posted on 2024-12-12, 08:24authored byMaxime Veit, Oliver Wiese, Fabian Lucas Ballreich, Melanie Volkamer, Douglas Engels, Peter Mayer
User deception in emails is still one of the biggest security risks companies and end-users face alike.
Attackers try to mislead their victims when assessing whether emails are dangerous to interact with, e.g.,
by using techniques based on dangerous links, dangerous attachments, or both. In this work, we present a
systematic literature research of deception techniques discussed in the scientific literature of the last decade.
We systematize the deception techniques, focusing on techniques that use misleading sender, link, and/or
attachment information. We identify 23 deception techniques which we classify as either those that email
clients should protect users against (13) and those that email clients cannot protect against and thus should
be addressed in security awareness measures (10). We propose a security rating for the susceptibility of email
clients to these 13 deception techniques and perform an empirical evaluation to analyze the susceptibility of
seven representative email clients (web, mobile apps, desktop apps) to these deception techniques. The results
of our evaluation indicate that most email clients are in need of improvement to defend against the deception
techniques. Hardening email clients against these deception techniques is necessary to increase the resistance against them — without unnecessarily burdening users.
History
Primary Research Area
Empirical and Behavioral Security
CISPA Affiliation
Yes
Journal
Computers & Security
Page Range
104197-104197
Publisher
Elsevier
Open Access Type
Not Open Access
Sub Type
Article
BibTeX
@article{Veit:Wiese:Ballreich:Volkamer:Engels:Mayer:2024,
title = "SoK: The past decade of user deception in emails and today’s email clients’ susceptibility to phishing techniques",
author = "Veit, Maxime" AND "Wiese, Oliver" AND "Ballreich, Fabian Lucas" AND "Volkamer, Melanie" AND "Engels, Douglas" AND "Mayer, Peter",
year = 2024,
month = 11,
journal = "Computers & Security",
pages = "104197--104197",
publisher = "Elsevier",
issn = "0167-4048",
doi = "10.1016/j.cose.2024.104197"
}