Monday, March 02, 2015

Visualizations of Phishing Emails

I've been collecting all phishing emails that have come into my inbox since 2010. I thought it would be fun to create some simple visualizations, to look for interesting patterns.

Below is a wordle of 95 different Nigerian email scams. These are the scams where the sender of the email has a business proposition for you, with millions of dollars in a bank or secret fund, and they need your help getting it out. You can see several prominent words, like bank, money, contact, and fund. You can also see that these scammers are quite polite, with please being a common word too.


Surprisingly, I only got 16 reply-to phishing emails. These are the ones where the scammer asks you to fill out your account information in the email, like your account name and password. Nothing too surprising here.  

The largest set was 160 general phishing attacks, ones where the scammer tries to trick you into clicking a link or opening an attachment. You can see that these scammers are quite polite, with please being pretty prominent. Like the reply-to phishing attacks above, you can see that an email that mentions your account or wants you to click on a link is a good signal that it may be a phishing attack.  

Below is a wordle that combines all of the above emails, if you want to share with others or print out.

I also created a word tree visualization using the service on Jason Davies' site. You can see the interactive version of all of the phishing emails here. You can see the most common opening for these phishing emails, and again, scammers are quite polite.




No comments: