Content analysis of persuasion principles in mobile instant message phishing

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

1 Citation (Scopus)

Abstract

The popularity of Mobile Instant Messaging (MIM) Applications (apps) presents cybercriminals with a new venue for sending deceptive messages, known as 'Phishing'. MIM apps often lack technical safeguards to shield users from these messages. The first step towards developing anti-phishing solutions to identify phishing messages in any attack vector is understanding the nature of the attacks. However, such understanding is lacking for MIM-enabled phishing. This study provides insights into how phishers apply persuasion principles in MIM phishing. Using the deductive content analysis method and Cialdini's six principles of persuasion, this study identified and analysed 67 examples of real-world MIM phishing attacks from various online sources. Each phishing example was coded to identify the persuasion techniques used and how they were applied. Findings revealed that the principles of social proof, liking, and authority were most widely used in MIM phishing, followed by scarcity and reciprocity. Furthermore, the majority of the phishing examples contained three persuasion principles, most of-ten a combination of authority, liking, and social proof. These findings provide insights into how phishers execute phishing in MIM apps and provide a theoretical foundation for future research on the psychological aspects of phishing in MIM apps and the development of anti-phishing solutions to identity phishing in MIM.
Original languageEnglish
Title of host publicationHuman Aspects of Information Security & Assurance
Subtitle of host publication17th International Symposium on Human Aspects of Information Security & Assurance
EditorsSteven Furnell, Nathan Clarke
Place of PublicationCham, Switzerland
PublisherSpringer
Pages324-336
Number of pages13
ISBN (Electronic)9783031385308
ISBN (Print)9783031385292
DOIs
Publication statusPublished - 26 Jul 2023
Event17th International Symposium on Human Aspects of Information Security & Assurance - Kent, United Kingdom
Duration: 4 Jul 20236 Jul 2023

Publication series

NameIFIP Advances in Information and Communication Technology
PublisherSpringer
Volume674
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Conference

Conference17th International Symposium on Human Aspects of Information Security & Assurance
Abbreviated title17th IFIP WG 2023
Country/TerritoryUnited Kingdom
CityKent
Period4/07/236/07/23

Keywords

  • mobile instant messaging
  • phishing
  • persuasion

Fingerprint

Dive into the research topics of 'Content analysis of persuasion principles in mobile instant message phishing'. Together they form a unique fingerprint.

Cite this