Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Characterizing the Evolution of Psychological Tactics and Techniques Exploited by Malicious Emails

Theodore Longtchi, Shouhuai Xu

TL;DR

Addresses the evolving landscape of malicious emails by formalizing psychological constructs (PTacs, PTechs, PFs) and presenting a methodology to characterize their evolution. Applies the method to a real-world dataset of 1,260 malicious emails from 2004–2024, revealing how PTacs and PTechs are exploited and how major events shift patterns. Finds that certain PTacs (e.g., Fit & Form) and PTechs (e.g., Attention Grabbing, Impersonation) dominate, with significant PTac–PTech correlations and PF exploitation mediated through PTech usage, while explicit PF mentions are rare. The work informs psychologically grounded defense design and suggests extending the approach to other attack vectors and larger datasets.

Abstract

The landscape of malicious emails and cyber social engineering attacks in general are constantly evolving. In order to design effective defenses against these attacks, we must deeply understand the Psychological Tactics, PTacs, and Psychological Techniques, PTechs, that are exploited by these attacks. In this paper we present a methodology for characterizing the evolution of PTacs and PTechs exploited by malicious emails. As a case study, we apply the methodology to a real-world dataset. This leads to a number insights, such as which PTacs or PTechs are more often exploited than others. These insights shed light on directions for future research towards designing psychologically-principled solutions to effectively counter malicious emails.

Characterizing the Evolution of Psychological Tactics and Techniques Exploited by Malicious Emails

TL;DR

Addresses the evolving landscape of malicious emails by formalizing psychological constructs (PTacs, PTechs, PFs) and presenting a methodology to characterize their evolution. Applies the method to a real-world dataset of 1,260 malicious emails from 2004–2024, revealing how PTacs and PTechs are exploited and how major events shift patterns. Finds that certain PTacs (e.g., Fit & Form) and PTechs (e.g., Attention Grabbing, Impersonation) dominate, with significant PTac–PTech correlations and PF exploitation mediated through PTech usage, while explicit PF mentions are rare. The work informs psychologically grounded defense design and suggests extending the approach to other attack vectors and larger datasets.

Abstract

The landscape of malicious emails and cyber social engineering attacks in general are constantly evolving. In order to design effective defenses against these attacks, we must deeply understand the Psychological Tactics, PTacs, and Psychological Techniques, PTechs, that are exploited by these attacks. In this paper we present a methodology for characterizing the evolution of PTacs and PTechs exploited by malicious emails. As a case study, we apply the methodology to a real-world dataset. This leads to a number insights, such as which PTacs or PTechs are more often exploited than others. These insights shed light on directions for future research towards designing psychologically-principled solutions to effectively counter malicious emails.
Paper Structure (14 sections, 6 figures, 1 table)

This paper contains 14 sections, 6 figures, 1 table.

Table of Contents

  1. Introduction
  2. Reviewing and Refining PTacs and PTechs
  3. Reviewing the Concept of PTac
  4. Reviewing and Refining the Concept of PTech
  5. Methodology
  6. Preparing Dataset
  7. Identifying PTacs and PTechs Exploited by Malicious Emails
  8. Analysis
  9. Case Study
  10. Preparing Dataset
  11. Identifying PTacs and PTechs from the 1,260 Malicious Emails
  12. Analysis
  13. Limitations
  14. Conclusion

Figures (6)

  • Figure 1: A real-world phishing email showing which PTacs, PTechs, and PFs are exploited, where the exploited Familiarity PTac, Personalization and Persuasion PTechs, and authority PF are highlighted. The email receives a score 0 with respect to the Fit & Form PTac because the email has a mistake, which is the repeated Signature (i.e., an email from the McCarthy staffing company will not have this mistake, highlighted with the red flag).
  • Figure 2: Evolution of exploited PTacs and PTechs in malicious emails from 2004 to 2024
  • Figure 3: Evolution of the exploitation of individual PTacs
  • Figure 4: Evolution of the exploitation of individual PTechs
  • Figure 5: Correlations in color coding: positive correction increases from white to a depth of blue, and negative correction (absolute value) increase from white to a depth of red.
  • ...and 1 more figures

Theorems & Definitions (2)

  • definition 1: PTac montanez2023quantifyingmontanez2022csekc
  • definition 2: PTech PF-papermontanez2023quantifyingmontanez2022csekc