Participants were challenged to detect real emails from a group where several fake emails were planted. The planted messages mimicked real language patterns, but included fake names, repetitive sentences, bad spelling and grammar and incoherent flow. It turns out that participants couldn’t detect the real emails with any degree of confidence — they had a 52 percent overall accuracy rate. Rakesh Verma is a computer science professor at UH.
“The phishing emails, they are very cleverly designed to escape through these filters, right? Because they are trying to mimic an email coming from your bank, or an email coming from your credit card company, or something like that.”
Hackers often pretend to be authorized users of a system by replicating the writing styles of the compromised account. Verma says hovering over a link with your mouse can show the true source of an email. Scammers often try to post links that redirect you to a fake site, but that can’t happen unless you click.
“If the email looks suspicious, never touch the attachment. Never download it, because once you download it, you’re basically, you know, giving access to your computer to some malware or ransomware.”
Findings were presented to the ACM Asia Conference on Computer and Communications Security.