Phishing emails exploit various psychological strategies, yet little is known about how different categories of such tactics affect user detection accuracy. In this study, we evaluated the user performance in identifying phishing emails that employ various psychological manipulation techniques. We classify phishing emails into five categories based on well-established behavioral frameworks and conduct a user study with 55 participants to assess the detection accuracy in these categories. The results reveal significant variations in human performance. Participants are more accurate in detecting phishing emails that attempt to create pressure on the reader suggesting other recipients have acted similarly. In contrast, phishing emails that exploit emotions and mimic familiar individuals using casual language or personal cues are harder to detect. Our findings highlight the need for category-specific phishing awareness strategies to help users recognize and respond to the most deceptive email types. This study informs the development of human-centered cybersecurity interventions, educational tools, and detection systems to capture the psychological tactics used in phishing attempts, thus improving both safety and security.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Trick or Treat: A Study of Human Detection of Manipulative Tactics in Phishing Emails

  • Arifa Islam Champa,
  • Md Fazle Rabbi,
  • Farjana Eishita,
  • Minhaz Zibran

摘要

Phishing emails exploit various psychological strategies, yet little is known about how different categories of such tactics affect user detection accuracy. In this study, we evaluated the user performance in identifying phishing emails that employ various psychological manipulation techniques. We classify phishing emails into five categories based on well-established behavioral frameworks and conduct a user study with 55 participants to assess the detection accuracy in these categories. The results reveal significant variations in human performance. Participants are more accurate in detecting phishing emails that attempt to create pressure on the reader suggesting other recipients have acted similarly. In contrast, phishing emails that exploit emotions and mimic familiar individuals using casual language or personal cues are harder to detect. Our findings highlight the need for category-specific phishing awareness strategies to help users recognize and respond to the most deceptive email types. This study informs the development of human-centered cybersecurity interventions, educational tools, and detection systems to capture the psychological tactics used in phishing attempts, thus improving both safety and security.