Abstract
The rate of phishing attacks is increasing over time. Although hackers design emails with cognitive biases for their phishing attacks to succeed, little is known about how effectively these biases fool people via phishing emails. Also, little is known how machine learning algorithms can predict human tendency to get phished via phishing emails in the presence of human attributes. In this paper, the main objective is to investigate how the presence of two cognitive biases, authority bias (the tendency of humans to get influenced by the emails sent by authority) and hyperbolic discounting bias (the inclination of humans towards immediate rewards), influence human decision making via a phishing email detection simulation. In an experiment, 210 participants judged emails to be genuine or phishing. The next part of this research predicted the human responses to phishing emails captured in the experiment via machine learning models such as logistic regression (LR), multinomial Naive Bayes (MNB), decision tree (DT), and Random Forest (RF). The results from the study conducted on humans revealed that the authority bias was more effective compared to hyperbolic discounting in phishing humans. Furthermore, the LR classifier effectively predicted human responses in the presence of cognitive biases and human attributes with training and test accuracy of around 90.77% and 82.70%, respectively. We discuss the implications of this work for real-world phishing attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ellis, D.: 7 Ways to Recognize a Phishing Email: Email Phishing Examples, in: SecurityMetrics (2022). https://www.securitymetrics.com/blog/7-ways-recognize-phishing-email. Accessed 27 July 2022
Rajivan, P., Gonzalez, C.: Creative persuasion: a study on adversarial behaviors and strategies in phishing attacks. Front. Psychol. 9, 1–14 (2018)
SecurityAdvisor, Report download: Top Five cognitive biases hackers exploit the most. In: Security Advisor Inc. (2021). https://securityawareness.securityadvisor.io/report-download-top-five-cognitive-biases-hackers-exploit-the-most. Accessed 28 July 2022
Akbar, N.: Analysing Persuasion Principles in Phishing Emails. University of Twente (2014)
Atkins, B., Huang, W.: A study of social engineering in online frauds. Open J. Soc. Sci. 01(03), 23–32 (2013)
Parsons, K., Butavicius, M., Delfabbro, P., Lillie, M.: Predicting susceptibility to social influence in phishing emails. Int. J. Hum. Comput. Stud. 128, 17–26 (2019)
Cho, J.-H., Cam, H., Oltramari, A.: Effect of personality traits on trust and risk to phishing vulnerability: modeling and analysis. In: 2016 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA) (2016)
Verma, R., Shashidhar, N., Hossain, N.: Detecting phishing emails the natural language way. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 824–841. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33167-1_47
Peng, T., Harris, I., Sawa, Y.: Detecting phishing attacks using natural language processing and machine learning. In: 2018 IEEE 12th International Conference on Semantic Computing (ICSC) (2018)
Abu-Nimeh, S., Nappa, D., Wang, X., Nair, S.: A comparison of machine learning techniques for phishing detection. In: Proceedings of the Anti-Phishing Working Groups 2nd Annual eCrime Researchers Summit on - eCrime 2007 (2007)
Bountakas, P., Koutroumpouchos, K., Xenakis, C.: A comparison of natural language processing and machine learning methods for phishing email detection. In: Proceedings of the 16th International Conference on Availability, Reliability and Security (2021)
Xu, T., Singh, K., Rajivan, P.: Modeling phishing decision using instance based learning and natural language processing. In: Proceedings of the Annual Hawaii International Conference on System Sciences (2022)
Bird, S., Klein, E., Loper, E.: Natural Language Processing with Python: Analyzing Text with the Natural Language Toolkit. O’Reilly Media, Inc., Sebastopol (2009)
Pennington, J., Socher, R., Manning, C.: Glove: global vectors for word representation. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP) (2014)
Pedregosa, F., et al.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825–2830 (2011)
Acknowledgment
This research work was partially supported by a grant from Department Of Science & Technology (DST) titled “A game theoretic approach involving experimentation and computational modelling of hacker’s decision using deception in cyber security.” (ITM/DST-ICPS/VD/251) to Prof. Varun Dutt. We are also thankful to the Indian Institute of Technology Mandi and Carnegie Mellon University, Pittsburgh for providing the resources for this project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sharma, M., Kumar, M., Gonzalez, C., Dutt, V. (2023). How the Presence of Cognitive Biases in Phishing Emails Affects Human Decision-Making?. In: Tanveer, M., Agarwal, S., Ozawa, S., Ekbal, A., Jatowt, A. (eds) Neural Information Processing. ICONIP 2022. Communications in Computer and Information Science, vol 1792. Springer, Singapore. https://doi.org/10.1007/978-981-99-1642-9_47
Download citation
DOI: https://doi.org/10.1007/978-981-99-1642-9_47
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-1641-2
Online ISBN: 978-981-99-1642-9
eBook Packages: Computer ScienceComputer Science (R0)