A phishing email is a crime where a scammer sends an email to get sensitive data. Everyday phishing email attacks impact billions of people worldwide. Preparing users to better identify phishing and avoid risky engagement with it is essential to combat this threat. We consider that as phishing emails and email marketing aim to target email clicks, scammers can use marketing practices in phishing emails to achieve their goals. However, the security research community doesn't explore deeply the similarities between phishing and email marketing. This study presents a distinctive framework known as the Phishing Engagement Marketing Optimization (PEMO). The primary objective of PEMO is to provide practices commonly used in email marketing to be applied to phishing simulations. This work presents the methodology to apply PEMO to phishing simulations and a hypothetical scenario to help understanding. We also determined which PEMO practices have a significant effect on phishing email engagement. To address the research problem, we ran an experiment with 400 participants to evaluate how they engage with 100 emails, where 92 were original emails and 8 were phishing emails. We also collected information about the motive of the decision-making behavior. Results showed that lower-risk participants, classified here as non-offenders, were not able to recognize phishing which applied Usability and Influence or Persuasion and Usability practices. In addition, higher-risk participants, classified here as offenders, increased replied and forwarded engagements with phishing which applied Persuasion practices. This work can help information security specialists better prepare users to avoid risky engagements with phishing attacks that apply marketing practices by designing phishing simulations that leverage those same practices.
Identifer | oai:union.ndltd.org:ucf.edu/oai:stars.library.ucf.edu:etd2023-1014 |
Date | 01 January 2023 |
Creators | Castilho, Erica |
Publisher | STARS |
Source Sets | University of Central Florida |
Language | English |
Detected Language | English |
Type | text |
Format | application/pdf |
Source | Graduate Thesis and Dissertation 2023-2024 |
Page generated in 0.0023 seconds