Interdisciplinary Research Group in Socio-technical Cybersecurity
An Analysis of Social Engineering Principles in Effective Phishing
Phishing is a widespread practice and a lucrative business. It is invasive and hard to stop: a company needs to worry about all emails that all employees receive, while an attacker only needs to have a response from a key person, e.g., a finance or human resources' responsible, to cause a lot of damages. Some research has looked into what elements make phishing so successful. Many of these elements recall strategies that have been studied as principles of persuasion, scams and social engineering. This paper identifies, from the literature, the elements which reflect the effectiveness of phishing, and manually quantifies them within a phishing email sample. Most elements recognised as more effective in phishing commonly use persuasion principles such as authority and distraction. This insight could lead to better automate the identification of phishing emails and devise more appropriate countermeasures against them.
Ana Ferreira, Gabriele Lenzini
2015 Workshop on Socio-Technical Aspects in Security and Trust
Ferreira, A., & Lenzini, G. (2015, July). An analysis of social engineering principles in effective phishing. In 2015 Workshop on Socio-Technical Aspects in Security and Trust (pp. 9-16). IEEE.
Get in touch with us
SnT – Interdisciplinary Centre for Security, Reliability and Trust
29, Avenue J.F Kennedy L-1855 Luxembourg