection. J Assoc Inf Syst 17: 759-783. |
[12] | Williams EJ, Polage D (2019) How persuasive is phishing email? The role of authentic design, influence and current events in email judgements. Behav Inform Technol 38: 184-197. doi: 10.1080/0144929X.2018.1519599 |
[13] | Ferreira A, Teles S (2019) Persuasion: How phishing emails can influence users and bypass security measures. Int J Hum-Comput St 125: 19-31. doi: 10.1016/j.ijhcs.2018.12.004 |
[14] | Seifollahi S, Bagirov A, Layton R, et al. (2017) Optimization Based Clustering Algorithms for Authorship Analysis of Phishing Emails. Neural Process Lett 46: 411-425. doi: 10.1007/s11063-017-9593-7 |
[15] | Canfield CI, Fischhoff B, Davis A (2019) Better beware: comparing metacognition for phishing and legitimate emails. Metacognition and Learning 14: 343-362. doi: 10.1007/s11409-019-09197-5 |
[16] | Nowak J, Korytkowski M, Wozniak M, et al. (2019) URL-based Phishing Attack Detection by Convolutional Neural Networks. Aust J Intell Inf Process Syst 15: 60-67. |
[17] | Wei W, Ke Q, Nowak J, et al. (2020) Accurate and fast URL phishing detector: A convolutional neural network approach. Comput Netw 178: 107275. doi: 10.1016/j.comnet.2020.107275 |
[18] | The text analytical software TOVEK, 2020. Available from: https://www.tovek.cz. |
[19] | Tobac R (2020) Social Engineer & Ethical Hacker. Live Hacking Demo: Hacking the Human, Sophos Evolve - Cybersecurity Summit, Webinar presentation. |
[20] | DZRO FVT-2, KYBERSILY. Project of faculty research: Cyber forces and resources. University of Defence, Faculty of Military Technologies, Brno, Czech Republic, 2021. |