查看文章

Fraudsters are constantly adapting their phishing scam designs by increasing the sophistication of urgency and trust cues used to deceive users. Drawing from the social engineering and social psychology literature, this paper uses deductive thematic analysis to examine how phishing scam designs employ urgency and trust cues. The complete anatomy of a sample of 51 distinctive email scams were analysed including the: from, to, date, subject, content, links and attachment components, using a major South African bank’s archived records of phishing attacks from 2011-2013. The analysis suggests that urgency cues were almost always present to prime cognitive biases and lure users into compliance, while surprisingly important trust cues were less present. The study proposes that users can minimise their risk of being lured into compliance by assessing weaknesses in phishing designs attempting to mimic important trust cues. Technology based email text filtering countermeasures may be more effective if they apply the proposed critical trust and urgency attribute filtering detection approach.