Keywords
phishing email, phishing decision-making, user behavior.
Abstract
A phishing email is a crime where a scammer sends an email to get sensitive data. Everyday phishing email attacks impact billions of people worldwide. Preparing users to better identify phishing and avoid risky engagement with it is essential to combat this threat. We consider that as phishing emails and email marketing aim to target email clicks, scammers can use marketing practices in phishing emails to achieve their goals. However, the security research community doesn't explore deeply the similarities between phishing and email marketing. This study presents a distinctive framework known as the Phishing Engagement Marketing Optimization (PEMO). The primary objective of PEMO is to provide practices commonly used in email marketing to be applied to phishing simulations. This work presents the methodology to apply PEMO to phishing simulations and a hypothetical scenario to help understanding. We also determined which PEMO practices have a significant effect on phishing email engagement. To address the research problem, we ran an experiment with 400 participants to evaluate how they engage with 100 emails, where 92 were original emails and 8 were phishing emails. We also collected information about the motive of the decision-making behavior. Results showed that lower-risk participants, classified here as non-offenders, were not able to recognize phishing which applied Usability and Influence or Persuasion and Usability practices. In addition, higher-risk participants, classified here as offenders, increased replied and forwarded engagements with phishing which applied Persuasion practices. This work can help information security specialists better prepare users to avoid risky engagements with phishing attacks that apply marketing practices by designing phishing simulations that leverage those same practices.
Completion Date
2023
Semester
Fall
Committee Chair
Sawyer, Ben D
Degree
Doctor of Philosophy (Ph.D.)
College
College of Engineering and Computer Science
Department
Industrial Engineering and Management Systems
Degree Program
Industrial Engineering and Management Systems
Format
application/pdf
Identifier
DP0028459
Language
English
Release Date
June 2024
Length of Campus-only Access
None
Access Status
Doctoral Dissertation (Open Access)
Campus Location
Orlando (Main) Campus
STARS Citation
Castilho, Erica, "Navigating with Sharks: How the Marketing Practices Help to Create Successful Phishing Emails" (2023). Graduate Thesis and Dissertation 2023-2024. 254.
https://stars.library.ucf.edu/etd2023/254