What to Phish in a Subject?

  • Ana FerreiraEmail author
  • Rui Chilro
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10323)


Phishing emails have come to stay. They have evolved and adapted to become more sophisticated and targeted so to appear more realistic and, therefore, more effective. But why does a user decide to open such emails? This paper focuses on the content of subject lines from phishing emails, a main piece which can trigger the user into deciding whether to (potentially) become a victim. The authors analyzed 788 subject lines from phishing emails collected over a one year period and found that the most common subject lines pretend to come from government or well known organizations and mostly integrate the authority and distraction principles of persuasion. The majority of subject lines include targeted keywords/expressions that provide the recipient with a feeling of social presence that heightens the realization that a message comes from a trustworthy person. This study shows that a small sentence can go a long way. An email subject line can include a high persuasive power to more successfully grab users’ attention and increase the likelihood of that email being opened and responded to.



The authors would like to thank Professor Richard Clayton for kindly supplying the sample used in this study.

This work was supported by the project “NORTE-01-0145-FEDER-000016” (NanoSTIMA) that is financed by the North Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, and through the European Regional Development Fund (ERDF).


  1. 1.
    Symantec: Internet security threat report. Technical report 21, April 2016.
  2. 2.
    Cloudmark Security Blog: Survey reveals spear phishing as a top security concern to enterprises (2016)Google Scholar
  3. 3.
    Verizon: 2015 data breach iinvestigation report. Technical report (2015).
  4. 4.
    Balakrishnan, R., Parekh, R.: Learning to predict subject-line opens for large-scale email marketing. In: 2014 IEEE International Conference on Big Data (Big Data), pp. 579–584, October 2014Google Scholar
  5. 5.
    Olsen, E.: New phishing research: 5 most dangerous email subjects, top 10 hosting countries. Technical report, Websense Security Labs (2013).
  6. 6.
    Hamid, A., Kim, T.-H.: Using feature selection and classification scheme for automating phishing email detection. Stud. Inf. Control 22(1), 61–70 (2013). ISSN 1220-1766Google Scholar
  7. 7.
    Islam, R., Abawajy, J.: A multi-tier phishing detection and filtering approach. J. Netw. Comput. Appl. 36(1), 324–335 (2013)CrossRefGoogle Scholar
  8. 8.
    Vishwanath, A., Herath, T., Chen, R., Wang, J., Rao, H.R.: Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model. Decis. Support Syst. 51(3), 576–586 (2011)CrossRefGoogle Scholar
  9. 9.
    Harrison, B., Vishwanath, A., Jie, N., Ragov, R.: Examining the impact of presence on individual phishing victimization. In: Hawaii International Conference on System Sciences (2015)Google Scholar
  10. 10.
    Jakobsson, M., Tsow, A., Shah, A., Blevis, E., Lim, Y.-K.: What instills trust? A qualitative study of phishing. In: Dietrich, S., Dhamija, R. (eds.) FC 2007. LNCS, vol. 4886, pp. 356–361. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  11. 11.
    Sappleton, N., Lourenco, F.: Email subject lines and response rates to invitations to participate in a web survey and a face-to-face interview: the sound of silence. Int. J. Soc. Res. Methodol. 19(5), 611–622 (2016)CrossRefGoogle Scholar
  12. 12.
    Jones, S., Payne, S., Hicks, B., Gopsill, J., Snider, C.: Subject lines as sensors: co-word analysis of email to support the management of collaborative engineering work. In: International Conference on Engineering Design 2015 (ICED 2015), July 2015Google Scholar
  13. 13.
    Jakobsson, M.: Understanding Social Engineering Based Scams. Springer, New York (2016). CrossRefGoogle Scholar
  14. 14.
    Ferreira, A., Coventry, L., Lenzini, G.: Principles of persuasion in social engineering and their use in phishing. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 36–47. Springer, Cham (2015). CrossRefGoogle Scholar
  15. 15.
    Cialdini, R.B.: Influence: The Psychology of Persuasion (Revision Edition). Harper Business (2007)Google Scholar
  16. 16.
    Gragg, D.: A multi-level defense against social engineering. Technical report, SANS Institute - InfoSec Reading Room (2003)Google Scholar
  17. 17.
    Stajano, F., Wilson, P.: Understanding scam victims: seven principles for systems security. Commun. ACM 54(3), 70–75 (2011)CrossRefGoogle Scholar
  18. 18. Text analyzer.
  19. 19.
    Minsky, M.: Telepresence. OMNI Mag. 3, 45–51 (1980)Google Scholar

Copyright information

© International Financial Cryptography Association 2017

Authors and Affiliations

  1. 1.CINTESIS - Center for Health Technologies and Services Research, Faculty of MedicineUniversity of PortoPortoPortugal
  2. 2.Universidade DigitalUniversity of PortoPortoPortugal

Personalised recommendations