The Pragmatics of Credential Phishing Email Scams
The Pragmatics of Credential Phishing Email Scams
Peter Zillmann
Since 2012 much research has studied email-based phishing, but fewer studies have approached it from a pragmatic linguistic perspective, and none have focused on credential phishing. This paper compares 200 English-language email messages from two corpora: the University Scams Email Corpus and the Enron Corpus, using discourse analysis to assess and categorize the pragmatic methods used by criminals in credential phishing messages. Literature on current phishing defenses is reviewed, as is literature on the pragmatics, deception, and persuasion techniques used in credential phishing. We analyze the pragmatic methods by which criminals disguise their motives to avoid detection by electronic anti-phishing countermeasures and to avoid the suspicion of the potential victims who receive of those messages. Credential phishing tactics include disguising a message as an alert of a message waiting, a warning of a tech upgrade, or a password expiration notification. Techniques include impersonation, fatigue, bafflement, and urgency. Analysis of the pragmatic strategies employed by cybercriminals, and the expressed motives in phishing messages, can improve detection methods to prevent tens of millions in cybercrime losses annually, and can enhance the online safety of email users. Avenues for further research are suggested, as are ways to adapt in response to a changing cybercrime landscape.
No comments yet.
-
Archives
- April 2024 (23)
- April 2022 (20)
- April 2021 (14)
- April 2020 (22)
- April 2019 (15)
- April 2018 (15)
- April 2017 (25)
- April 2016 (22)
- April 2015 (30)
- April 2014 (19)
- April 2013 (23)
- April 2012 (15)
-
Categories
-
RSS
Entries RSS
Comments RSS
Leave a comment