The Pragmatics of Credential Phishing Email Scams

The Pragmatics of Credential Phishing Email Scams

Peter Zillmann

Since 2012 much research has studied email-based phishing, but fewer studies have approached it from a pragmatic linguistic perspective, and none have focused on credential phishing. This paper compares 200 English-language email messages from two corpora: the University Scams Email Corpus and the Enron Corpus, using discourse analysis to assess and categorize the pragmatic methods used by criminals in credential phishing messages. Literature on current phishing defenses is reviewed, as is literature on the pragmatics, deception, and persuasion techniques used in credential phishing. We analyze the pragmatic methods by which criminals disguise their motives to avoid detection by electronic anti-phishing countermeasures and to avoid the suspicion of the potential victims who receive of those messages. Credential phishing tactics include disguising a message as an alert of a message waiting, a warning of a tech upgrade, or a password expiration notification. Techniques include impersonation, fatigue, bafflement, and urgency. Analysis of the pragmatic strategies employed by cybercriminals, and the expressed motives in phishing messages, can improve detection methods to prevent tens of millions in cybercrime losses annually, and can enhance the online safety of email users. Avenues for further research are suggested, as are ways to adapt in response to a changing cybercrime landscape.

April 15, 2024 - Posted by schrisomalis | abstract