Unmasking persuasion in phishing: a content analysis of principles of persuasion in emails and subject lines

Purpose This study aims to identify and analyse the persuasive principles employed in phishing emails through a detailed content analysis of both email subject lines and entire email contents. It investigates how these persuasion principles differ between subject lines and full email content, examines trends in their use over time and identifies common combinations of persuasion strategies used by attackers. Design/methodology/approach A qualitative content analysis was conducted on 200 phishing email samples selected systematically over a ten-year period from the phishing database. The analysis employed NVivo software, guided by the Principles of Human Persuasion in Social Engineering framework proposed by Ferreira and Teles (2019). This framework facilitated systematic coding based on five main principles (Authority, Social Proof, Deception, Distraction and Integrity) and their sub-principles. Findings The analysis revealed distinct differences in the application of persuasion principles between email subject lines and entire email contents. Subject lines predominantly employed Authority and Distraction to elicit immediate responses, while full email content relied more heavily on Deception, Distraction, Integrity and Reciprocation to construct convincing narratives. Trends indicated an evolving strategic shift among attackers, highlighting increased usage of Deception and decreased reliance on Authority over time. Additionally, the most frequent combinations identified were Authority with Distraction for subject lines, and Deception with Distraction and Integrity for entire email contents. Practical implications Findings from this study suggest that phishing detection systems and training programs must be designed with sensitivity to nuanced persuasion techniques. Training should emphasize recognizing subtle persuasive cues in full email narratives in addition to immediate triggers present in subject lines, adapting to evolving phishing methodologies over time. Originality/value Unlike previous studies primarily focused on user vulnerabilities, this research uniquely examines how attackers strategically apply persuasion principles within phishing emails themselves, considering both immediate (subject lines) and extended (email content) engagement. This dual-level, temporally comparative analysis provides deeper insight into the evolution and complexity of phishing tactics, particularly relevant in the era of generative artificial intelligence that minimizes detectable technical errors in phishing communications.