To understand why phishing emails are so successful, we need to know how they work mechanically. One place we can look for this structure is ars dictaminus, a medieval genre of rhetoric concerning itself with the art of letter writing, which subsequently established composition as a subfield of rhetoric. Since many phishing emails I received appear to be written as a letter, it felt a natural fit for this project. For the personal solicitation category, I use a framework developed by Derek Ross in his article Ars Dictaminis Perverted, which examines phishing emails as a sub-genre of letter writing. This section goes through an explanation of Ross' framework, and individual email analyses based on this framework.
Interested in how phishing emails operated as a genre, Ross examined 19 rhetorical appeals commonly found in personal solicitation emails. His ultimate goal was to use these phishing emails as tools to teach students about pathos-based arguments, logical appeals, ethos creation, and how kairos functions with perceived exigencies.
In Ross' framework, ethos constructs the identity of the author as real. Ross notes there are seven different categories of ethos to examine:
Examples of pathos-based appeals in Ross' framework focus on exhausting the reader emotionally using six different categories:
Ross notes that appeals using logos seek to prove that the author and letter were real through four appeals:
Kairos is the most common appeal and seen in almost every letter examined by Ross and his team. Kairos focuses on creating a sense of urgency, using language to persuade the victim to "act now or else." This use of language is a common technique found in almost all phishing emails I've examined but is especially vital to the personal solicitation category.
Most of these appeals are found in personal solicitation emails I've collected. The following analysis use many of these rhetorical appeals and seek to understand how the letters operate within the genre.
This unsolicited email functions as a proposal to invest a considerable amount of money in what appears to be a laundering effort. Many ethos-based appeals are used in this phishing email, with the email demonstrating formality with its use of straightforward language directing the victim into receiving a large sum of money. Grammatical constructions, as well as mentioning the author is from Spain, fall in line with the nationality category. "Antonio Capilla, a financial and investment management lawyer and an investment consultant law firm," has all the institutional markers present to attempt to persuade the recipient that this email is legitimate. They demonstrate market terminology as well, repetitively using variants of the words invest, assist, and client throughout the letter. Incredibly polite, but concerned with their client's safety, they're operating well within the idea of a financial and investment management firm.
Appeals to pathos include the adventure/roguishness category, as their client's sensitive position necessitates the investment of funds to the recipient "to make the fund release process easier." That statement sounds like money laundering and is a clear demonstration of an exciting, but legally ambiguous, prospect. The appeal to ego-poor letter construction is present as well due to overly formal grammar conventions that don't fit the context, such as "I await your reply."
This phishing email demonstrates logos-based appeals through both financial specificity (30% of US$10 Million Dollars) and format, with the email following the parameters of what constitutes a letter, to the letter - a greeting, body with the main idea, and a salutation. Simple, efficient, and "honest." Finally, urgency is demonstrated gently, with a request to "kindly write me back urgently," fitting well with the polite and relatively formal conversation.
Meeting 12 out of 19 parameters makes this a well-constructed personal solicitation email containing most of the typical markers that Ross discovered.
This email is part of a series of emails I received over a short amount of time. Initially, I received two different phishing attempts - one from an Indian government email (which I presumed to be compromised), and another from a random Gmail address. Both directed me to contact Maria Elisabeth, albeit though different email addresses. I decided to respond to the second attempt, as I wanted to see how far I could get with the phisher. Upon receiving my response, "Maria" responded with the initial phish. Ethos construction happened through institutional markers and titles such as the name-dropping of a Forbes link to Marie Elisabeth's profile, as well as "SCHAEFFLER AG, HERZOGENAURACH" in her signature. The email was decidedly informal, and the writing in poor form, likely playing up the "elderly widow from Germany" appeal. Nationality played with safety here, as they haphazardly described how they wanted to remain incognito but gift this "blessing," assuring you to "please don't be bothered as to why you have been contacted for this and its genuineness as I have done so from a pure motive."The phisher had a few retorts to my apprehension, but the responses were unlike the initial polite pleading and begging to accept the money and not ask questions - a dead giveaway it was a canned phishing scam. Instead, they asked me to provide my information repeatedly, even after I asked if this was "real" or not. "If you are serious to receive the donations kindly provide us with your details in other to refer you to my bank okay," doesn't instill confidence, especially saying it twice. Unfortunately, playing apprehensive did not coerce the phisher to try and persuade me. A pity too, as I would have gladly given the fake dossier I generated just for the occasion. I would suggest to any aspiring phishers on a red team reading this to engage with your victim. If you make them feel connected and valued (instead of scammed), they will be much more willing to give you the information you're seeking. These tactics are also a great item to discuss in defensive training, as emotional appeals are incredibly effective at getting people to take the bait.
Pathos focused on charity and death, due to her husband's death (and implying her impending death), she's giving all her money as it's no longer useful. By helping her take this massive amount of money, she's hoping that you use it to help others - a "pay it forward" situation. She appeals to the ego-complementary appeal by implying I am "good" like churches, orphanages, and other charitable organizations she's contacted. The ego-poor letter construction appeal is also present, as she writes in a way that appears she struggles with English while having you feel sorry for her. She asks that "for the sake that it might seem too easy for you to receive this gift don't justify that life is easy, I would crave your indulgence not to refer any person whatsoever to me so that I can have my peace." She is "doing this as a free-spirit gift," and "made the contact myself to you, therefore, don't refer any person and don't make a public/media show of this as I would not like any publicity of any sort." The manufactured intent is for you to feel sorry for this massively wealthy, but elderly and widowed German woman.
Logos is present in all four categories outlined by Ross. You see it in contact information with the Forbes profile and multiple email addresses being sent to respond to in the initial "bait" cast. Concerning financial specificity, not only does the title of "Cash Grant Donation of €1,700,000" quantify this but also her admission of giving you that amount of money as a beneficiary out of a total of €50 million! While you're not the only piece in this puzzle, you're still a large one, and it feels good. The initial response followed the letter format amply; however, replies were quick and ill-thought-out regarding keeping the form. Finally, offers to meet were outright rejected due to the desire to keep this out of the public eye. This email also had a distinct lack of urgency, leaving responding on my terms. Perhaps it was a language barrier, but again there was nothing I saw that prompted me to reply immediately. By meeting 15 out of 19 categories, this email was a great example of a personal solicitation email that fits in the genre.
This email is a response to an ad on craigslist, as we were looking for a rental property in anticipation of our out-of-state move. Since I solicited this email, it operated a bit differently than the unsolicited emails received. I like to think of these as reverse-phishing emails, having an advantage to their credibility by virtue of me as initiator.
Ethos was formed through market terminology, repeating variations of owning or renting the house, taking care of the property, and mentioning maintenance or maintaining the property throughout the letter. It also manifested through institutional markers and titles related to the World Mission, a missionary operation which Reverend Joseph Cameron King & Family are members of. He assured me the prospect was safe, because they are simply renting "due to our transfer to (Topeka, Kansas) on a Missionary Work in a church here named World Mission, so we are renting it out since we need someone to take good care of the property on our absent." They reiterated safety over and over throughout the email, with mentions about realtors charging too much commission and being unhappy about that, so the listings were left up but assured it was not for sale. He owned the property, and I could even come to look at it if I wanted to. The email was generally polite but stern, probably trying to emulate the Reverend personality.
Pathos was abundant in this email. King assured me that "we are renting the house to you base on trust and again i will want you to stick to your words," holding me to honor his wishes else I would be a disappointment. He wanted me to feel good about the missionary work he was doing and was looking for me to do an act of goodwill (charity) by renting from him. The email had strong notes of ego-poor letter construction, but I was not informed if Reverend King was identifying as an "other" or not to play up this appeal. The religiosity present in ethos also translated to pathos as well, but this was not necessarily a pathos-specific marker for Ross.
Appeals to logos were presented through contact information and financial specificity, with a phone number, address, and monthly cost given as expected for a rental inquiry. The listing I had initially contacted this person about had an impressive use of logos in the contact information category, although a deceitful one. The use of real property in a dishonest manner like this is depressingly effective. Many people who resort to using craigslist or other non-standard ad listings to find places to live potentially need something non-traditional to fit their lifestyle, and might be desperate for anything available. Since the property physically exists and has a real address, and is even verifiable through various websites, the use of ethos-building appeals above aided to the argument from Reverend King that this was his property, and that it was really for rent. The email followed the conventions of a letter format and even included a long list of application information I was expected to fill out. Unfortunately for this phisher, the request for a family photograph, whether I was home at night, and other too-personal questions instantly told me this was an illegitimate rental.
King's email did display urgency, requesting I text him at the number given immediately after applying, presumably because he didn't check his email often. The phisher wanted to show he was legitimately interested in getting back to me as soon as he could. I appreciated the promptness, as it was much less murky than others who seemed to care less whether they successfully phished me.
Overall, this email hit 14 of 19 categories, making it a good representation of a personal solicitation email. These reverse-phishing style emails are dangerous, and further attention should be given to these types of scams to create an effective defense against them.
This email similar to the Columbus house for rent above, as we were looking for a rental property locally when we still lived in Minnesota. We solicited this individual through craigslist, and after a follow-up email due to no initial response, they responded apologetically. It's been one of my favorite phishing/scam emails that I've ever received due to the blatant copy-paste of descriptions of UNESCO and Education for All as his job descriptions, the random mention of his wife as a part of Joyce Meyer ministries, and the desire to have "a good and responsible tenant that is God fearing and a good christian." This email was more religious than the previous example, and that supposedly came from a Reverend! It was so overly dramatic I shared it with a few people in awe of how ridiculous it was.
Ethos presented itself through institutional markers and titles, namely mentioning and linking both UNESCO and EFA and mentioning that his wife is with Joyce Meyer, who is an "American Charismatic Christian author and speaker." Adding in bible quotes and letting me know "that is not the money that really matters because we believe both the rich and poor deserve a better home" really hit home with religiosity. This was a great example of how the overuse of an appeal can ruin credibility. By excessively using religion to bolster ethos, it dismantled the idea that it was genuine - why would the author need to reiterate over and over how religious they were, if they were indeed that religious? Due to the lack of timeliness in response, reassurances of safety were given through phrases such as, "sorry for the lateness in my response and as am very busy at work lately," hopefully removing the fear that it's an illegitimate email. They also explained in detail that if I still see the house listed for sale, it's not for sale anymore. Those listings were up because they became unhappy with how agents were inflating the price of the home and decided to rent it out instead.
But this situation doesn't make sense. Ideally, you'd want to make as much money as you can, and would be happy selling your home for a higher value. Also, if the house were delisted, the agents would have removed the listings. But maybe if you're unfamiliar with how that works, it wouldn't be strange to you, and everything explained to you felt safe. Finally, the only reason why he couldn't meet us in person is "now that we are out of the state my reasons for leaving with my family is that i love my family and i go everywhere with them now that we are not around." The email's author is a family man, and he wants to take care of the obligations he had to leave when moving for work - he's doing this out of the kindness of his heart. The only hint I received that this could be part of the nationality category was when the author mentioned they "spent less time in the States so I could not get a hold on any Realtor to handle this rent issue." No indication existed outside of this statement that they could be of foreign nationality aside from the language conventions mentioned above.
Surprisingly, this only met a single category in pathos from Ross - ego-poor letter construction - although I'm not exactly sure why it was written like this as there were no indicators in the email that they wanted to identify as an "outsider." While not a pathos-based appeal as defined by Ross, I saw religion and the "do-gooder" description of missionaries in EFA and UNESCO reach into ego-complimentary, as they attempted to flatter me with their idea of what it means to be a "good" person.
The email did, however, meet every marker of logos, with contact information represented with not only two places of employment, but a phone number and the address where the house is available for rent. The houses' listings on Zillow and other real estate websites also added into the credibility of the house existing - it wasn't merely a random picture of a property; it was a picture of a house we could physically go view. The listing had a legitimate, real address, and while the facts presented, such as the house being for rent, were not true, to a less-paranoid and suspicious observer, they might as well have been Financial specificity was in the amount of rent and security deposit. The format was slightly relevant; it was a letter, and the author certainly tried to follow conventions, but it generally was written poorly. Finally, like many others, the individual could not meet in person, but could conduct business through the mail due to being out of state.
Relying on me to respond to this letter, without much of a sense of urgency present at all, I was left with a lack of kairos. However, 13 out of 19 markers make this a relatively good example of a personal solicitation email. While I was disappointed a decent property ended up being yet another craigslist scam, it made a great (and hilarious) example in my phishing email analysis, so I'm happy with the results in the end.
A rather odd email, I received a seemingly disappointed yet urgent notice from a woman named Elizabeth Lyonsfield. Meeting absolutely none of the ethos markers Ross defined, I had no idea how to assess who this woman was or why she was contacting me. Pathos was constructed through ego-poor letter construction, but only because the grammar and capitalization were suspect. Elizabeth meets logos only through having a proper letter format. She pleads for me to react urgently, and states, "I hope to hear back from you soonest." But since I have no idea who she is, where she's from, or what she wants, I didn't respond. Only receiving 3 out of 19 markers makes this personal solicitation email a poor exaple.
This phishing email was very bland and generally did not show many categorical markers found in personal solicitation emails. Ethos was constructed through an institutional marker, "DBS Singapore." here is no indication as to what DBS Singapore is, though, so calling it a marker is generous. Presumably located in Singapore, this would also pull on the nationality category, but aside from a location, there are no visible markers apart from an odd capitalization on Private. I feel as if I'm reaching with both markers since they're the only definable ethos traits in Ross' framework present, and barely present at that. Pathos is seen through the ego-poor letter construction category. There is only a single sentence in the letter, which I'm guessing is an attempt to get you to respond for more information. Logos was straightforward with thefinancial specificity category, stating that the proposal was for €58 million. The format was that of a letter - greeting, middle, end - but not so much informative. Notably, there was a lack of urgency in this email. Barely meeting 5 of 19 categories, it does not make an effective personal solicitation email but is still technically a phishing email.
While I don't personally feel this category of phishing is particularly effective, especially compared to the other categories I've analyzed, it's still important to understand how and why they work. People still fall for overly emotive text with remarkably (un)reasonable requests that you provide private information to an unknown individual for millions of dollars out of the blue. Rhetoric helps us understand how this language works because the emails expertly command the appeals to convince the audience they're legitimate, even if they appear poorly constructed. A rhetorical situation is created through the manufactured intent of the email, whether it be helping, following up on a request, or whatever situation the phisher decided to develop. These emails are remarkably effective in the case of the "reverse-phishing" scams, such as the rental property ads; someone will compromise themselves if they're not on alert.
Ross notes that "the less time an audience thinks they have, the less time they will take to analyze the email," and I would agree with him as an overall examination. These emails work because people are pressed for time, distracted, or whatever other reason exists that would make someone let their guard down. Many of the same emails I received are found online as phishing templates because they are successful enough to keep being used. It's easy to deconstruct an email and say, "Hey, this is obviously a phishing email - look how bad it is!" Yet, if you put yourself into the context of someone feeling desperate for a big break, or exhausted and thinking they're responding to a previous contact, it's no wonder these emails work so well. It doesn't matter if the facts aren't real. The only thing that matters is convincing the audience what's said is legitimate.