CISPA
Browse

SoK: The past decade of user deception in emails and today’s email clients’ susceptibility to phishing techniques

Download (5.6 MB)
journal contribution
posted on 2024-12-12, 08:24 authored by Maxime Veit, Oliver Wiese, Fabian Lucas Ballreich, Melanie Volkamer, Douglas Engels, Peter Mayer
User deception in emails is still one of the biggest security risks companies and end-users face alike. Attackers try to mislead their victims when assessing whether emails are dangerous to interact with, e.g., by using techniques based on dangerous links, dangerous attachments, or both. In this work, we present a systematic literature research of deception techniques discussed in the scientific literature of the last decade. We systematize the deception techniques, focusing on techniques that use misleading sender, link, and/or attachment information. We identify 23 deception techniques which we classify as either those that email clients should protect users against (13) and those that email clients cannot protect against and thus should be addressed in security awareness measures (10). We propose a security rating for the susceptibility of email clients to these 13 deception techniques and perform an empirical evaluation to analyze the susceptibility of seven representative email clients (web, mobile apps, desktop apps) to these deception techniques. The results of our evaluation indicate that most email clients are in need of improvement to defend against the deception techniques. Hardening email clients against these deception techniques is necessary to increase the resistance against them — without unnecessarily burdening users.

History

Primary Research Area

  • Empirical and Behavioral Security

CISPA Affiliation

  • Yes

Journal

Computers & Security

Page Range

104197-104197

Publisher

Elsevier

Open Access Type

  • Not Open Access

Sub Type

  • Article

BibTeX

@article{Veit:Wiese:Ballreich:Volkamer:Engels:Mayer:2024, title = "SoK: The past decade of user deception in emails and today’s email clients’ susceptibility to phishing techniques", author = "Veit, Maxime" AND "Wiese, Oliver" AND "Ballreich, Fabian Lucas" AND "Volkamer, Melanie" AND "Engels, Douglas" AND "Mayer, Peter", year = 2024, month = 11, journal = "Computers & Security", pages = "104197--104197", publisher = "Elsevier", issn = "0167-4048", doi = "10.1016/j.cose.2024.104197" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC