-
Quantifying Psychological Sophistication of Malicious Emails
Authors:
Theodore Longtchi,
Rosana MontaƱez Rodriguez,
Kora Gwartney,
Ekzhin Ear,
David P. Azari,
Christopher P. Kelley,
Shouhuai Xu
Abstract:
Malicious emails including Phishing, Spam, and Scam are one significant class of cyber social engineering attacks. Despite numerous defenses to counter them, the problem remains largely open. The ineffectiveness of current defenses can be attributed to our superficial understanding of the psychological properties that make these attacks successful. This problem motivates us to investigate the psyc…
▽ More
Malicious emails including Phishing, Spam, and Scam are one significant class of cyber social engineering attacks. Despite numerous defenses to counter them, the problem remains largely open. The ineffectiveness of current defenses can be attributed to our superficial understanding of the psychological properties that make these attacks successful. This problem motivates us to investigate the psychological sophistication, or sophistication for short, of malicious emails. We propose an innovative framework that accommodates two important and complementary aspects of sophistication, dubbed Psychological Techniques, PTechs, and Psychological Tactics, PTacs. We propose metrics and grading rules for human experts to assess the sophistication of malicious emails via the lens of these PTechs and PTacs. To demonstrate the usefulness of the framework, we conduct a case study based on 1,036 malicious emails assessed by four independent graders. Our results show that malicious emails are psychologically sophisticated, while exhibiting both commonalities and different patterns in terms of their PTechs and PTacs. Results also show that previous studies might have focused on dealing with the less proliferated PTechs such as Persuasion and PTacs such as Reward, rather than the most proliferated PTechs such as Attention Grabbing and Impersonation, and PTacs such as Fit and Form and Familiarity that are identified in this study. We also found among others that social events are widely exploited by attackers in contextualizing their malicious emails. These findings could be leveraged to guide the design of effective defenses against malicious emails.
△ Less
Submitted 22 August, 2024;
originally announced August 2024.
-
Characterizing the Evolution of Psychological Tactics and Techniques Exploited by Malicious Emails
Authors:
Theodore Longtchi,
Shouhuai Xu
Abstract:
The landscape of malicious emails and cyber social engineering attacks in general are constantly evolving. In order to design effective defenses against these attacks, we must deeply understand the Psychological Tactics, PTacs, and Psychological Techniques, PTechs, that are exploited by these attacks. In this paper we present a methodology for characterizing the evolution of PTacs and PTechs explo…
▽ More
The landscape of malicious emails and cyber social engineering attacks in general are constantly evolving. In order to design effective defenses against these attacks, we must deeply understand the Psychological Tactics, PTacs, and Psychological Techniques, PTechs, that are exploited by these attacks. In this paper we present a methodology for characterizing the evolution of PTacs and PTechs exploited by malicious emails. As a case study, we apply the methodology to a real-world dataset. This leads to a number insights, such as which PTacs or PTechs are more often exploited than others. These insights shed light on directions for future research towards designing psychologically-principled solutions to effectively counter malicious emails.
△ Less
Submitted 21 August, 2024;
originally announced August 2024.
-
Characterizing the Evolution of Psychological Factors Exploited by Malicious Emails
Authors:
Theodore Longtchi,
Shouhuai Xu
Abstract:
Cyber attacks, including cyber social engineering attacks, such as malicious emails, are always evolving with time. Thus, it is important to understand their evolution. In this paper we characterize the evolution of malicious emails through the lens of Psychological Factors, PFs, which are humans psychological attributes that can be exploited by malicious emails. That is, attackers who send them.…
▽ More
Cyber attacks, including cyber social engineering attacks, such as malicious emails, are always evolving with time. Thus, it is important to understand their evolution. In this paper we characterize the evolution of malicious emails through the lens of Psychological Factors, PFs, which are humans psychological attributes that can be exploited by malicious emails. That is, attackers who send them. For this purpose, we propose a methodology and apply it to conduct a case study on 1,260 malicious emails over a span of 21 years, 2004 to 2024. Our findings include attackers have been constantly seeking to exploit many PFs, especially the ones that reflect human traits. Attackers have been increasingly exploiting 9 PFs and mostly in an implicit or stealthy fashion. Some PFs are often exploited together. These insights shed light on how to design future defenses against malicious emails.
△ Less
Submitted 21 August, 2024;
originally announced August 2024.
-
Internet-based Social Engineering Attacks, Defenses and Psychology: A Survey
Authors:
Theodore Longtchi,
Rosana MontaƱez Rodriguez,
Laith Al-Shawaf,
Adham Atyabi,
Shouhuai Xu
Abstract:
Social engineering attacks are a major cyber threat because they often serve as a first step for an attacker to break into an otherwise well-defended network, steal victims' credentials, and cause financial losses. The problem has received due amount of attention with many publications proposing defenses against them. Despite this, the situation has not improved. In this paper, we aim to understan…
▽ More
Social engineering attacks are a major cyber threat because they often serve as a first step for an attacker to break into an otherwise well-defended network, steal victims' credentials, and cause financial losses. The problem has received due amount of attention with many publications proposing defenses against them. Despite this, the situation has not improved. In this paper, we aim to understand and explain this phenomenon by looking into the root cause of the problem. To this end, we examine the literature on attacks and defenses through a unique lens we propose -- {\em psychological factors (PFs) and techniques (PTs)}. We find that there is a big discrepancy between attacks and defenses: Attacks have deliberately exploited PFs by leveraging PTs, but defenses rarely take either of these into consideration, preferring technical solutions. This explains why existing defenses have achieved limited success. This prompts us to propose a roadmap for a more systematic approach towards designing effective defenses against social engineering attacks.
△ Less
Submitted 1 August, 2022; v1 submitted 15 March, 2022;
originally announced March 2022.
