Exposing the Phish: The Effect of Persuasion Techniques in Phishing E-Mails

Koddebusch, Michael


Abstract

With ever-increasing amounts of data collected from citizens and businesses in Smart City environments, public administration agencies manifest their position as central data holders. However, this great ownership of data makes them a target of cybercriminals on the hunt for illicit enrichment. The predominantly used type of cybercrime is phishing and increasingly spear phishing, a more personal, target-oriented kind of phishing. Such attacks make use of so-called persuasion techniques to lure their victims. In this study, four persuasion techniques, namely Authority, Urgency, Danger and Benefit, were tested for effectiveness in a two-phased field experiment cooperating with four German municipalities. In total, 3452 fake phishing e-mails were sent to 1276 public officials. Results show that the persuasion technique of Authority has worked best and therefore presumably poses the biggest threat to the information integrity of public sector agencies, followed by Urgency, Benefit and Danger. Additionally, the study provides insight on the potential impact of the effects of constant exposure to phishing and shows that the degree of domain-specificity of attacks impacts the susceptibility of victims.

Keywords
smart city; phishing; spear phishing; persuasion techniques; human error; cybersecurity; experiment



Publication type
Forschungsartikel in Sammelband (Konferenz)

Peer reviewed
Yes

Publication status
Published

Year
2022

Conference
dgo. 2022: 23rd Annual International Conference on Digital Government Research

Venue
Seoul

Book title
Proceedings of the 23rd Annual International Conference on Digital Government Research (DG.O 2022)

Editor
Hagen, Loni; Solvak, Mihkel; Hwang Sungsoo

Start page
78

End page
87

Volume
23

Title of series
Intelligent Technologies, Governments and Citizens

Publisher
Association for Computing Machinery

Place
New York

Language
English

ISBN
978-1-4503-9749-0

DOI