The Persuasive Phish: Examining the Social Psychological Principles Hidden in Phishing Emails
| Title | The Persuasive Phish: Examining the Social Psychological Principles Hidden in Phishing Emails |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Zielinska, Olga, Welk, Allaire, Mayhorn, Christopher B., Murphy-Hill, Emerson |
| Conference Name | Proceedings of the Symposium and Bootcamp on the Science of Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4277-3 |
| Keywords | Email, Human Behavior, persuasion, phishing, phishing attack, pubcrawl, security, Social Engineering |
| Abstract | {Phishing is a social engineering tactic used to trick people into revealing personal information [Zielinska, Tembe, Hong, Ge, Murphy-Hill, & Mayhorn 2014]. As phishing emails continue to infiltrate users' mailboxes, what social engineering techniques are the phishers using to successfully persuade victims into releasing sensitive information? Cialdini's [2007] six principles of persuasion (authority, social proof, liking/similarity, commitment/consistency, scarcity, and reciprocation) have been linked to elements of phishing emails [Akbar 2014; Ferreira, & Lenzini 2015]; however, the findings have been conflicting. Authority and scarcity were found as the most common persuasion principles in 207 emails obtained from a Netherlands database [Akbar 2014], while liking/similarity was the most common principle in 52 personal emails available in Luxemborg and England [Ferreira et al. 2015]. The purpose of this study was to examine the persuasion principles present in emails available in the United States over a period of five years. Two reviewers assessed eight hundred eighty-seven phishing emails from Arizona State University, Brown University, and Cornell University for Cialdini's six principles of persuasion. Each email was evaluated using a questionnaire adapted from the Ferreira et al. [2015] study. There was an average agreement of 87% per item between the two raters. Spearman's Rho correlations were used to compare email characteristics over time. During the five year period under consideration (2010-2015), the persuasion principles of commitment/consistency and scarcity have increased over time, while the principles of reciprocation and social proof have decreased over time. Authority and liking/similarity revealed mixed results with certain characteristics increasing and others decreasing. The commitment/consistency principle could be seen in the increase of emails referring to elements outside the email to look more reliable, such as Google Docs or Adobe Reader (rs(850) = .12 |
| URL | http://doi.acm.org/10.1145/2898375.2898382 |
| DOI | 10.1145/2898375.2898382 |
| Citation Key | zielinska_persuasive_2016 |