Phishing Messages Research Articles

Spam and Phishing Whatsapp Message Filtering Application Using TF - IDF and Machine Learning Methods

The rapid development of communication technology has led to an increase in the number of unwanted messages, such as spam and phishing attempts. However, this progress has not been accompanied by sufficient user awareness of the basics of technology use. Additionally, the enforcement of laws regarding internet-based crimes remains unclear, further increasing the risk for users of internet technology to fall victim to such crimes. As one of the media prone to spam and phishing, WhatsApp is the focus of this research, which aims to develop an application capable of filtering spam and phishing messages. The application employs the TF-IDF (Term Frequency-Inverse Document Frequency) method and machine learning using the Random Forest model. It is developed using the MVVM (Model-View-ViewModel) architecture, enabling the separation of business logic from the user interface, thereby improving development and maintenance efficiency. The research findings demonstrate that the combination of TF-IDF and Random Forest achieves high accuracy in classifying spam and phishing messages. Performance evaluation using a confusion matrix reveals an accuracy rate of 92%. For the safe message class, the precision, recall, and F1 scores are 89%, 95%, and 92%, respectively, while for the dangerous message class, the scores are 95%, 88%, and 92%, respectively. Furthermore, the integration of the model and application performed exceptionally well, as evidenced by black-box testing results. All test scenarios were met, successfully detecting test messages with 98% accuracy. Therefore, the developed application provides enhanced protection for WhatsApp users against digital threats.

Indonesian SMEs and Cybersecurity: Developing Instrument to Test SMEs Owners’ Capability in Detecting Phishing Emails

In recent years, phishing attacks have gotten more complicated and harder to detect. Technology-based preventative approaches have become utterly ineffective. Users of electronic mails are eventually the most essential factor in identifying phishing scams. Small and medium-sized enterprise (SMEs) are more susceptible to spear-phishing attacks as their reliance of internet-based services increases, yet most of them lack skills in implementing preventive measures against phishing. This study identified the characteristics of phishing emails and designed an instrument to assess the level of individual knowledge in detecting various phishing messages. This instrument is primarily designed for SMEs. The instrument is to be used not only as a testing tool for phishing detection skills, but also as the foundation for generating training materials or phishing detection guidelines for SMEs

Exploiting Human Trust in Cybersecurity: Which Trust Development Process Is Predominant in Phishing Attacks?

Humans live in an interconnected world that is increasingly featured with virtual interactions in cyberspace. That world has raised cybersecurity concerns, particularly regarding the exploitation of human trust through various means, such as phishing. Phishing remains one of the most prevalent forms of cybercrime. It exploits human trust to manipulate individuals into divulging sensitive information. This study investigates the trust development mechanisms most exploited by cybercriminals in phishing attacks. It focuses on two primary trust development processes: relationship history and future expectations. The study uses qualitative content analysis of 42 phishing messages collected from diverse secondary sources. The findings reveal that future expectations—such as promises of rewards, urgent requests, or threats of penalties—dominate phishing tactics. In contrast, relationship history mechanisms exploit existing or fabricated relationships to evoke trust and compliance. These findings provide critical insights into the psychological manipulations leveraged in phishing schemes and highlight the need to integrate behavioural and cognitive principles into cybersecurity education. Practical implications include tailored training programs for distinct user groups, such as seniors, employees, and students. The training should emphasise recognising urgency cues, emotional manipulation, and verification strategies.

Influence of WhatsApp Online Phishing Messages on Data Security among Undergraduates in Anambra State

Due to the widespread sharing of phishing emails on WhatsApp, university students face a high risk of data breaches. This study examines the impact of WhatsApp phishing messages on data security among students at Chukwuemeka Odumegwu Ojukwu University Igbariam, Anambra State. The research collected survey data from 375 students out of 17,055 based on their population and adopted Social Cognitive Theory as the theoretical framework. The findings indicate that most students are aware of these phishing messages, with scam emails and fake login pages being the most common forms. Additionally, most students believe these messages threaten their data security. The study suggests holding regular educational campaigns to address this problem. This study sheds light on the alarming risks of online phishing, revealing the vulnerabilities that university students face every day. The study aims to educate, empower, and protect students from cyber threats, fostering a safer digital campus community.

The influence of affective processing on phishing susceptibility

ABSTRACT The heightened sophistication of phishing attacks results in billions of dollars of financial losses, loss of intellectual property, and reputational damage to organisations. Past work examining determinants of phishing susceptibility has been dominated by cognitive theoretical perspectives. However, recent research has also revealed the importance of emotion in phishing susceptibility. This study expands our understanding of phishing susceptibility by adopting an affective lens. Using an integrative perspective of emotion, we build on the Affective Infusion Model (AIM) to predict the effects of valence, certainty, and arousal on phishing susceptibility. We pilot our manipulations (N = 241) and then test our hypotheses using a mock phishing experiment (N = 474) in which phishing messages are sent directly to participant inboxes. We demonstrate that messages inducing positive valence and low certainty result in higher phishing susceptibility. This study contributes to phishing literature by illuminating the critical role that emotion plays in altering recipients’ susceptibility in the processing of phishing messages and has implications for scholars, practitioners, and organisations.

Detection of Korean Phishing Messages Using Biased Discriminant Analysis under Extreme Class Imbalance Problem

In South Korea, the rapid proliferation of smartphones has led to an uptick in messenger phishing attacks associated with electronic communication financial scams. In response to this, various phishing detection algorithms have been proposed. However, collecting messenger phishing data poses challenges due to concerns about its potential use in criminal activities. Consequently, a Korean phishing dataset can be composed of imbalanced data, where the number of general messages might outnumber the phishing ones. This class imbalance problem and data scarcity can lead to overfitting issues, making it difficult to achieve high performance. To solve this problem, this paper proposes a phishing messages classification method using Biased Discriminant Analysis without resorting to data augmentation techniques. In this paper, by optimizing the parameters for BDA, we achieved exceptionally high performances in the phishing messages classification experiment, with 95.45% for Recall and 96.85% for the BA metric. Moreover, when compared with other algorithms, the proposed method demonstrated robustness against overfitting due to the class imbalance problem and exhibited minimal performance disparity between training and testing datasets.

Phishing like the first step to gaining access

Phishing as a term that means the technique of sending phishing messages will be re-searched based on findings in public access and using the listed links. The process of a phish-ing attack will be analyzed, and then we will pay attention to the technical vectors of how us-ers become victims of the attack. Finally, existing research on phishing attacks and related prevention approaches will be reviewed. Mitigating phishing attacks is an important research topic worth exploring. Although a lot of research has been done, this threat still exists in the real world, and its prevalence is constantly increasing. According to research results, detecting phishing attacks is a difficult problem. There are two main strategies used to mitigate phishing attacks; or improving the performance of phishing detection technology or improving people's awareness of these at-tacks. Developing human expertise is a key way to defeat phishing attacks, as phishing attacks exploit human weaknesses rather than network weaknesses. Also, humans are always the weakest link in social engineering attacks. Compared to phishing website detection, phishing email detection may require user in-volvement to achieve better detection results. Because the success of a phishing email de-pends on its context. Specifically, when the premise of the phishing email is consistent with the user's work context (or current situation). Most anti-phishing solutions are implemented to mitigate general phishing attacks, but they ignore some specific situations, such as advanced phishing attacks. To prevent advanced phishing attacks, phishing websites are difficult to detect if a victim is attacked using stolen DNS data because the URL content and website content are the same as legitimate websites. Most content-based approaches may not work because the content of the accessed URL is an important factor in the decision. To prevent subdomain hijacking attacks, it is difficult to detect a phishing website if the phishers have hosted the website on a subdomain taken from a legitimate website. Regardless of the web content, URL, and SSL certificate information, they will all be the same as the le-gitimate website. Moreover, the approach to enumeration of subdomains needs improvement, as most current tools are based on rough enumeration, existing dictionaries may not cover all instances of subdomains, as some subdomains may be meaningless.

Determining psycholinguistic features of deception in phishing messages

PurposeDistinguishing phishing emails from legitimate emails continues to be a difficult task for most individuals. This study aims to investigate the psycholinguistic factors associated with deception in phishing email text and their effect on end-user ability to discriminate phishing emails from legitimate emails.Design/methodology/approachEmail messages and end-user decisions collected from a laboratory phishing study were validated and analyzed using natural language processing methods (Linguistic Inquiry Word Count) and penalized regression models (LASSO and Elastic Net) to determine the linguistic dimensions that attackers may use in phishing emails to deceive end-users and measure the impact of such choices on end-user susceptibility to phishing.FindingsWe found that most participants, who played the role of a phisher in the study, chose to deceive their end-user targets by pretending to be a familiar individual and presenting time pressure or deadlines. Results show that use of words conveying certainty (e.g. always, never) and work-related features in the phishing messages predicted higher end-user vulnerability. On the contrary, use of words that convey achievement (e.g. earn, win) or reward (cash, money) in the phishing messages predicted lower end-user vulnerability because such features are usually observed in scam-like messages.Practical implicationsInsights from this research show that analyzing emails for psycholinguistic features associated with computer-mediated deception could be used to fine-tune and improve spam and phishing detection technologies. This research also informs the kinds of phishing attacks that must be prioritized in antiphishing training programs.Originality/valueApplying natural language processing and statistical modeling methods to analyze results from a laboratory phishing experiment to understand deception from both attacker and end-user is novel. Furthermore, results from this work advance our understanding of the linguistic factors associated with deception in phishing email text and its impact on end-user susceptibility.

A Survey of Intelligent Detection Designs of HTML URL Phishing Attacks

Phishing attacks are a type of cybercrime that has grown in recent years. It is part of social engineering attacks where an attacker deceives users by sending fake messages using social media platforms or emails. Phishing attacks steal users’ information or download and install malicious software. They are hard to detect because attackers can design a phishing message that looks legitimate to a user. This message may contain a phishing URL so that even an expert can be a victim. This URL leads the victim to a fake website that steals information, such as login information, payment information, etc. Researchers and engineers work to develop methods to detect phishing attacks without the need for the eyes of experts. Even though many papers discuss HTML and URL-based phishing detection methods, there is no comprehensive survey to discuss these methods. Therefore, this paper comprehensively surveys HTML and URL phishing attacks and detection methods. We review the current state-of-art deep learning models to detect URL-based and hybrid-based phishing attacks in detail. We compare each model based on its data preprocessing, feature extraction, model design, and performance.

Tracking Phishing Messages in Cyber Security

Tracking Phishing Messages in Cyber Security

Development of Mobile Application that Detects Phishing Messages to Decrease the Percentage of Data Theft during the COVID-19 Pandemic

The COVID-19 pandemic has established not only a health emergency, but has generated an emergency in the control of personal data of all those people who make use of technological means, which increased the activity of phishing which consists of the theft of personal data through the circulation of false information through the different social networks, in addition, the circulation with messages related to the cure of this disease only for the theft of data. This research develops a mobile application that detects malicious URLs found within the content of textmessages. The developed application performs an analysis of the URLs according to the database that is updated with each attack detected, performing a blocking of the content and notifies the user of the actions that canbetaken, with this the theft of the personal data of the users is avoided. This application is very useful for all those people who use mobile equipment (mobile) and have no knowledge of these types of attacks, since they are likely to perform the actions that the perpetrators foresee for the obtaining of their personal data, so this application provides a means of security against these types of phishing attacks.

Мethod of analysis for analyzing phishing messages

The development and widespread introduction of the Internet into everyday life has transformed both economic and social relations. The representation of these relations in digital form has created a digital economy, characterized by an active exchange of information, quick access to information resources, and the transfer of payments to the digital dimension. Social relations in the digital world are represented by social networks, instant messengers, which also provide economic services. At the same time, the new space, the transformed economy and social relations give rise to new threats. Users themselves actively expose information about themselves and their loved ones, photos of vacations and locations to the public. In addition to social networking, viewing entertainment content and online games, bank settlement transactions are popular. The popularization of Internet banking leads to an increased interest in stealing data from intruders. The result of this is an increase in the number of scammers who aim to obtain confidential user information. In addition, since the beginning of the war, the number of cyber attacks on public authorities, critical information infrastructure facilities and organizations containing critical information has increased. One of the well-known methods of stealing such information is phishing attacks. At the same time, most users underestimate the severity of these attacks and do not pay enough attention to protection systems. This, in turn, leads to wider consequences. Therefore, the problem to be solved is to present a method for analyzing phishing messages that can be used to reduce the probability of reaching the goal of a phishing attack. At the same time, it is known that attackers improve and modify the methods of implementing attacks, and therefore, classifying phishing attacks to increase user awareness is an urgent task. The result of the work is the proposed classification of phishing attacks and the presented method for analyzing phishing messages.

Phish Derby: Shoring the Human Shield Through Gamified Phishing Attacks

To better understand employees’ reporting behaviors in relation to phishing emails, we gamified the phishing security awareness training process by creating and conducting a month-long “Phish Derby” competition at a large university in the U.S. The university’s Information Security Office challenged employees to prove they could detect phishing emails as part of the simulated phishing program currently in place. Employees volunteered to compete for prizes during this special event and were instructed to report suspicious emails as potential phishing attacks. Prior to the beginning of the competition, we collected demographics and data related to the concepts central to two theoretical foundations: the Big Five personality traits and goal orientation theory. We found several notable relationships between demographic variables and Phish Derby performance, which was operationalized from the number of phishing attacks reported and employee report speed. Several key findings emerged, including past performance on simulated phishing campaigns positively predicted Phish Derby performance; older participants performed better than their younger colleagues, but more educated participants performed poorer; and individuals who used a mix of PCs and Macs at work performed worse than those using a single platform. We also found that two of the Big Five personality dimensions, extraversion and agreeableness, were both associated with poorer performance in phishing detection and reporting. Likewise, individuals who were driven to perform well in the Phish Derby because they desired to learn from the experience (i.e., learning goal orientation) performed at a lower level than those driven by other goals. Interestingly, self-reported levels of computer skill and the perceived ability to detect phishing messages failed to exhibit a significant relationship with Phish Derby performance. We discuss these findings and describe how focusing on motivating the good in employee cyber behaviors is a necessary yet too often overlooked component in organizations whose training cyber cultures are rooted in employee click rates alone.

The effects of personal values and message values on vulnerability to phishing

Phishing messages are designed to establish believability in the recipients, and to make them feel that the message is authentic. The current study examines the effect of personal values and of the values associated with the presumed sender on perceived authenticity of phishing messages. We tested two alternative hypotheses: (a) the value-congruency hypothesis contends that when the recipient's values match the underlying value of the message, the perception of authenticity increases; (b) the socially-shared values hypothesis suggests that messages that reflect the social image of the sender increase perception of authenticity. We further hypothesized that trust propensity moderates the effect of values on perception of phishing messages. Study 1 (N = 624) investigated and validated the values conveyed by bank messages. Study 2 (N = 309) tested the main hypotheses. Results supported the socially-shared values hypothesis. Trust propensity did not predict perceived authenticity of messages, and did not moderate the effect of the message value on perceived authenticity. The findings suggest that messages that fit the presumed sender's attributed values may be more risky, regardless of the receiver's values.

How Phishers Exploit the Coronavirus Pandemic: A Content Analysis of COVID-19 Themed Phishing Emails

This empirical study is an exploration of the influence methods, fear appeals, and urgency cues applied by phishers to trick or coerce users to follow instructions presented in coronavirus-themed phishing emails. To that end, a content analysis of 208 coronavirus-themed phishing emails has been conducted. We identified nine types of phishing messages crafted by phishers. Phishing emails purporting to provide information about the spread of the disease were the most common type of unsolicited emails. Authority, liking and commitment emerged as the most common influence methods. Fear appeals and urgency cues were present in almost all of the sampled phishing messages. Finally, the analysis of coronavirus-themed phishing emails revealed a shift in the modus operandi of phishers. The implications of these results are discussed in this paper.

Learning not to take the bait: a longitudinal examination of digital training methods and overlearning on phishing susceptibility

ABSTRACT As phishing becomes increasingly sophisticated and costly, interventions that improve and prolong resistance to attacks are needed. Previous research supported digital training as a method to reduce phishing susceptibility. However, the effects of training degrade with time. Therefore, we investigate overlearning as an approach that may increase skill retention through repetition and developing automaticity. We performed a longitudinal experiment crossing overlearning with anti-phishing digital training (rule-based, mindfulness, and control). Participants were tested using email identification tests (immediately following and 10 weeks after training) and mock phishing messages delivered to their inboxes (1 week and 8 weeks following training). Results showed that compared to rule-based training, mindfulness training resulted in significantly greater retention in terms of better email discrimination and less susceptibility to phishing attacks but similar levels of caution towards phishing after 2 months. Overlearning resulted in significantly less susceptibility to phishing attacks and more caution towards phishing compared to no overlearning but did not impact the digital training approaches. Even so, mindfulness was more beneficial compared to overlearning. Altogether, the results demonstrate the stability of the benefits of mindfulness training over time in terms of mitigating phishing susceptibility without influencing the chances of missing legitimate emails.

Diversity and inclusion at the ISJ

Diversity and inclusion at the <scp>ISJ</scp>

Mindless Response or Mindful Interpretation: Examining the Effect of Message Influence on Phishing Susceptibility

Influence-based deceptive messages constantly play a critical role in email phishing attacks. However, the literature lacks adequate understanding about how phishing messages with attractive and coercive influence result in the receivers’ adverse consequences. We therefore take the perspective of mindless response and mindful interpretation to address this issue by examining comprehensive relationships among message influence, cognitive processing, and phishing susceptibility. To accomplish this, a survey approach was adopted after a simulated phishing attack was conducted in campuses. Our empirical evidence shows that both message influence and cognitive processing can lead to people being phished, and a combination of different influences can also trigger cognitive processing. This research makes contributions to the literature of information security, persuading influence, and cognitive psychology.

How Experts Detect Phishing Scam Emails

Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduce the number of phishing emails received, they are not perfect and phishing remains one of the largest sources of security risk in technology and communication systems. To better understand the cognitive process that end users can use to identify phishing messages, I interviewed 21 IT experts about instances where they successfully identified emails as phishing in their own inboxes. IT experts naturally follow a three-stage process for identifying phishing emails. In the first stage, the email recipient tries to make sense of the email, and understand how it relates to other things in their life. As they do this, they notice discrepancies: little things that are "off'' about the email. As the recipient notices more discrepancies, they feel a need for an alternative explanation for the email. At some point, some feature of the email --- usually, the presence of a link requesting an action --- triggers them to recognize that phishing is a possible alternative explanation. At this point, they become suspicious (stage two) and investigate the email by looking for technical details that can conclusively identify the email as phishing. Once they find such information, then they move to stage three and deal with the email by deleting it or reporting it. I discuss ways this process can fail, and implications for improving training of end users about phishing.

Persuasive Appeals Predict Credibility Judgments of Phishing Messages

Two studies examined effects of using persuasive appeals in phishing messages on judgments of credibility. Participants were tasked with reading a combination of legitimate and phishing e-mails to determine whether each message was legitimate or a scam. In both Study 1 and Study 2, when phishing messages included more appeals to authority and likability, phishing susceptibility increased. However, as the number of fear and urgency appeals in the message increased, phishing susceptibility decreased, as it was easier for participants to detect the phishing attempt. Contrary to prediction, perceived source likability did not mediate the relationship between appeal type and credibility judgments. Results highlight the importance of authority appeals on credibility, describe relationships between appeal type and phishing susceptibility, and offer strategies for users to defend against online deception.