Articles by the cybersecurity community

Excerpt from book Unmasking the Hacker - phishing

It is Sunday 24 November 2019 as I write this. I am working on the draft of my book and hope to have it in a good state to do edits and rewrites in December to have it published by January 2020!

Updates of my book project are available from this page >> Book Updates << and once I have published it, this page will also have updates of new book projects and any giveaways associated wiht them.

Below is an excerpt of one of the chapters of my book "Unmasking the Hacker, Demystifing cybercrime", this one is on phishing.


The term phishing dates back to 1996 with the AOHell scammers and it is a type of technology-based scam where emails are made to appears as being sent from legitimate companies or familiar people in order to trick the recipients. There is nothing mystical in why phishing is successful, and neither are the perpetrators of this type of cybercrime shadowy figures in hoodies. Phishing emails exploit human psychology, using social engineering techniques, to trick the recipient into providing their account credentials or paying spoofed invoices. Common syntax in phishing emails, for example, is designed to make the recipient act fast without thinking their actions through, with their call to immediate action, spoofed believable entities and appeal to people to do the right thing. Phishing emails, for example, often convey a sense of urgency[i] which encourages recipients to make panicked hurried decisions, where they do not take the time to think whether or not the message is legitimate.

Successful phishing emails rely on being believable, playing to emotions and the false sense of security of the recipient. These scam emails whether they are baiting for credentials, money or intellectual property, rely on being believable, they spoof trusted brands or people and relate to everyday topics such as invoices, correcting log in issues or post deliveries. Phishing emails play to emotions with subject lines designed to scare or promote a sense of urgency in the recipient, or by cajoling or encouraging the recipient to do the right thing and click the link to fix a payment for example. Phishing emails also have success as end users may have a false sense of security believing that spam filters will block all malicious emails, or maybe having an over confidence in their own abilities to spot scams. Criminals send, or use bots to send, bulk phishing emails that they know will have success somewhere as so many are sent.



[i] Ferreira, A., & Lenzini, G. (2015, July). An analysis of social engineering principles in effective phishing. In 2015 Workshop on Socio-Technical Aspects in Security and Trust (pp. 9-16). IEEE.