SIDN Labs researcher awarded doctorate for phishing study

For his doctoral research at the University of Twente, Elmer Lastdrager spent six years studying various aspects of phishing. He analysed 700,000 phishing e-mails. "Recipients judge credibility mainly on the basis of a message's content, sender and length. They don't pay much attention to technical aspects." On 9 February, Lastdrager will be awarded a doctorate for his work.

Around the world, scammers send billions of phishing e-mails a year. For his doctoral research at the University of Twente, Elmer Lastdrager studyied various aspects of phishing. "One of the main tactics used by fraudsters is to create a sense of urgency. Act now, or your bank card will be blocked." It might sound like a transparent trick, but it works. Recipients are more likely to respond positively to a message that makes the situation seem urgent. Urgency tends to make people disregard warning signs, such as their computer telling them that the link may be unsafe. "Another well-known but effective trick is to claim authority. Fraudsters like using the names of respected financial institutions, for example."

Spotting scams

Lastdrager says that it's actually very easy to recognise phishing e-mails.

Lastdrager's research shows that, unfortunately, consumers often don't think about such 'technical aspects' of the mail they receive. "They judge credibility mainly on the basis of a message's content, sender and length."The good news is that people can easily be taught to recognise phishing mail. For example, Lastdrager developed a forty-minute training module for eight-to-thirteen-year-olds, by the end of which youngsters were adept at spotting scams. However, like other researchers before him, Lasdrager found that the knowledge didn't stick. Four weeks after doing the module, the youngsters' scores were back to where they were before. Lastdrager therefore believes that the issue requires continuous attention.

700,000 messages

An average of 70 thousand phishing e-mails a month are referred to the Fraudehelpdesk, an organisation that works to tackle abuse. The majority – 64 per cent – come from private e-mail addresses. Lastdrager analysed a total of 700,000 e-mails, looking for patterns in his enormous data set. One thing he found was that scammers often reuse the same messages. Looking at messages that had been reported to the Fraudehelpdesk by at least five people, he found that they were recycled an average of 3.6 times, with an average interval of 49 days.Phishing e-mails are sent throughout the day, but there's a small peak at about 1pm. And scammers seem to have a preference for the first part of the week. On Fridays, and especially at the weekend, they send far fewer messages. Users mainly open the e-mails during office hours, even the ones from private addresses. The peak time for looking at scam messages is Monday morning.In the Netherlands, a sizeable majority of phishing e-mails (70 to 83 per cent) claim to be from banks and other financial institutions. Lastdrager has compared his Dutch data with the largest available dataset from the US. Strikingly, far more messages pretend to be from shops, internet service providers and telecom companies in the US than in the Netherlands. Out of the people who reported messages to the Fraudehelpdesk, 69 per cent said that they were suspicious because they weren't customers of the company that the message claimed to come from.


Lastdrager will publicly defend his thesis From fishing to phishing at 4:30pm on Friday 9 February. The venue is the Professor G. Berkhoff Lecture Theatre in the Waaier Building on the University of Twente campus. The research project was supervised by Pieter Hartel of the university's Services, Cybersecurity and Safety Department and Marianne Junger of the Industrial Engineering and Business Information Systems Department. Lastdrager currently works at SIDN Labs, the research division of SIDN, the registry for the .nl domain.Source: University of Twente



Elmer Lastdrager

Research engineer

+31 26 352 55 00

  • Thursday 14 June 2018


    Green padlock symbol doesn't guarantee security. So what does?


    How can you show that your website is trustworthy?

    Read more
  • Wednesday 21 March 2018


    Webinar about the implications of the GDPR for domain name registration


    5 April 2018, 15:30 to 17:00 (CEST)

    Read more
  • Monday 22 July 2019


    ENTRADA 2.0 is here!


    Fully updated ENTRADA platform with Cloud support

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.