Characterizing the Evolution of Psychological Factors Exploited by Malicious Emails

TL;DR

This study analyzes 21 years of malicious emails to understand how attackers exploit psychological factors, revealing increasing and stealthy exploitation of human traits to improve future defenses.

Contribution

It introduces a methodology to characterize the evolution of psychological factor exploitation in malicious emails through a comprehensive case study.

Findings

Attackers exploit multiple psychological factors increasingly over time.

Most exploitation occurs in an implicit or stealthy manner.

Certain psychological factors are often exploited together.

Abstract

Cyber attacks, including cyber social engineering attacks, such as malicious emails, are always evolving with time. Thus, it is important to understand their evolution. In this paper we characterize the evolution of malicious emails through the lens of Psychological Factors, PFs, which are humans psychological attributes that can be exploited by malicious emails. That is, attackers who send them. For this purpose, we propose a methodology and apply it to conduct a case study on 1,260 malicious emails over a span of 21 years, 2004 to 2024. Our findings include attackers have been constantly seeking to exploit many PFs, especially the ones that reflect human traits. Attackers have been increasingly exploiting 9 PFs and mostly in an implicit or stealthy fashion. Some PFs are often exploited together. These insights shed light on how to design future defenses against malicious emails.