Skip to main content

An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited

  • Conference paper
  • First Online:
Advances in Human Factors in Cybersecurity (AHFE 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1219))

Included in the following conference series:


Humans continue to be considered as the weakest link in securing systems. While there are a variety of sophisticated system attacks, phishing emails continues to be successful in gaining users attention and leading to disastrous security consequences. In designing strategies to protect users from fraudulent phishing emails, system designers need to know which attack approaches and type of content seems to exploit human limitations and vulnerabilities. In this study, we are focusing on the attackers’ footprints (emails) and examining the phishing email content and characteristics utilizing publicly available phishing attack repository databases. We analyzed several variables to gain a better understanding of the techniques and language used in these emails to capture users’ attention. Our findings reveal that the words primarily used in these emails are targeting users’ emotional tendencies and triggers to apply their attacks. In addition, attackers employ user-targeted words and subjects that exploits certain emotional triggers such as fear and anticipation. We believe our human centered study and findings is a critical step forward towards improving detection and training programs to decrease phishing attacks and to promote the inclusion of human factors in securing systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 159.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions


  1. Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Advanced social engineering at tacks. J. Inf. Secur. Appl. 22, 113–122 (2015)

    Google Scholar 

  2. Ramzan, Z.: Phishing attacks and countermeasures. In: Handbook of Information and Communication Security, pp. 433–448. Springer, Heidelberg (2010)

    Google Scholar 

  3. Van der Merwe, A., Loock, M., Dabrowski, M.: Characteristics and responsibilities involved in a phishing attack. In: Proceedings of the 4th International Symposium on Information and Communication Technologies, pp. 249–254). Trinity College Dublin (January 2005)

    Google Scholar 

  4. Rekouche, K.: Early phishing. arXiv preprint arXiv:1106.4692 (2011)

  5. Abawajy, J.: User preference of cyber security awareness delivery methods. Behav. Inf. Technol. 33(3), 237–248 (2014)

    Article  MathSciNet  Google Scholar 

  6. Shackleford, D.: Cyber threat intelligence uses, successes and failures: the sans 2017 cti survey. SANS, Tech. rep. (2017)

    Google Scholar 

  7. Ludl, C., McAllister, S., Kirda, E., Kruegel, C.: On the effectiveness of techniques to detect phishing sites. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 20–39. Springer, Heidelberg (July 2007)

    Google Scholar 

  8. Dong, Z., Kapadia, A., Blythe, J., Camp, L.J.: Beyond the lock icon: real-time detection of phishing websites using public key certificates. In: 2015 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–12. IEEE (May 2015)

    Google Scholar 

  9. Sharma, T., Bambenek, J. C., Bashir, M.: Preserving privacy in cyber-physical social systems: an anonymity and access control approach (2020)

    Google Scholar 

  10. Rahman, S., Sharma, T., Reza, S.M., Rahman, M.M., Kaiser, M.S.: PSO-NF based vertical handoff decision for ubiquitous heterogeneous wireless network (UHWN). In: 2016 International Workshop on Computational Intelligence (IWCI), pp. 153–158. IEEE (December 2016)

    Google Scholar 

  11. Dong, Zhang, Y., Egelman, S., Cranor, L., Hong, J.: Phinding phish: evaluating anti-phishing tools (2007)

    Google Scholar 

  12. Xiang, G., Hong, J., Rose, C.P., Cranor, L.: Cantina+: A feature-rich machine learning framework for detecting phishing web sites. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(2), 21 (2011)

    Article  Google Scholar 

  13. Mohammad, R.M., Thabtah, F., McCluskey, L.: Predicting phishing websites based on self-structuring neural network. Neural Comput. Appl. 25(2), 443–458 (2014)

    Article  Google Scholar 

  14. Abbasi, A., Zahedi, F.M., Zeng, D., Chen, Y., Chen, H., Nunamaker Jr., J.F.: Enhancing predictive analytics for anti-phishing by exploiting website genre information. J. Manag. Inf. Syst. 31(4), 109–157 (2015)

    Article  Google Scholar 

  15. Sharma, T., Bashir, M.: Privacy apps for smartphones: an assessment of users’ preferences and limitations. In: 22nd International Conference on Human-Computer Interaction (2020)

    Google Scholar 

  16. Whittaker, C., Ryner, B., Nazif, M.: Large-scale automatic classification of phishing (2010)

    Google Scholar 

  17. Cambria, E.: Affective computing and sentiment analysis. IEEE Intell. Syst. 31(2), 102–107 (2016)

    Article  Google Scholar 

  18. Taboada, M., Brooke, J., Tofiloski, M., Voll, K., Stede, M.: Lexicon-based methods for sentiment analysis. Comput. Linguist. 37(2), 267–307 (2011)

    Article  Google Scholar 

  19. Seyeditabari, A., Zadrozny, W.: Can word embeddings help find latent emotions in text? Preliminary results. In: The Thirtieth International Flairs Conference (May 2017)

    Google Scholar 

  20. Shovon, A.R., Roy, S., Sharma, T., Whaiduzzaman, M.: A restful e-governance application framework for people identity verification in cloud. In: International Conference on Cloud Computing, pp. 281–294. Springer, Cham (June 2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Masooda Bashir .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sharma, T., Bashir, M. (2020). An Analysis of Phishing Emails and How the Human Vulnerabilities are Exploited. In: Corradini, I., Nardelli, E., Ahram, T. (eds) Advances in Human Factors in Cybersecurity. AHFE 2020. Advances in Intelligent Systems and Computing, vol 1219. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-52580-4

  • Online ISBN: 978-3-030-52581-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics