Towards a thematic dimensional framework of online fraud: An exploration of fraudulent email attack tactics and intentions

Abstract

Despite anti-phishing filters, social engineering-based cyber-attacks still result in billions of dollars lost annually, significant personal identity theft, loss of corporate secrets, and espionage. We review the phishing literature on psychological attacks and design tactics employed for deception by attackers. The result reveals the need to continuously identify tactics embedded in fraudulent email content to understand why users still fall prey to phishing attacks. Using the literature as a backdrop, we identify and conceptualize a thematic dimensional framework of fraudulent phishing attacks. This study uses benchmark datasets of fraudulent email to empirically validate the proposed dimensional framework. Specifically, a combination of machine learning-based content analysis and topic modeling found a majority of the discovered topics were labeled against the proposed dimensions. Statistical analysis was employed to provide empirical evidence of the thematic dimensions of fraudulent email attacks. This study thus, not only extends the cybersecurity literature by identifying and validating eight dimensions that enrich our understanding of phishing and attack identification but stimulates cumulative research endeavors to develop yet more comprehensive dimensional frameworks of phishing email attacks.