Clustering

A novel framework designed to designed to extract contextual information from phishing emails. Our focus is on human-centric features, which are often overlooked in traditional approaches, as they are the features that users notice when evaluating a potentially suspicious email. By fine-tuning four transformer-based models, we accurately extract seven descriptive features from phishing email texts. Our findings indicate that language models provide a promising method for extracting contextual information from phishing emails.

There is a significant knowledge gap about the qualitative traits embedded in phishing emails, which could be useful in a range of phishing mitigation tasks. In this paper, we consider the structure of phishing emails to identify a novel set of descriptive features. We employ an iterative qualitative coding approach to identify features that are descriptive of the emails leading to the ``Phishing Codebook’’, a structured framework for extracting key phishing email information. We apply this codebook to a publicly available dataset of 503 phishing emails.