TY - GEN
T1 - Content analysis of persuasion principles in mobile instant message phishing
AU - Ahmad, Rufai
AU - Terzis, Sotirios
AU - Renaud, Karen
PY - 2023/7/26
Y1 - 2023/7/26
N2 - The popularity of Mobile Instant Messaging (MIM) Applications (apps) presents cybercriminals with a new venue for sending deceptive messages, known as 'Phishing'. MIM apps often lack technical safeguards to shield users from these messages. The first step towards developing anti-phishing solutions to identify phishing messages in any attack vector is understanding the nature of the attacks. However, such understanding is lacking for MIM-enabled phishing. This study provides insights into how phishers apply persuasion principles in MIM phishing. Using the deductive content analysis method and Cialdini's six principles of persuasion, this study identified and analysed 67 examples of real-world MIM phishing attacks from various online sources. Each phishing example was coded to identify the persuasion techniques used and how they were applied. Findings revealed that the principles of social proof, liking, and authority were most widely used in MIM phishing, followed by scarcity and reciprocity. Furthermore, the majority of the phishing examples contained three persuasion principles, most of-ten a combination of authority, liking, and social proof. These findings provide insights into how phishers execute phishing in MIM apps and provide a theoretical foundation for future research on the psychological aspects of phishing in MIM apps and the development of anti-phishing solutions to identity phishing in MIM.
AB - The popularity of Mobile Instant Messaging (MIM) Applications (apps) presents cybercriminals with a new venue for sending deceptive messages, known as 'Phishing'. MIM apps often lack technical safeguards to shield users from these messages. The first step towards developing anti-phishing solutions to identify phishing messages in any attack vector is understanding the nature of the attacks. However, such understanding is lacking for MIM-enabled phishing. This study provides insights into how phishers apply persuasion principles in MIM phishing. Using the deductive content analysis method and Cialdini's six principles of persuasion, this study identified and analysed 67 examples of real-world MIM phishing attacks from various online sources. Each phishing example was coded to identify the persuasion techniques used and how they were applied. Findings revealed that the principles of social proof, liking, and authority were most widely used in MIM phishing, followed by scarcity and reciprocity. Furthermore, the majority of the phishing examples contained three persuasion principles, most of-ten a combination of authority, liking, and social proof. These findings provide insights into how phishers execute phishing in MIM apps and provide a theoretical foundation for future research on the psychological aspects of phishing in MIM apps and the development of anti-phishing solutions to identity phishing in MIM.
KW - mobile instant messaging
KW - phishing
KW - persuasion
UR - https://link.springer.com/book/9783031385292
U2 - 10.1007/978-3-031-38530-8_26
DO - 10.1007/978-3-031-38530-8_26
M3 - Conference contribution book
SN - 9783031385292
T3 - IFIP Advances in Information and Communication Technology
SP - 324
EP - 336
BT - Human Aspects of Information Security & Assurance
A2 - Furnell, Steven
A2 - Clarke, Nathan
PB - Springer
CY - Cham, Switzerland
T2 - 17th International Symposium on Human Aspects of Information Security & Assurance
Y2 - 4 July 2023 through 6 July 2023
ER -