Keywords

phishing email, phishing decision-making, user behavior.

Abstract

A phishing email is a crime where a scammer sends an email to get sensitive data. Everyday phishing email attacks impact billions of people worldwide. Preparing users to better identify phishing and avoid risky engagement with it is essential to combat this threat. We consider that as phishing emails and email marketing aim to target email clicks, scammers can use marketing practices in phishing emails to achieve their goals. However, the security research community doesn't explore deeply the similarities between phishing and email marketing. This study presents a distinctive framework known as the Phishing Engagement Marketing Optimization (PEMO). The primary objective of PEMO is to provide practices commonly used in email marketing to be applied to phishing simulations. This work presents the methodology to apply PEMO to phishing simulations and a hypothetical scenario to help understanding. We also determined which PEMO practices have a significant effect on phishing email engagement. To address the research problem, we ran an experiment with 400 participants to evaluate how they engage with 100 emails, where 92 were original emails and 8 were phishing emails. We also collected information about the motive of the decision-making behavior. Results showed that lower-risk participants, classified here as non-offenders, were not able to recognize phishing which applied Usability and Influence or Persuasion and Usability practices. In addition, higher-risk participants, classified here as offenders, increased replied and forwarded engagements with phishing which applied Persuasion practices. This work can help information security specialists better prepare users to avoid risky engagements with phishing attacks that apply marketing practices by designing phishing simulations that leverage those same practices.

Completion Date

2023

Semester

Fall

Committee Chair

Sawyer, Ben D

Degree

Doctor of Philosophy (Ph.D.)

College

College of Engineering and Computer Science

Department

Industrial Engineering and Management Systems

Degree Program

Industrial Engineering and Management Systems

Format

application/pdf

Identifier

DP0028459

Language

English

Release Date

June 2024

Length of Campus-only Access

None

Access Status

Doctoral Dissertation (Open Access)

Campus Location

Orlando (Main) Campus

Share

COinS