Quantifying Psychological Sophistication of Malicious Emails

Quantifying Psychological Sophistication of Malicious Emails

Malicious emails (including Phishing, Spam, and Scam) are one significant class of cyber social engineering attacks. Despite numerous defenses to counter them, the problem remains largely open. The ineffectiveness of current defenses can be attributed to our superficial understanding of the psycholo...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE access 2024, Vol.12, p.187512-187535
Hauptverfasser: Tangie Longtchi, Theodore, Montanez Rodriguez, Rosana, Gwartney, Kora, Ear, Ekzhin, Azari, David P., Kelley, Christopher P., Xu, Shouhuai
Format: Artikel
Sprache:eng
Schlagworte:
cyber social engineering attacks
Cybersecurity metrics
Electronic mail
malicious emails
Measurement
Phishing
Prevention and mitigation
psychological factors
psychological sophistication
psychological tactics
psychological techniques
Psychology
Systematics
Uniform resource locators
Unsolicited e-mail
Visualization
Weapons
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 187535
container_issue
container_start_page 187512
container_title IEEE access
container_volume 12
creator Tangie Longtchi, Theodore
Montanez Rodriguez, Rosana
Gwartney, Kora
Ear, Ekzhin
Azari, David P.
Kelley, Christopher P.
Xu, Shouhuai
description Malicious emails (including Phishing, Spam, and Scam) are one significant class of cyber social engineering attacks. Despite numerous defenses to counter them, the problem remains largely open. The ineffectiveness of current defenses can be attributed to our superficial understanding of the psychological properties that make these attacks successful. This problem motivates us to investigate the psychological sophistication, or sophistication for short, of malicious emails. We propose an innovative framework that accommodates two important and complementary aspects of sophistication, dubbed Psychological Techniques (PTechs) and Psychological Tactics (PTacs). We propose metrics and grading rules for human experts to assess the sophistication of malicious emails via the lens of these PTechs and PTacs. To demonstrate the usefulness of the framework, we conduct a case study based on 1,036 malicious emails assessed by four independent graders. Our results show that malicious emails are psychologically sophisticated, while exhibiting both commonalities and different patterns in terms of their PTechs and PTacs. Results also show that previous studies might have focused on dealing with the less proliferated PTechs (e.g., Persuasion) and PTacs (e.g., Reward ), rather than the most proliferated PTechs (e.g., Attention Grabbing and Impersonation) and PTacs (e.g., Fit & Form and Familiarity )) that are identified in this study. We also found among others that social events are widely exploited by attackers in contextualizing their malicious emails. These findings could be leveraged to guide the design of effective defenses against malicious emails.
doi_str_mv 10.1109/ACCESS.2024.3514603
format Article
fullrecord <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_10788677</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10788677</ieee_id><doaj_id>oai_doaj_org_article_09b6f5e2478d49cc83f2c5300a16ff67</doaj_id><sourcerecordid>3146587134</sourcerecordid><originalsourceid>FETCH-LOGICAL-c2043-b12bfd0fc27f9d983a0153b568bce0b9bc94ea17f39646db249747107e299dbd3</originalsourceid><addsrcrecordid>eNpNkE1LAzEQhhdRsNT-Aj0seN6ar80HeCmlaqGiUj2HJJu0KdtN3ewe-u9N3SLOZYaXed8Zniy7hWAKIRAPs_l8sV5PEUBkiktIKMAX2QhBKgpcYnr5b77OJjHuQCqepJKNssePXjWdd0ffbPL3eDTbUIeNN6rO1-Gw9bFLc-dDkweXv6raGx_6mC_2ytfxJrtyqo52cu7j7Otp8Tl_KVZvz8v5bFUYBAguNETaVcAZxJyoBMcKwBLrknJtLNBCG0GsgsxhQQmtNCKCEQYBs0iISld4nC2H3CqonTy0fq_aowzKy18htBup2vRobSUQmrrSIsJ4RYQxHDtkSgyAgtQ5ylLW_ZB1aMN3b2Mnd6Fvm_S-xIldyRnEJG3hYcu0IcbWur-rEMgTdTlQlyfq8kw9ue4Gl7fW_nMwzilj-Ae3F30O</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3146587134</pqid></control><display><type>article</type><title>Quantifying Psychological Sophistication of Malicious Emails</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Tangie Longtchi, Theodore ; Montanez Rodriguez, Rosana ; Gwartney, Kora ; Ear, Ekzhin ; Azari, David P. ; Kelley, Christopher P. ; Xu, Shouhuai</creator><creatorcontrib>Tangie Longtchi, Theodore ; Montanez Rodriguez, Rosana ; Gwartney, Kora ; Ear, Ekzhin ; Azari, David P. ; Kelley, Christopher P. ; Xu, Shouhuai</creatorcontrib><description>Malicious emails (including Phishing, Spam, and Scam) are one significant class of cyber social engineering attacks. Despite numerous defenses to counter them, the problem remains largely open. The ineffectiveness of current defenses can be attributed to our superficial understanding of the psychological properties that make these attacks successful. This problem motivates us to investigate the psychological sophistication, or sophistication for short, of malicious emails. We propose an innovative framework that accommodates two important and complementary aspects of sophistication, dubbed Psychological Techniques (PTechs) and Psychological Tactics (PTacs). We propose metrics and grading rules for human experts to assess the sophistication of malicious emails via the lens of these PTechs and PTacs. To demonstrate the usefulness of the framework, we conduct a case study based on 1,036 malicious emails assessed by four independent graders. Our results show that malicious emails are psychologically sophisticated, while exhibiting both commonalities and different patterns in terms of their PTechs and PTacs. Results also show that previous studies might have focused on dealing with the less proliferated PTechs (e.g., Persuasion) and PTacs (e.g., Reward ), rather than the most proliferated PTechs (e.g., Attention Grabbing and Impersonation) and PTacs (e.g., Fit &amp; Form and Familiarity )) that are identified in this study. We also found among others that social events are widely exploited by attackers in contextualizing their malicious emails. These findings could be leveraged to guide the design of effective defenses against malicious emails.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2024.3514603</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>cyber social engineering attacks ; Cybersecurity metrics ; Electronic mail ; malicious emails ; Measurement ; Phishing ; Prevention and mitigation ; psychological factors ; psychological sophistication ; psychological tactics ; psychological techniques ; Psychology ; Systematics ; Uniform resource locators ; Unsolicited e-mail ; Visualization ; Weapons</subject><ispartof>IEEE access, 2024, Vol.12, p.187512-187535</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2024</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c2043-b12bfd0fc27f9d983a0153b568bce0b9bc94ea17f39646db249747107e299dbd3</cites><orcidid>0000-0001-8034-0942 ; 0000-0002-9156-050X ; 0009-0000-5110-2371</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10788677$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,776,780,860,2096,4010,27610,27900,27901,27902,54908</link.rule.ids></links><search><creatorcontrib>Tangie Longtchi, Theodore</creatorcontrib><creatorcontrib>Montanez Rodriguez, Rosana</creatorcontrib><creatorcontrib>Gwartney, Kora</creatorcontrib><creatorcontrib>Ear, Ekzhin</creatorcontrib><creatorcontrib>Azari, David P.</creatorcontrib><creatorcontrib>Kelley, Christopher P.</creatorcontrib><creatorcontrib>Xu, Shouhuai</creatorcontrib><title>Quantifying Psychological Sophistication of Malicious Emails</title><title>IEEE access</title><addtitle>Access</addtitle><description>Malicious emails (including Phishing, Spam, and Scam) are one significant class of cyber social engineering attacks. Despite numerous defenses to counter them, the problem remains largely open. The ineffectiveness of current defenses can be attributed to our superficial understanding of the psychological properties that make these attacks successful. This problem motivates us to investigate the psychological sophistication, or sophistication for short, of malicious emails. We propose an innovative framework that accommodates two important and complementary aspects of sophistication, dubbed Psychological Techniques (PTechs) and Psychological Tactics (PTacs). We propose metrics and grading rules for human experts to assess the sophistication of malicious emails via the lens of these PTechs and PTacs. To demonstrate the usefulness of the framework, we conduct a case study based on 1,036 malicious emails assessed by four independent graders. Our results show that malicious emails are psychologically sophisticated, while exhibiting both commonalities and different patterns in terms of their PTechs and PTacs. Results also show that previous studies might have focused on dealing with the less proliferated PTechs (e.g., Persuasion) and PTacs (e.g., Reward ), rather than the most proliferated PTechs (e.g., Attention Grabbing and Impersonation) and PTacs (e.g., Fit &amp; Form and Familiarity )) that are identified in this study. We also found among others that social events are widely exploited by attackers in contextualizing their malicious emails. These findings could be leveraged to guide the design of effective defenses against malicious emails.</description><subject>cyber social engineering attacks</subject><subject>Cybersecurity metrics</subject><subject>Electronic mail</subject><subject>malicious emails</subject><subject>Measurement</subject><subject>Phishing</subject><subject>Prevention and mitigation</subject><subject>psychological factors</subject><subject>psychological sophistication</subject><subject>psychological tactics</subject><subject>psychological techniques</subject><subject>Psychology</subject><subject>Systematics</subject><subject>Uniform resource locators</subject><subject>Unsolicited e-mail</subject><subject>Visualization</subject><subject>Weapons</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNkE1LAzEQhhdRsNT-Aj0seN6ar80HeCmlaqGiUj2HJJu0KdtN3ewe-u9N3SLOZYaXed8Zniy7hWAKIRAPs_l8sV5PEUBkiktIKMAX2QhBKgpcYnr5b77OJjHuQCqepJKNssePXjWdd0ffbPL3eDTbUIeNN6rO1-Gw9bFLc-dDkweXv6raGx_6mC_2ytfxJrtyqo52cu7j7Otp8Tl_KVZvz8v5bFUYBAguNETaVcAZxJyoBMcKwBLrknJtLNBCG0GsgsxhQQmtNCKCEQYBs0iISld4nC2H3CqonTy0fq_aowzKy18htBup2vRobSUQmrrSIsJ4RYQxHDtkSgyAgtQ5ylLW_ZB1aMN3b2Mnd6Fvm_S-xIldyRnEJG3hYcu0IcbWur-rEMgTdTlQlyfq8kw9ue4Gl7fW_nMwzilj-Ae3F30O</recordid><startdate>2024</startdate><enddate>2024</enddate><creator>Tangie Longtchi, Theodore</creator><creator>Montanez Rodriguez, Rosana</creator><creator>Gwartney, Kora</creator><creator>Ear, Ekzhin</creator><creator>Azari, David P.</creator><creator>Kelley, Christopher P.</creator><creator>Xu, Shouhuai</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0001-8034-0942</orcidid><orcidid>https://orcid.org/0000-0002-9156-050X</orcidid><orcidid>https://orcid.org/0009-0000-5110-2371</orcidid></search><sort><creationdate>2024</creationdate><title>Quantifying Psychological Sophistication of Malicious Emails</title><author>Tangie Longtchi, Theodore ; Montanez Rodriguez, Rosana ; Gwartney, Kora ; Ear, Ekzhin ; Azari, David P. ; Kelley, Christopher P. ; Xu, Shouhuai</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c2043-b12bfd0fc27f9d983a0153b568bce0b9bc94ea17f39646db249747107e299dbd3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>cyber social engineering attacks</topic><topic>Cybersecurity metrics</topic><topic>Electronic mail</topic><topic>malicious emails</topic><topic>Measurement</topic><topic>Phishing</topic><topic>Prevention and mitigation</topic><topic>psychological factors</topic><topic>psychological sophistication</topic><topic>psychological tactics</topic><topic>psychological techniques</topic><topic>Psychology</topic><topic>Systematics</topic><topic>Uniform resource locators</topic><topic>Unsolicited e-mail</topic><topic>Visualization</topic><topic>Weapons</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Tangie Longtchi, Theodore</creatorcontrib><creatorcontrib>Montanez Rodriguez, Rosana</creatorcontrib><creatorcontrib>Gwartney, Kora</creatorcontrib><creatorcontrib>Ear, Ekzhin</creatorcontrib><creatorcontrib>Azari, David P.</creatorcontrib><creatorcontrib>Kelley, Christopher P.</creatorcontrib><creatorcontrib>Xu, Shouhuai</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Tangie Longtchi, Theodore</au><au>Montanez Rodriguez, Rosana</au><au>Gwartney, Kora</au><au>Ear, Ekzhin</au><au>Azari, David P.</au><au>Kelley, Christopher P.</au><au>Xu, Shouhuai</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Quantifying Psychological Sophistication of Malicious Emails</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2024</date><risdate>2024</risdate><volume>12</volume><spage>187512</spage><epage>187535</epage><pages>187512-187535</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Malicious emails (including Phishing, Spam, and Scam) are one significant class of cyber social engineering attacks. Despite numerous defenses to counter them, the problem remains largely open. The ineffectiveness of current defenses can be attributed to our superficial understanding of the psychological properties that make these attacks successful. This problem motivates us to investigate the psychological sophistication, or sophistication for short, of malicious emails. We propose an innovative framework that accommodates two important and complementary aspects of sophistication, dubbed Psychological Techniques (PTechs) and Psychological Tactics (PTacs). We propose metrics and grading rules for human experts to assess the sophistication of malicious emails via the lens of these PTechs and PTacs. To demonstrate the usefulness of the framework, we conduct a case study based on 1,036 malicious emails assessed by four independent graders. Our results show that malicious emails are psychologically sophisticated, while exhibiting both commonalities and different patterns in terms of their PTechs and PTacs. Results also show that previous studies might have focused on dealing with the less proliferated PTechs (e.g., Persuasion) and PTacs (e.g., Reward ), rather than the most proliferated PTechs (e.g., Attention Grabbing and Impersonation) and PTacs (e.g., Fit &amp; Form and Familiarity )) that are identified in this study. We also found among others that social events are widely exploited by attackers in contextualizing their malicious emails. These findings could be leveraged to guide the design of effective defenses against malicious emails.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2024.3514603</doi><tpages>24</tpages><orcidid>https://orcid.org/0000-0001-8034-0942</orcidid><orcidid>https://orcid.org/0000-0002-9156-050X</orcidid><orcidid>https://orcid.org/0009-0000-5110-2371</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2169-3536
ispartof IEEE access, 2024, Vol.12, p.187512-187535
issn 2169-3536
2169-3536
language eng
recordid cdi_ieee_primary_10788677
source IEEE Open Access Journals; DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
subjects cyber social engineering attacks
Cybersecurity metrics
Electronic mail
malicious emails
Measurement
Phishing
Prevention and mitigation
psychological factors
psychological sophistication
psychological tactics
psychological techniques
Psychology
Systematics
Uniform resource locators
Unsolicited e-mail
Visualization
Weapons
title Quantifying Psychological Sophistication of Malicious Emails
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-05T05%3A24%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Quantifying%20Psychological%20Sophistication%20of%20Malicious%20Emails&rft.jtitle=IEEE%20access&rft.au=Tangie%20Longtchi,%20Theodore&rft.date=2024&rft.volume=12&rft.spage=187512&rft.epage=187535&rft.pages=187512-187535&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2024.3514603&rft_dat=%3Cproquest_ieee_%3E3146587134%3C/proquest_ieee_%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=3146587134&rft_id=info:pmid/&rft_ieee_id=10788677&rft_doaj_id=oai_doaj_org_article_09b6f5e2478d49cc83f2c5300a16ff67&rfr_iscdi=true