TY - GEN
T1 - Content analysis of persuasion principles in mobile instant message phishing
AU - Ahmad, Rufai
AU - Terzis, Sotirios
AU - Renaud, Karen
N1 - © 2023, IFIP International Federation for Information Processing.
Data availability statement:
Not present.
PY - 2023/7/26
Y1 - 2023/7/26
N2 - The popularity of Mobile Instant Messaging (MIM) Applications (apps) presents cybercriminals with a new venue for sending deceptive messages, known as ‘Phishing’. MIM apps often lack technical safeguards to shield users from these messages. The first step towards developing anti-phishing solutions to identify phishing messages in any attack vector is understanding the nature of the attacks. However, such understanding is lacking for MIM-enabled phishing. This study provides insights into how phishers apply persuasion principles in MIM phishing. Using the deductive content analysis method and Cialdini’s six principles of persuasion, this study identified and analysed 67 examples of real-world MIM phishing attacks from various online sources. Each phishing example was coded to identify the persuasion techniques used and how they were applied. Findings reveal that the principles of social proof, liking, and authority were most widely used in MIM phishing, followed by scarcity and reciprocity. Furthermore, most of the phishing examples contained three persuasion principles, most often a combination of authority, liking, and social proof. These findings provide insights into how phishers execute phishing in MIM apps and provide a theoretical foundation for future research on the psychological aspects of phishing in MIM apps and the development of anti-phishing solutions to identity phishing in MIM.
AB - The popularity of Mobile Instant Messaging (MIM) Applications (apps) presents cybercriminals with a new venue for sending deceptive messages, known as ‘Phishing’. MIM apps often lack technical safeguards to shield users from these messages. The first step towards developing anti-phishing solutions to identify phishing messages in any attack vector is understanding the nature of the attacks. However, such understanding is lacking for MIM-enabled phishing. This study provides insights into how phishers apply persuasion principles in MIM phishing. Using the deductive content analysis method and Cialdini’s six principles of persuasion, this study identified and analysed 67 examples of real-world MIM phishing attacks from various online sources. Each phishing example was coded to identify the persuasion techniques used and how they were applied. Findings reveal that the principles of social proof, liking, and authority were most widely used in MIM phishing, followed by scarcity and reciprocity. Furthermore, most of the phishing examples contained three persuasion principles, most often a combination of authority, liking, and social proof. These findings provide insights into how phishers execute phishing in MIM apps and provide a theoretical foundation for future research on the psychological aspects of phishing in MIM apps and the development of anti-phishing solutions to identity phishing in MIM.
U2 - 10.1007/978-3-031-38530-8_26
DO - 10.1007/978-3-031-38530-8_26
M3 - Conference contribution
AN - SCOPUS:85172704158
SN - 9783031385292
SN - 9783031385322
T3 - IFIP Advances in Information and Communication Technology
SP - 324
EP - 336
BT - Human Aspects of Information Security and Assurance
A2 - Furnell, Steven
A2 - Clarke, Nathan
PB - Springer Science and Business Media Deutschland GmbH
CY - Cham
T2 - 17th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2023
Y2 - 4 July 2023 through 6 July 2023
ER -