Scamming Higher Ed: An Analysis of Phishing Content and Trends

Universities are frequent targets of cyberattacks. This investigation seeks to explore common phishing techniques targeting institutions of higher education. This study analyzes the content and message features of a sample of 2,300 emails from 2010 to 2023 collected from Cornell’s Phish Bowl, including topics, persuasive appeals, emotional appeals, and spelling errors. Using analyses of association and text mining, the work maps out changes in phishing trends over time. One major finding is that security-focused phish have been replaced by those attempting to reflect routine university life, such as job offer scams. Additionally, this study identifies authority and scarcity as common persuasive appeals in phishing attempts and demonstrates a decrease in spelling errors over time. These findings have practical implications for cybersecurity training and awareness. They may also guide future work seeking to determine user susceptibility to phishing by providing insight into frequent attacks.