Revealing the Hidden Effects of Phishing Emails: An Analysis of Eye and Mouse Movements in Email Sorting Tasks

TL;DR

This study analyzes eye and mouse movements during email sorting to uncover subtle behavioral differences caused by phishing emails, aiming to improve detection and user protection mechanisms.

Contribution

It introduces an online study capturing gaze and mouse data to identify behavioral cues associated with phishing email recognition.

Findings

Phishing emails cause significant behavioral differences in gaze and mouse movements.

Behavioral responses vary depending on the type of phishing email.

Insights can inform the development of automated phishing detection tools.

Abstract

Users are the last line of defense as phishing emails pass filter mechanisms. At the same time, phishing emails are designed so that they are challenging to identify by users. To this end, attackers employ techniques, such as eliciting stress, targeting helpfulness, or exercising authority, due to which users often miss being manipulated out of malicious intent. This work builds on the assumption that manipulation techniques, even if going unnoticed by users, still lead to changes in their behavior. In this work, we present the outcomes of an online study in which we collected gaze and mouse movement data during an email sorting task. Our findings show that phishing emails lead to significant differences across behavioral features but depend on the nature of the email. We discuss how our findings can be leveraged to build security mechanisms protecting users and companies from phishing.