“Alexa, What’s a Phishing Email?”: Training users to spot phishing emails using a voice assistant

Sharevski, Filipo; Jachim, Peter

doi:10.1186/s13635-022-00133-w

EURASIP Journal on Information Security

Table 1 Interaction-based phishing awareness training

From: “Alexa, What’s a Phishing Email?”: Training users to spot phishing emails using a voice assistant

User:	Hey Alexa, what’s a phishing email?
Alexa:	Phishing is an attempt by an attacker to solicit personal information from unsuspecting users. To entice users, the attackers usually employ one or multiple persuasion principles when crafting the email such as: authority, commitment, liking, reciprocation, scarcity, and social proof.
User:	Hey Alexa, tell me more about these principles.
Alexa:	The principle of authority states that people comply with requests made by figures of authority, such as doctors or politicians.
	The commitment principle proposes that once a user has taken a stand, they feel pressured to behave consistently with that stance.
	The liking principle states that people tend to comply with requests from people they like, for example friends or celebrities.
	The reciprocation principle states that people tend to repay, in kind, what another person has provided them.
	The scarcity principle states that the perceived value of an offer is increased when its availability is limited.
	The social proof principle states that people act accord to what other people are doing to avoid mistakes.
User:	Hey Alexa, tell me examples of phishing emails that incorporate these persuasion principles.
Alexa:	For example, an email urging a user to download a safety measures document about the COVID-19 pandemic employs the principle of authority, using the World Health Organization as the sender, and the principle of scarcity, using the lack of public knowledge about COVID-19.
	Another example employing the liking/reciprocation principles is an email sent by the Jay Z and Rihanna requesting to match their donation for the COVID-19 pandemic that also offers free tickets to a benefit concert as a reciprocation for clicking on the link included in the email.
	An example of using social proof is an email requesting parents to click on a link and sign a petition to close all schools in the state of New York until a vaccine for the COVID-19 is developed.
	Similarly, the principle of commitment could be incorporated in an email that asks for the recipient to donate money for support of the healthcare workers in New York during the COVID-19 pandemic.

Back to article page