论文信息 - A Temporal Analysis of Persuasion Principles in Phishing Emails

A Temporal Analysis of Persuasion Principles in Phishing Emails

Eight hundred eighty-seven phishing emails from Arizona State University, Brown University, and Cornell University were assessed by two reviewers for Cialdini’s six principles of persuasion: authority, social proof, liking/similarity, commitment/consistency, scarcity, and reciprocation. A correlational analysis of email characteristics by year revealed that the persuasion principles of commitment/consistency and scarcity have increased over time, while the principles of reciprocation and social proof have decreased over time. Authority and liking/similarity revealed mixed results with certain characteristics increasing and others decreasing. Results from this study can inform user training of phishing emails and help cybersecurity software to become more effective.

Christopher B. Mayhorn | Emerson Murphy-Hill | Allaire K. Welk | Olga A. Zielinska

[1] Michael Workman,et al. Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security , 2008, J. Assoc. Inf. Sci. Technol..

[2] Christopher B. Mayhorn,et al. One Phish, Two Phish, How to Avoid the Internet Phish , 2014 .

[3] N. Akbar,et al. Analysing Persuasion Principles in Phishing Emails , 2014 .

[4] Ana Ferreira,et al. An analysis of social engineering principles in effective phishing , 2015, 2015 Workshop on Socio-Technical Aspects in Security and Trust.

[5] Christopher B. Mayhorn,et al. Will the "Phisher-Men" Reel You In?: Assessing Individual Differences in a Phishing Detection Task , 2015, Int. J. Cyber Behav. Psychol. Learn..

[6] R. Cialdini. Influence: The Psychology of Persuasion , 1993 .

[7] Christopher B. Mayhorn,et al. Phishing in international waters: exploring cross-national differences in phishing conceptualizations between Chinese, Indian and American samples , 2014, HotSoS '14.

[8] Ponnurangam Kumaraguru,et al. Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.

[9] Sven Übelacker,et al. The Social Engineering Personality Framework , 2014, 2014 Workshop on Socio-Technical Aspects in Security and Trust.