Legitimate Emails Research Articles

Eyes on phishing emails: an eye-tracking study

Abstract Objective This study aims to explore susceptibility to phishing emails by analysing the visual patterns of individuals. Method A quasi-experimental study was developed, using 28 emails (13 phishing; 13 legitimate; 2 control) which were subdivided into two groups (G1; G2) and presented to the participants who looked at a set of 15 emails. The sample consisted of 70 participants. Results Phishing emails showed significantly higher average fixation times and total fixations in the sender’s area compared to legitimate emails. However, no significant correlations were found between fixation time, total number of fixations in various areas of the email, and the accuracy of email identification (both general and phishing). Conclusion This pioneering study within the Portuguese context lays the foundation for future research on analysing and accurately detecting different types of emails, including differentiating between them. It also supports the development of targeted training to improve the recognition of various emails cues.

Bank Emails: The Language of Legit and Scam

Amidst the pandemic, the surge in unsolicited scam emails has made internet technology a significant concern. Distinguishing between scams and authentic/legit emails has become increasingly difficult. This research aimed to identify typical characteristics and language patterns found in emails. It also aimed to identify the common linguistics and technical features of the scams and legitimate bank emails. Two legitimate emails and two scam or fraudulent emails from different banks in the Philippines (i.e., LandBank and BDO). A qualitative method was used to analyze and interpret the language features of the two emails. This led to the identification of shared characteristics found in scams and legitimate emails. A scam email typically includes embedded malicious links, misspellings, formatting issues, suspicious email domains, frequent use of contractions and redundancy, tautology, and imperative mood. On the other hand, legitimate emails exhibit proper punctuation, accurate email domains, appropriate formatting, absence of spelling mistakes, avoidance of contractions and redundancy, and use indicative mood rather than imperative. Scam emails utilize modal verbs to manipulate recipients into divulging personal information. Recognizing these email patterns is crucial for educating users and reducing phishing risks. It is important to note that the interpretation and findings of this study are based on the entire dataset collected. Keywords: Bank Emails, Legit Emails, Linguistic Features, Scam Emails, Phishing

Analyzing Privacy and Security in Cloud Computing Environments

With the rapid surge of spam across the Internet and its various forms, effectively identifying and combating spam has become an urgent priority. Cloud computing offers significant advantages in terms of storage and processing capabilities, making it a viable solution for analysing vast amounts of email data. To address the dynamic nature of spam and its life cycle, an anti-spam system with feedback reassessment is proposed. This system incorporates a text filtering approach based on active learning, involving four key stages: training, filtering, feedback, and re-filtering. Compared to traditional systems, the feedback-enabled filtering system demonstrates improved keyword filtering. To further enhance the accuracy of spam detection and minimize misjudgements in legitimate emails, leveraging weighted decision-making based on email header information is recommended. Additionally, for emails with sparse content, employing title weighting in the filtering process proves to be both feasible and effective, particularly in identifying spam with minimal text content. Given the advancements of cloud-based filtering methods over traditional algorithms, leveraging cloud computing holds promise in effectively combating the escalating volume of spam. As such, this paper delves into an in-depth exploration of spam identification within cloud computing environments, focusing on text filtering systems. This study is informed by a comprehensive analysis of existing anti-spam technologies, aiming to contribute to the ongoing efforts in mitigating spam proliferation online.

Deteksi Email Spam dengan Continuous Bag-Of-Words dan Random Forest

Spam email poses a significant cyber threat, as scammers employ various tactics to deceive individuals into divulging sensitive information or downloading harmful content. For instance, in June 2023, Indonesia encountered approximately 6.51 thousand spam attacks, underscoring the widespread nature of this issue. These attacks frequently involve deceptive strategies, such as impersonation or false promises of rewards, to ensnare unsuspecting victims. Succumbing to spam can result in financial losses and other grave repercussions. To address this concern, this research addresses this pressing problem by focusing on email content classification to detect phishing attempts. The proposed solution leverages runtime platforms such as Google Colab and uses Continuous Bag of Words (CBOW) analysis and Random Forest methods. CBOW is selected for its effectiveness in capturing semantic relationships between words, allowing the model to extract meaningful features from the email content. Random Forest, on the other hand, is chosen for its ability to handle imbalanced datasets commonly encountered in email classification tasks, ensuring fair representation of both spam and ham emails during model training. By combining these two techniques, we aim to develop a robust classification model capable of accurately distinguishing between phishing (spam) and legitimate (ham) emails, thus enhancing email security measures. Through our approach, we aim to classify the SpamAssassin dataset into ham or spam categories, with an anticipated precision rate of 0.98, demonstrating the model's effectiveness in accurately identifying phishing emails.

Machine Learning Based Classification for Spam Detection

Electronic Electronic messages, i.e. e-mails, are a communication tool frequently used by individuals or organizations. While e-mail is extremely practical to use, it is necessary to consider its vulnerabilities. Spam e-mails are unsolicited messages created to promote a product or service, often sent frequently. It is very important to classify incoming e-mails in order to protect against malware that can be transmitted via e-mail and to reduce possible unwanted consequences. Spam email classification is the process of identifying and distinguishing spam emails from legitimate emails. This classification can be done through various methods such as keyword filtering, machine learning algorithms and image recognition. The goal of spam email classification is to prevent unwanted and potentially harmful emails from reaching the user's inbox. In this study, Random Forest (RF), Logistic Regression (LR), Naive Bayes (NB), Support Vector Machine (SVM) and Artificial Neural Network (ANN) algorithms are used to classify spam emails and the results are compared. Algorithms with different approaches were used to determine the best solution for the problem. 5558 spam and non-spam e-mails were analyzed and the performance of the algorithms was reported in terms of accuracy, precision, sensitivity and F1-Score metrics. The most successful result was obtained with the RF algorithm with an accuracy of 98.83%. In this study, high success was achieved by classifying spam emails with machine learning algorithms. In addition, it has been proved by experimental studies that better results are obtained than similar studies in the literature.

Tensor Flow-powered Spam Email Filtering: An Evaluation of Performance and Robustness

Spam emails continue to pose significant challenges in email communication, requiring robust and adaptive filtering mechanisms to safeguard users and organizations. Leveraging the capabilities of machine learning and deep learning, this paper presents an evaluation of a spam email filtering system powered by Tensor Flow. The system's architecture is designed to utilize deep neural networks for feature extraction and classification, enabling flexibility and scalability in handling diverse spam tactics. We assess the system's performance in accurately distinguishing between spam and legitimate emails, evaluating metrics such as precision, recall, and F1-score. Additionally, we analyze the system's resilience against adversarial attacks and its ability to adapt to evolving spam techniques. Comparative analysis with traditional spam filtering techniques highlights the superiority of deep learning-based approaches. Practical considerations such as computational efficiency and scalability are also addressed, ensuring real-time responsiveness in processing vast volumes of emails. Through comprehensive experimentation and benchmarking, this paper contributes to the advancement of spam email filtering, guiding the development of more effective and efficient solutions for enhancing email security and user experience.

Enhancing Spam Detection: A Crow-Optimized FFNN with LSTM for Email Security

Email security is paramount in today's digital landscape, as the proliferation of spam emails poses a significant threat to individuals and organizations alike. To combat this menace, this study introduces a novel approach that marries the power of Crow Search Optimization (CSO) with a Feedforward Neural Network (FFNN) and Long Short-Term Memory (LSTM) architecture to bolster spam detection. The proposed Crow-Optimized FFNN with LSTM (C-FFNN-LSTM) leverages CSO to fine-tune the neural network's parameters, optimizing its ability to distinguish between legitimate emails and spam. The CSO algorithm mimics the collaborative behavior of crows, thereby enhancing the model's convergence and robustness. Experimental results showcase the effectiveness of the C-FFNN-LSTM approach, achieving remarkable accuracy rates and reducing false positives. This innovation not only enhances email security but also offers a promising avenue for refining spam detection algorithms across various domains. In an era of ever-evolving cyber threats, the C-FFNN-LSTM framework stands as a beacon of improved email security, safeguarding digital communication channels.
 In our methodology, we attained an outstanding accuracy level of 99.1% during the testing phase.

Filtering and Detection of Real-Time Spam Mail Based on a Bayesian Approach in University Networks

With the advent of digital technologies as an integral part of today’s everyday life, the risk of information security breaches is increasing. Email spam, commonly known as junk email, continues to pose a significant challenge in the digital realm, inundating inboxes with unsolicited and often irrelevant messages. This relentless influx of spam not only disrupts user productivity but also raises security concerns, as it frequently serves as a vehicle for phishing attempts, malware distribution, and other cyber threats. The prevalence of spam is fueled by its low-cost dissemination and its ability to reach a wide audience, exploiting vulnerabilities in email systems. This paper marks the inception of an in-depth investigation into the viability and potential implementation of a robust spam filtering and prevention system tailored explicitly to university networks. With the escalating threat of email-based hacking attacks and the incessant deluge of spam, the need for a comprehensive and effective defense mechanism within academic institutions becomes increasingly imperative. In exploring potential solutions, this study delves into the applicability and efficacy of Bayesian filters, a class of probabilistic classifiers renowned for their aptitude in distinguishing between legitimate emails and spam messages. Bayesian filters utilize statistical algorithms to analyze email content, learning patterns and features to accurately categorize incoming emails.

Automated Spam Detection Using Sandpiper Optimization Algorithm-Based Feature Selection with the Machine Learning Model

The email has become an online communication tool and an important part of daily life. Spam mails take up a lot of space and bandwidth, and spam filtering algorithms have flaws that cause them to mistake legitimate emails for spam (false positives). These issues are becoming a bigger difficulty for the online world. This work proposes the use of a sandpiper optimization (SPO) algorithm, which is applied for the feature selection process which minimizes the training complexity and maximizes the classification accuracy and Radial Bias Neural Network (RBNN) for classifying emails as genuine email and spam email. The Enron email dataset and Spam Assassin datasets were used. The outcomes show that the rotation forest algorithm after feature selection with SPO accurately classifies the emails as genuine email and spam email with 3.88%, 5.75%, and 6.16% higher accuracy for Genuine Email, 2.31%, 8.47%, and 7.23% higher accuracy for spam email compared with existing Universal Spam Detection using Transfer Learning of the BERT Model (USD-TL-BERT), Hybrid Learning Approach for E-mail Spam Detection and Classification (HLA-ESDC), and the Email Spam Detection Using Hierarchical Attention Hybrid Deep Learning Method (ESD-HAHD), respectively. This demonstrates that the proposed method significantly outperforms existing methods.

The role of conscientiousness and cue utilisation in the detection of phishing emails in controlled and naturalistic settings

ABSTRACT Email phishing is a serious and potentially catastrophic threat to organisations and individuals. Understanding what factors may influence individual susceptibility to phishing attacks is essential to protecting against cybercrime. We investigated the potential interplay between conscientiousness and cue utilisation in individuals’ ability to accurately differentiate between phishing and legitimate emails. University students (N = 255) completed a phishing detection task, the Mini International Personality Item Pool, and the phishing edition of the Expert Intensive Skill Evaluation (2.0) battery. After, they were sent simulated phishing emails to their student email address. A Signal Detection Theory approach revealed that higher cue utilisation was associated with a greater ability to tell whether an e-mail was phishing or not in the detection task. For the simulated phishing emails, participants with lower conscientiousness were more likely to click an embedded link in an unsophisticated phishing email, however cue utilisation had no association with email engagement in a naturalistic setting. The findings provide insight into why some people are more susceptible to phishing scams and reveal important differences in phishing sensitivity as a function of context, which has implications to interventions.

Phishing URL Detection using Machine Learning

Abstract: Phishing attacks continue to pose a major threat for computer system defenders, often forming the first step in a multistage attack. There have been great strides made in phishing detection; however,some phishing emails appear to pass through filters by making simple structural and semantic changes to the messages. We tackle this problem through the use of a machine learning classifier operating on a large corpus of phishing and legitimate emails. We design a system to extract features, elevating some to higherlevel feature, that are meant to defeat common phishing email detection strategies. This paper presents an approach to detect phishing URLs in an efficient way based on URL features only. For detecting the phishing URLs SVM classifier is used. The performances are evaluated for different size of datasets using different number of features. The results are compared with other machine learning classification techniques. The proposed system is able to detect phishing websites using URL features only.

Which phish is captured in the net? Understanding phishing susceptibility and individual differences

AbstractPhishing research presents conflicting findings regarding the psychological predictors of phishing susceptibility. The present work aimed to resolve these discrepancies by utilizing a diverse online sample and email set. Participants completed a survey that included an email classification task and measured several individual differences, including phishing awareness, age, impulsivity, curiosity, and personality (the Big‐5). Phishing susceptibility was measured by participants' ability to distinguish between phishing and legitimate emails. Three regression analyses were performed to predict email discrimination ability; (1) an age model, (2) a deficient self‐regulation model (i.e., impulsivity, response times, and curiosity), and (3) a personality (i.e., the Big‐5) model. Overall, phishing susceptibility was predicted by younger age, higher levels of impulsivity and extraversion, lower levels of openness to experience and agreeableness, and quick responses. The present work identifies several populations that are particularly vulnerable to phishing attacks and may require targeted training interventions.

Determining psycholinguistic features of deception in phishing messages

PurposeDistinguishing phishing emails from legitimate emails continues to be a difficult task for most individuals. This study aims to investigate the psycholinguistic factors associated with deception in phishing email text and their effect on end-user ability to discriminate phishing emails from legitimate emails.Design/methodology/approachEmail messages and end-user decisions collected from a laboratory phishing study were validated and analyzed using natural language processing methods (Linguistic Inquiry Word Count) and penalized regression models (LASSO and Elastic Net) to determine the linguistic dimensions that attackers may use in phishing emails to deceive end-users and measure the impact of such choices on end-user susceptibility to phishing.FindingsWe found that most participants, who played the role of a phisher in the study, chose to deceive their end-user targets by pretending to be a familiar individual and presenting time pressure or deadlines. Results show that use of words conveying certainty (e.g. always, never) and work-related features in the phishing messages predicted higher end-user vulnerability. On the contrary, use of words that convey achievement (e.g. earn, win) or reward (cash, money) in the phishing messages predicted lower end-user vulnerability because such features are usually observed in scam-like messages.Practical implicationsInsights from this research show that analyzing emails for psycholinguistic features associated with computer-mediated deception could be used to fine-tune and improve spam and phishing detection technologies. This research also informs the kinds of phishing attacks that must be prioritized in antiphishing training programs.Originality/valueApplying natural language processing and statistical modeling methods to analyze results from a laboratory phishing experiment to understand deception from both attacker and end-user is novel. Furthermore, results from this work advance our understanding of the linguistic factors associated with deception in phishing email text and its impact on end-user susceptibility.

Detection of Spam Email

Spam, often known as unsolicited email, has grown to be a major worry for every email user. Nowadays, it is quite challenging to filter spam emails since they are made, created, or written in such a unique way that anti-spam filters cannot recognize them. In order to predict or categorize emails as spam, this paper compares and reviews the performance metrics of a few categories of supervised machine learning techniques, including Svm (Support Vector Machine), Random Forest, Decision Tree, Cnn, (Convolutional Neural Network), Knn(K Nearest Neighbor), Mlp(Multi-Layer Perceptron), Adaboost (AdaptiveBoosting), and Nave Bayes algorithm. Thegoal of this study is to analyze the specificsor content of the emails, discover a limited dataset, and create a classification model that can predict or categorize whether spam is present in an email. Transformers’ Bidirectional Encoder Representations) has been optimized to perform the duty of separating spam emails from legitimate emails (Ham). To put the text’s context into perspective, Bert uses attention layers. Results are contrasted with a baseline Dnn (deep neural network) modelthat consists of two stacked Dense layers and a Bilstm (bidirectional Long Short-Term Memory) layer. Results are also contrasted with a group of traditional classifiers, including k- Nn (k-nearest neighbours) and Nb (Naive Bayes). The model is tested for robustness andpersistence using two open-source data sets, one of which is utilized to train the model.

Detecting Phishing Website using Machine Learning

Phishing attacks continue to pose a major threat for computer system defenders, often forming the first step in a multi-stage attack. There have been great strides made in phishing detection; however, some phishing emails appear to pass through filters by making simple structural and semantic changes to the messages. We tackle this problem through the use of a machine learning classifier operating on a large corpus of phishing and legitimate emails. We design SAFEPC (Semi-Automated Feature generation for Phish Classification), a system to extract features, elevating some to higher level features, that are meant to defeat common phishing email detection strategies. To evaluate SAFE-PC, we collect a large corpus of phishing emails from the central IT organization at a tier-1 university. The execution of SAFE-PC on the dataset exposes hitherto unknown insights on phishing campaigns directed at university users. SAFEPC detects more than 70a state-of-the-art email filtering tool. It also outperforms Spam Assassin, a commonly used email filtering tool. We also developed an online version of SAFE-PC, that can be incrementally retrained with new samples. Its detection performance improves with time as new samples are collected, while the time to retrain the classifier stays constant.

Spam filter based on geographical location of the sender

Abstract Spam annoys users and poses a security threat. This article proposes a spam filter based on geographical location of the sender determined by IP geolocation. This filter was implemented as a plugin to the SpamAssassin anti-spam software. The plugin allows to define a penalty score for specific countries sending spam. The proposed filter was tested on a dataset of 1500 e-mails consisting of 1200 spam and 300 legitimate e-mails. The Matthews correlation coefficient of the filter has a value of 0.222. This indicates that the proposed spam filter contributes to the correct spam filtering.

Classification of Phishing Email Using Word Embedding and Machine Learning Techniques

Email phishing is a cyber-attack, bringing substantial financial damage to corporate and commercial organizations. A phishing email is a special type of spamming, used to trick the user to disclose personal information to access his digital assets. Phishing attack is generally triggered by emailing links to spoofed websites that collect sensitive information. The APWG survey suggests that the existing countermeasures remain ineffective and insufficient for detecting phishing attacks. Hence there is a need for an efficient mechanism to detect phishing emails to provide better security against such attacks to the common user. The existing open-source data sets are limited in diversity, hence they do not capture the real picture of the attack. Hence there is a need for real-time input data set to design accurate email anti-phishing solutions. In the current work, it has been created a real-time in-house corpus of phishing and legitimate emails and proposed efficient techniques to detect phishing emails using a word embedding and machine learning algorithms. The proposed system uses only four email header-based heuristics for the classification of emails. The proposed word embedding cum machine learning framework comprises six word embedding techniques with five machine learning classifiers to evaluate the best performing combination. Among all six combinations, Random Forest consistently performed the best with FastText (CBOW) by achieving an accuracy of 99.50% with a false positive rate of 0.053%, TF-IDF achieved an accuracy of 99.39% with a false positive rate of 0.4% and Count Vectorizer achieved an accuracy of 99.18% with a false positive rate of 0.98% respectively for three datasets used.

An Email Spam Filtering Model Using Ensemble of Machine Learning Techniques

The growth of spam emails is on the increase responsible for larger portions of the global email traffics. Aside the annoyance and the time wasted sifting through the unwanted messages; spam emails can also cause immeasurable harms through malicious software capable of damaging systems and compromising confidential information. The risks of filtering spam emails is that sometimes, legitimate mails are marked as spam, yet the results of not filtering spam are the constant flood of spam clogs on networks that adversely impacts users inboxes while draining valuable resources on the networks such as bandwidth and storage capacity, productivity loss and interfere with the expedient delivery of legitimate emails. Several researchers had worked on the design of models for spam email filtering using different techniques, however the detection accuracy of these models have also become subject of discussions. This study developed spam email filtering model using Ensemble of Decision Tree, Support Vector Machine and Multilayer Perceptron (DT-SVM-MLP) technique as a solution approach to solving issues of low spam emails detection accuracy. The ensemble model was trained using forward propagation training technique and the performance was evaluated using five performance metrics of Accuracy, False Positive (FP) Rate, Precision, Recall and F-Measure.

Predicting User Susceptibility to Phishing Based on Multidimensional Features.

While antiphishing techniques have evolved over the years, phishing remains one of the most threatening attacks on current network security. This is because phishing exploits one of the weakest links in a network system—people. The purpose of this research is to predict the possible phishing victims. In this study, we propose the multidimensional phishing susceptibility prediction model (MPSPM) to implement the prediction of user phishing susceptibility. We constructed two types of emails: legitimate emails and phishing emails. We gathered 1105 volunteers to join our experiment by recruiting volunteers. We sent these emails to volunteers and collected their demographic, personality, knowledge experience, security behavior, and cognitive processes by means of a questionnaire. We then applied 7 supervised learning methods to classify these volunteers into two categories using multidimensional features: susceptible and nonsusceptible. The experimental results indicated that some machine learning methods have high accuracy in predicting user phishing susceptibility, with a maximum accuracy rate of 89.04%. We conclude our study with a discussion of our findings and their future implications.

Character and Word Embeddings for Phishing Email Detection

Phishing attacks are among the most common malicious activities on the Internet. During a phishing attack, cybercriminals present themselves as a trusted organization or individual. Their goal is to lure people to enter their private information, such as passwords and bank card numbers, while believing that nothing malicious is happening. The attack often starts with a phishing email, which is an email that is very similar to a legitimate email, but usually contains links to malicious websites or uses some other techniques to mislead victims. To prevent phishing attacks, it is crucial to detect phishing emails and remove them from email inbox folders. In this paper, a neural network based phishing email detection model is proposed. In comparison to some earlier approaches, our model does not use manually engineered input features. It learns character and word embeddings directly from email texts, and uses them to extract local and global features using convolutional and recurrent layers, respectively. Our model is tested on the two commonly used datasets for phishing email detection, the SpamAssassin Public Corpus and Nazario Phishing Corpus, and it achieves an accuracy of 99.81 % and F_1-score of 99.74 %, which is on par or better than the current state-of-the-art approaches.