Phishing email detection is key in order to prevent cyber-attacks through which fraudsters entice users to send money and sensitive information, or to install malware on their computer, by sending them fraudulent emails or messages. Because phishing attacks have grown more prevalent, developers have worked hard to create more sophisticated detection tools in order to protect potential victims.

What is the phishing email detection tool?

A technique created by researchers at Monash University and CSIRO’s Data61 in Australia may assist users to avoid installing malware or sending valuable data to cyber-criminals. This phishing email detection method was originally published on arXiv and will be presented at a cyber-security conference called AsiaCCS 2022.

One of the researchers, Tingmin (Tina) Wu told: “We have identified a gap in current phishing research, namely realizing that existing literature focuses on rigorous ‘black and white’ methods to classify whether something is a phishing email or not.”

Researchers have attempted to build a phishing email detection model that can automatically scan emails in people’s inboxes and identify phishing emails. Most of these approaches, on the other hand, were found to just detect a small number of patterns, leaving many harmful emails undetected.

“In contrast with other ‘black and white’ methods, we hand the power to decide whether something is suspicious over to the users, by equipping them with easily understandable machine results and conversions,” Wu said. “The reasoning behind this is that recent phishing attacks might not have obvious malicious patterns but instead can leverage human psychology to persuade users to hand over their personal information,” she added.

Researchers were seeking a solution when they noticed that automated phishing email detection methods didn’t deliver good results. Researchers began focusing on the development of detection support tools, such as security warnings, which allow users to make the last decision about whether to delete emails or not. These alerts, however, were also found ineffective since they might be too technical for basic users.

Researchers created phishing detection alternatives for non-expert users

For this purpose, the researchers established out to create an alternative tool for non-expert email users to identify which messages are safe and which are hazardous. The summary they created was intended to be more “digestible,” highlighting emotional triggers, the major content of the text, and the outcome of an intent analysis.

“Our system summarizes phishing emails from three different angles to users to make informed decisions,” Wu explained. “Firstly, we summarize the emails using a variety of machine learning models to create an accurate, short summary so that users can quickly be aware of the most important content in the email,” she added.

The phishing email detection tool developed by Wu and her colleagues watches for the possible goal of phishing emails after it creates a digestible summary of email content, in order to help users make more informed decisions about what to do with the message. It displays them if an unknown contact’s email asks them to click on a link, for example. Finally, the approach developed by researchers seeks to identify emotional triggers as well.

“We derive a model to extract the cognitive triggers based on the language used in the emails. One example of a psychological weakness used by attackers is that users might tend to obey the request when it comes to punishment if not complying with it. The information from these three branches is merged to support users to make the final decision,” Wu explained.

Rather than merely detecting and filtering potentially harmful emails, the method developed by Wu and her colleagues simulates a summary of emails that users may then use to determine what to do with various messages in their inbox. Non-experts can learn to recognize typical patterns in phishing by themselves if they use the tool on a regular basis.

The researchers’ model integrates a variety of cutting-edge phishing email detection techniques into a single, succinct “informational package.” In contrast to previous proposals, it offers consumers chances instead of “hard truths,” preventing mistakes that might result in critical communications being lost.

“Our system is designed to address the challenges of improving the readability and effectiveness of generated information on phishing emails. While most of the current warnings are generated based on the URL, our method focuses on generating useful information around the intention of the emails. That is, to help users identify the phishing attempts by better leveraging their contextual knowledge and aim at the latest trending tactics, e.g., using phishing emails that can easily bypass URL-based detection,” Wu said.

The recent research conducted by this team of researchers offers a new approach for reducing the impact of phishing attacks that do not rely on error-prone automatic systems or pop-up windows that users usually overlook. The group has so far produced a proof-of-concept version of their program, but they now intend to expand it further.

“We now plan to continue improving our system. We will keep collecting the new datasets and make sure the model can extract the useful contents from the emails no matter how the attacking tactic evolves. We will also conduct a large-scale user study to ensure the system is user-friendly and effective,” Wu explained.

In the future, Wu and her colleagues’ phishing email detection tool might open up new possibilities for fighting cyber-attacks. It could also help email providers train basic users to identify these malevolent communications on their own, lowering their impact.

“Human-centric systems are the first step toward leveraging the complementary intelligence of humans and machines. Some future studies are still needed, e.g., to investigate the impact of the human factors on the final decision, to understand users’ habituation in long-time interacting with the warnings and implementing the system in a broad area in cyber-security, not only phishing,” Wu said.