What to Phish in a Subject?
Phishing emails have come to stay. They have evolved and adapted to become more sophisticated and targeted so to appear more realistic and, therefore, more effective. But why does a user decide to open such emails? This paper focuses on the content of subject lines from phishing emails, a main piece which can trigger the user into deciding whether to (potentially) become a victim. The authors analyzed 788 subject lines from phishing emails collected over a one year period and found that the most common subject lines pretend to come from government or well known organizations and mostly integrate the authority and distraction principles of persuasion. The majority of subject lines include targeted keywords/expressions that provide the recipient with a feeling of social presence that heightens the realization that a message comes from a trustworthy person. This study shows that a small sentence can go a long way. An email subject line can include a high persuasive power to more successfully grab users’ attention and increase the likelihood of that email being opened and responded to.
The authors would like to thank Professor Richard Clayton for kindly supplying the sample used in this study.
This work was supported by the project “NORTE-01-0145-FEDER-000016” (NanoSTIMA) that is financed by the North Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, and through the European Regional Development Fund (ERDF).
- 1.Symantec: Internet security threat report. Technical report 21, April 2016. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf
- 2.Cloudmark Security Blog: Survey reveals spear phishing as a top security concern to enterprises (2016)Google Scholar
- 3.Verizon: 2015 data breach iinvestigation report. Technical report (2015). https://msisac.cisecurity.org/whitepaper/documents/1.pdf
- 4.Balakrishnan, R., Parekh, R.: Learning to predict subject-line opens for large-scale email marketing. In: 2014 IEEE International Conference on Big Data (Big Data), pp. 579–584, October 2014Google Scholar
- 5.Olsen, E.: New phishing research: 5 most dangerous email subjects, top 10 hosting countries. Technical report, Websense Security Labs (2013). https://blogs.forcepoint.com/security-labs/new-phishing-research-5-most-dangerous-email-subjects-top-10-hosting-countries-0
- 6.Hamid, A., Kim, T.-H.: Using feature selection and classification scheme for automating phishing email detection. Stud. Inf. Control 22(1), 61–70 (2013). ISSN 1220-1766Google Scholar
- 9.Harrison, B., Vishwanath, A., Jie, N., Ragov, R.: Examining the impact of presence on individual phishing victimization. In: Hawaii International Conference on System Sciences (2015)Google Scholar
- 12.Jones, S., Payne, S., Hicks, B., Gopsill, J., Snider, C.: Subject lines as sensors: co-word analysis of email to support the management of collaborative engineering work. In: International Conference on Engineering Design 2015 (ICED 2015), July 2015Google Scholar
- 15.Cialdini, R.B.: Influence: The Psychology of Persuasion (Revision Edition). Harper Business (2007)Google Scholar
- 16.Gragg, D.: A multi-level defense against social engineering. Technical report, SANS Institute - InfoSec Reading Room (2003)Google Scholar
- 18.Online-Utility.org: Text analyzer. https://www.online-utility.org/text/analyzer.jsp
- 19.Minsky, M.: Telepresence. OMNI Mag. 3, 45–51 (1980)Google Scholar