Generating Phishing Emails Using Graph Database

  • Nasim MalekiEmail author
  • Ali A. Ghorbani
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11879)


We need Phishing Awareness Tools to train employees because existing anti-phishing filters are not 100% capable of detecting phishing attacks, especially zero-day attacks. Current awareness tools can make phishing campaigns targeting the employees, but they contain an only limited number of predefined email templates. In this work, we designed a framework and built a tool generating new phishing emails automatically from a graph database perspective. Then, we conducted a three-round experiment. We sent the automatically-generated emails to some uninformed members of our community. On average, 72.85% of victims opened the emails, the click-through rate was 54.05% among who opened the emails, and all recipients who completed the survey stated that the content of emails was meaningful. In this experiment, we also showed which parts of the email are more luring and what the result might be if emails are carefully-crafted or from a person of authority.


Phishing email Phishing Awareness Tool Generating phishing email 



The authors generously acknowledge the funding from the Atlantic Canada Opportunity Agency (ACOA) through the Atlantic Innovation Fund (AIF) and through grant from the National Science and Engineering Research Council of Canada (NSERC) to Dr. Ghorbani.


  1. 1.
    apwg: Apwg report. Accessed 01 April 2019
  2. 2.
    APWG: Apwg report q4 (2017). Accessed 01 April 2019
  3. 3.
  4. 4.
    Dodge Jr., R.C., Carver, C., Ferguson, A.J.: Phishing for user security awareness. Comput. Secur. 26(1), 73–80 (2007)CrossRefGoogle Scholar
  5. 5.
    Downs, J.S., Holbrook, M.B., Cranor, L.F.: Decision strategies and susceptibility to phishing. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 79–90. ACM (2006)Google Scholar
  6. 6.
    Ferreira, A., Teles, S.: Persuasion: how phishing emails can influence users and bypass security measures. Int. J. Hum Comput Stud. 125, 19–31 (2019)CrossRefGoogle Scholar
  7. 7.
    Gophish: Gophish. Accessed 01 April 2019
  8. 8.
    kingphisher: Knuth: computers and typesetting. Accessed 01 April 2019
  9. 9.
    LUCY: Lucy. Accessed 01 April 2019
  10. 10.
    neo4j: Why graph databases? Accessed 01 April 2019
  11. 11.
    Palka, S., McCoy, D.: Dynamic phishing content using generative grammars. In: 2015 IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW), pp. 1–8. IEEE (2015)Google Scholar
  12. 12.
    Palka, S., McCoy, D.: Fuzzing e-mail filters with generative grammars and n-gram analysis. In: WOOT (2015)Google Scholar
  13. 13.
    phishingfrenzy: phishingfrenzy. Accessed 01 April 2019
  14. 14.
    RFC: Rfc1036. Accessed 01 April 2019
  15. 15.
    RFC: Rfc822. Accessed 01 April 2019
  16. 16.
    SecurityIQ: Securityiq phishsim. Accessed 01 April 2019
  17. 17.
    (SET), S.E.T.: Social-engineer toolkit (set). Accessed 01 April 2019
  18. 18.
    SPF: Speedphish framework (spf). Accessed 01 April 2019
  19. 19.
    Vicknair, C., Macias, M., Zhao, Z., Nan, X., Chen, Y., Wilkins, D.: A comparison of a graph database and a relational database: a data provenance perspective. In: Proceedings of the 48th Annual Southeast Regional Conference, p. 42. ACM (2010)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Canadian Institute for Cybersecurity, Faculty of Computer ScienceUniversity of New BrunswickFrederictonCanada

Personalised recommendations