We need to understand how letter writing works mechanically to understand why phishing emails are so successful. One place we can look for this structure is ars dictaminus, a medieval genre of rhetoric concerning itself with the art of letter writing, which subsequently established composition as a subfield of rhetoric.. Since many phishing emails I received appear to be written as a letter, it felt a natural fit for this project. For the personal solicitation category, I use a framework developed by Derek Ross in his article Ars Dictaminis Perverted, which examines phishing emails as a sub-genre of letter writing. This section goes through an explanation of Ross' framework and individual email analyses based on this framework.
Interested in how phishing emails operated as a genre, Ross examined 19 rhetorical appeals commonly found in personal solicitation emails. His ultimate goal was to use these phishing emails as tools to teach students about pathos-based arguments, logical appeals, ethos creation, and how kairos functions with perceived exigencies.
In Ross' framework, ethos constructs the author's identity as real. Ross notes there are seven different categories of ethos to examine:
These categories create an assumed identity that not only has authority but also gives the author authority to ask the victim for help.
Examples of pathos-based appeals in Ross' framework focus on exhausting the reader emotionally using six different categories:
These appeals effectively cater to the victim's emotional response, focusing on both positive and negative aspects of pathos to manufacture an argument effectively.
Ross states that logos operates to prove that the author and letter are real through four appeals:
As mentioned in the crash course, logos does not have to be truthful for the appeal to be effective; it only needs to appear truthful. Below are some incredibly crafty uses of distorted facts in the emails regarding an apartment/house for rent.
Kairos is the most common appeal and is seen in almost every letter Ross and his team examined. Kairos focuses on creating a sense of urgency, using language to persuade the victim to "act now or else." This use of language is a common technique found in almost all phishing emails I've examined but is especially vital to the personal solicitation category.
Most of these appeals are found in personal solicitation emails I've collected. The following analysis uses many of these rhetorical appeals and seeks to understand how the letters operate within the genre.
This unsolicited email functions as a proposal to invest a considerable amount of money in what appears to be a laundering effort. Many ethos-based appeals are used in this phishing email, with the email demonstrating formality with its straightforward language directing the victim into receiving a large sum of money. Grammatical constructions and mentioning that the author is from Spain fall in line with the nationality category. "Antonio Capilla, a financial and investment management lawyer and an investment consultant law firm," has all the institutional markers present to attempt to persuade the recipient that this email is legitimate. They demonstrate market terminology, repetitively using variants of the words invest, assist, and client throughout the letter. Incredibly polite, but concerned with their client's safety, they're operating well within the idea of a financial and investment management firm.
Appeals to pathos include the adventure/roguishness category, as their client's sensitive position necessitates the investment of funds to the recipient "to make the fund release process easier." That statement sounds like money laundering and clearly demonstrates an exciting but illegal prospect. The appeal to ego-poor letter construction is present due to overly formal grammar conventions that don't fit the context, such as "I await your reply."
This phishing email demonstrates logos-based appeals through financial specificity (30% of US$10 Million Dollars) and format,with the email following the parameters of what constitutes a letter, to the letter - a greeting, body with the main idea, and a salutation. Finally, urgency is demonstrated gently, with a request to "kindly write me back urgently," fitting well with the polite and relatively formal conversation. Simple, efficient, and "honest."
Meeting 12 out of 19 parameters makes this a well-constructed personal solicitation email containing most of the typical markers from Ross.
This email is part of a series of emails I received over a short time. Initially, I received two different phishing attempts - one from an Indian government email (which I presumed to be compromised), and another from a random Gmail address. Both directed me to contact Maria Elisabeth, albeit though different email addresses. I responded to the second attempt as I wanted to see how far I could get with the phisher. Upon receiving my response, "Maria" responded with the initial phish. Ethos construction happened through institutional markers and titles such as the name-dropping of a Forbes link to Marie Elisabeth's profile and "SCHAEFFLER AG, HERZOGENAURACH" in her signature. The email was decidedly informal, and the writing in poor form, likely playing up the "elderly widow from Germany" appeal. Nationality played with safety as they haphazardly described how they wanted to remain incognito but gift this "blessing," assuring you to "please don't be bothered as to why you have been contacted for this and its genuineness as I have done so from a pure motive."
The phisher had a few retorts to my apprehension, but the responses were unlike the initial polite pleading and begging to accept the money and not ask questions - a dead giveaway it was a canned phishing scam. Instead, they asked me to provide my information repeatedly, even after I asked if this was "real" or not. "If you are serious to receive the donations kindly provide us with your details in other to refer you to my bank okay," doesn't instill confidence, especially saying it twice. Unfortunately, playing apprehensive did not coerce the phisher to try and persuade me. A pity, too, as I would have gladly given the fake dossier I generated just for the occasion. I would suggest to any aspiring phishers on a red team reading this to engage with your victim. If you make them feel connected and valued (instead of scammed), they will be willing to give you the information you seek. These tactics are also great to discuss in defensive training, as emotional appeals are incredibly effective at getting people to take the bait.
Pathos focused on charity and death. Due to her husband's death (and implying her impending death), she's giving all her money away as it's no longer helpful. By helping her take this massive amount of money, she's hoping you use it to help others - a "pay it forward" situation. She appeals to the ego-complementary appeal by implying I am "good" like the churches, orphanages, and other charitable organizations she's contacted. The ego-poor letter construction appeal is also present, as she writes in a way that appears she struggles with English while having you feel sorry for her. She asks that "for the sake that it might seem too easy for you to receive this gift don't justify that life is easy, I would crave your indulgence not to refer any person whatsoever to me so that I can have my peace." She is "doing this as a free-spirit gift," and "made the contact myself to you, therefore, don't refer any person and don't make a public/media show of this as I would not like any publicity of any sort." The manufactured intent is for you to feel sorry for this massively wealthy but elderly, widowed German woman.
Logos is present in all four categories outlined by Ross. You see it in contact information with the Forbes profile and multiple email addresses being sent to respond to in the initial "bait" cast. Concerning financial specificity, not only does the title of "Cash Grant Donation of €1,700,000" quantify this but also her admission of giving you that amount of money as a beneficiary out of a total of €50 million! While you're not the only piece in this puzzle, you're still a large one, and it feels good. The initial response followed the letter format amply; however, replies were quick and ill-thought-out in terms of form. Finally, offers to meet were outright rejected due to the desire to keep this out of the public eye. This email also had a distinct lack of urgency, leaving responding on my terms. Perhaps it was a language barrier, but again there was nothing I saw that prompted me to reply immediately. By meeting 15 out of 19 categories, this email was a great example of a personal solicitation email that fits the genre.
This email is a response to an ad on craigslist, as we were looking for a rental property in anticipation of our out-of-state move. Since I solicited this email, it operated differently than the unsolicited emails received. I like to think of these as reverse-phishing emails, having an advantage to their credibility as I was the initiator.
Ethos was formed through market terminology, epeating variations of owning or renting the house, taking care of the property, and mentioning maintenance or maintaining the property throughout the letter. It also manifested through institutional markers and titles related to the World Mission, a missionary operation of which Reverend Joseph Cameron King and Family are members. He assured me the prospect was safe, because they are simply renting "due to our transfer to (Topeka, Kansas) on a Missionary Work in a church here named World Mission, so we are renting it out since we need someone to take good care of the property on our absent." They reiterated safety over and over throughout the email, with mentions about realtors charging too much commission and being unhappy about that, so the listings were left up but assured it was not for sale. He owned the property, and I could even come to look at it if I wanted to. The email was generally polite but stern, probably trying to emulate a Reverend's personality.
Pathos was abundant in this email. King assured me that "we are renting the house to you base on trust and again i will want you to stick to your words," holding me to honor his wishes else I would be a disappointment. He wanted me to feel good about the missionary work he was doing and was looking for me to do an act of goodwill (charity) by renting from him. The email had strong notes of ego-poor letter construction, but I was not informed if Reverend King was identifying as an "other" or not to play up this appeal. The religiosity in ethos also translated to pathos, but this was not necessarily a pathos-specific marker for Ross.
Appeals to logos are present in contact information and financial specificity, with a phone number, address, and monthly cost as expected for a rental inquiry. The listing I had initially contacted this person about had an impressive use of logos in the contact information category, although a deceitful one. Using real property in a dishonest manner like this is depressingly effective. Many people who resort to using craigslist or other non-standard ad listings to find places to live potentially need something non-traditional to fit their lifestyle and might be desperate for anything available. Since the property physically exists, has an actual address, and is even verifiable through various websites, the use of ethos-building appeals above aided the argument from Reverend King that this was his property and that it was really for rent. The email followed the conventions of a letter format and even included a long list of application information I was expected to fill out. Unfortunately for this phisher, the request for a family photograph, whether I was home at night, and other too-personal questions instantly told me this was an illegitimate rental.
King's email displayed urgency, requesting I text him at the number given immediately after applying, presumably because he didn't check his email often. The phisher wanted to show he was legitimately interested in getting back to me as soon as possible. I appreciated the promptness, as it was much less murky than others who seemed to care less whether they successfully phished me.
Overall, this email hit 14 of 19 categories, making it a good representation of a personal solicitation email. These reverse-phishing-style emails are dangerous, and further attention should be given to these scams to create an effective defense against them.
This email is similar to the Columbus house for rent above, as we were looking for a rental property locally when we still lived in Minnesota. We solicited this individual through craigslist, and after a follow-up email due to no initial response, they responded apologetically. It's been one of my favorite phishing/scam emails that I've ever received due to the blatant copy-paste of descriptions of UNESCO and Education for All as his job descriptions, the random mention of his wife as a part of Joyce Meyer ministries, and the desire to have "a good and responsible tenant that is God fearing and a good christian." This email was more religious than the previous example, which supposedly came from a Reverend! It was so overly dramatic I shared it with a few people in awe of how ridiculous it was.
Ethos presented itself through institutional markers and titles, mentioning and linking both UNESCO and EFA and mentioning that his wife is with Joyce Meyer, an "American Charismatic Christian author and speaker." Adding in bible quotes and letting me know "that is not the money that really matters because we believe both the rich and poor deserve a better home" hit home with religiosity - a great example of how the overuse of an appeal can ruin credibility. By excessively using religion to bolster ethos, it dismantled the idea that it was genuine - why would the author need to reiterate how religious they were if they were indeed that religious? Due to the lack of timeliness in response, reassurances of safety were given through phrases such as, "sorry for the lateness in my response and as am very busy at work lately," hopefully removing the fear that it's an illegitimate email. They also explained in detail that if I still see the house listed for sale, it's not for sale anymore. Those listings were up because they became unhappy with how agents were inflating the price of the home and decided to rent it out instead.
But this situation doesn't make sense. Ideally, you'd want to make as much money as possible and be happy selling your home for a higher value. Also, if the house were delisted, the agents would have removed the listings. But maybe if you're unfamiliar with how that works, it wouldn't be strange to you, and everything explained to you felt safe. Finally, the only reason he couldn't meet us in person is "now that we are out of the state my reasons for leaving with my family is that i love my family and i go everywhere with them now that we are not around." The email's author is a family man who wants to take care of the obligations he had to leave when moving for work - he's doing this out of the kindness of his heart. The only hint I received that this could be part of the nationality category was when the author mentioned they "spent less time in the States, so I could not get a hold on any Realtor to handle this rent issue." No indication existed outside this statement that they could be of foreign nationality aside from the language conventions mentioned above.
Surprisingly, this only met a single category in pathos from Ross - ego-poor letter construction - although I'm not exactly sure why it was written like this as there were no indicators in the email that they wanted to identify as an "outsider." While not a pathos-based appeal as defined by Ross, I saw religion and the "do-gooder" description of missionaries in EFA and UNESCO reach into ego-complimentary as they attempted to flatter me with their idea of what it means to be a "good" person.
The email did, however, meet every marker of logos, with contact information represented with not only two places of employment but a phone number and the address where the house is available for rent. The houses' listings on Zillow and other real estate websites also added to the credibility of the existing house - it wasn't merely a random picture of a property; it was a picture of a house we could physically view. The listing had a legitimate, real address, and while the facts presented, such as the house being for rent, were not true to a less-paranoid and suspicious observer, they might as well have been. Financial specificity was in the amount of rent and security deposit. The format was slightly relevant; it was a letter, and the author certainly tried to follow conventions, but it generally was written poorly. Finally, like many others, the individual could not meet in person, but could conduct business through the mail due to being out of state.
No sense of urgency was present, but the email did meet 13 out of 19 markers, so it makes a good example of a personal solicitation email. While I was disappointed that a decent property ended up being yet another craigslist scam, it made a great (and hilarious) example in my phishing email analysis, so I'm happy with the results.
This was a rather odd email. I received a seemingly disappointed yet urgent notice from Elizabeth Lyonsfield. Meeting absolutely none of the ethos markers Ross defined, I had no idea how to assess who this woman was or why she was contacting me. Pathos was constructed through ego-poor letter construction, ut only because the grammar and capitalization were suspects. Elizabeth meets logos only through having a proper letter format. She pleads for me to react urgently, and states, "I hope to hear back from you soonest." But since I have no idea who she is, where she's from, or what she wants, I didn't respond. Only receiving 3 out of 19 markers makes this personal solicitation email a poor example.
This phishing email was bland and generally did not show many categorical markers in personal solicitation emails. Ethos was constructed through an institutional marker, "DBS Singapore." There is no indication of what DBS Singapore is, so calling it a marker is generous. Presumably located in Singapore, this would also pull on nationality category, but aside from a location, there are no visible markers apart from an odd capitalization on Private. I feel I'm reaching with both characteristics since they're the only definable ethos traits in Ross' framework present and barely present at that. Pathos is seen through the ego-poor letter construction category. There is only a single sentence in the letter, which I'm guessing is an attempt to get you to respond for more information. Logos was straightforward with the financial specificity category, stating that the proposal was for €58 million. The format was that of a letter - greeting, middle, end - but not so much informative. Notably, there was a lack of urgency in this email. Barely meeting 5 of 19 categories, it does not make an effective personal solicitation email but is still technically a phishing email.
People fall for overly emotive text with remarkably (un)reasonable requests that you provide private information to an unknown individual for millions of dollars out of the blue. Rhetoric helps us understand how this language works because the emails expertly command the appeals to convince the audience they're legitimate, even if they appear poorly constructed. A rhetorical situation creates itself via manufactured intent, whether helping, following up on a request, or whatever situation the phisher decided to develop. These emails are remarkably effective in the case of the "reverse-phishing" scams, such as rental property ads; someone will compromise themselves if they're not on alert.
Ross notes that "the less time an audience thinks they have, the less time they will take to analyze the email," and I would agree with him on that. These emails work because people are pressed for time, distracted, or whatever reason exists that would make someone let their guard down. Many of the same emails I received are found online as phishing templates because they are successful enough to keep being used. It's easy to deconstruct an email and say, "Hey, this is obviously a phishing email - look how bad it is!" But if you put yourself into the context of someone feeling desperate for a big break or exhausted and thinking they're responding to a previous contact, it's no wonder these emails work so well. It doesn't matter if the facts aren't real. The only thing that matters is convincing the audience what's said is legitimate.
Please continue on to the spearphishing analysis.