Email-based phishing is still a widespread problem, that affects many users worldwide. Although many aspects of phishing have been extensively studied in the past, they mainly focus on the execution and prevention of different types of phishing and do not consider the process how attackers collect the contact information of potential victims. In this paper, we analyze the collection process of email addresses in more detail. Based on the results of this analysis, we propose email address separation as a way for users to detect phishing emails, and reason about its effectiveness against several typical types of phishing attacks. We find, that email address separation has the potential to greatly reduce the perceived authenticity of general phishing emails, that target a large amount of users, e.g., by impersonating a popular service and spreading malware or links to phishing websites. It is, however, not likely to prevent more sophisticated phishing attacks, that do not depend on the impersonation of a previously known organization or entity. Our results motivate further studies to analyze the usability and applicability of the proposed method, and to determine, whether address separation has additional positive effects on users’ phishing awareness or automated phishing detection.
展开▼
