SIDN Labs researcher awarded doctorate for phishing study

Elmer Lastdrager, research engineer SIDN Labs, spent six years studying various aspects of phishing. On 9 February, Lastdrager will be awarded a doctorate for his work.

For his doctoral research at the University of Twente, Elmer Lastdrager spent six years studying various aspects of phishing. He analysed 700,000 phishing e-mails. "Recipients judge credibility mainly on the basis of a message's content, sender and length. They don't pay much attention to technical aspects." On 9 February, Lastdrager will be awarded a doctorate for his work.

Around the world, scammers send billions of phishing e-mails a year. For his doctoral research at the University of Twente, Elmer Lastdrager studyied various aspects of phishing. "One of the main tactics used by fraudsters is to create a sense of urgency. Act now, or your bank card will be blocked." It might sound like a transparent trick, but it works. Recipients are more likely to respond positively to a message that makes the situation seem urgent. Urgency tends to make people disregard warning signs, such as their computer telling them that the link may be unsafe. "Another well-known but effective trick is to claim authority. Fraudsters like using the names of respected financial institutions, for example."

Spotting scams

Lastdrager says that it's actually very easy to recognise phishing e-mails.

Lastdrager's research shows that, unfortunately, consumers often don't think about such 'technical aspects' of the mail they receive. "They judge credibility mainly on the basis of a message's content, sender and length."The good news is that people can easily be taught to recognise phishing mail. For example, Lastdrager developed a forty-minute training module for eight-to-thirteen-year-olds, by the end of which youngsters were adept at spotting scams. However, like other researchers before him, Lasdrager found that the knowledge didn't stick. Four weeks after doing the module, the youngsters' scores were back to where they were before. Lastdrager therefore believes that the issue requires continuous attention.

700,000 messages

An average of 70 thousand phishing e-mails a month are referred to the Fraudehelpdesk, an organisation that works to tackle abuse. The majority – 64 per cent – come from private e-mail addresses. Lastdrager analysed a total of 700,000 e-mails, looking for patterns in his enormous data set. One thing he found was that scammers often reuse the same messages. Looking at messages that had been reported to the Fraudehelpdesk by at least five people, he found that they were recycled an average of 3.6 times, with an average interval of 49 days.Phishing e-mails are sent throughout the day, but there's a small peak at about 1pm. And scammers seem to have a preference for the first part of the week. On Fridays, and especially at the weekend, they send far fewer messages. Users mainly open the e-mails during office hours, even the ones from private addresses. The peak time for looking at scam messages is Monday morning.In the Netherlands, a sizeable majority of phishing e-mails (70 to 83 per cent) claim to be from banks and other financial institutions. Lastdrager has compared his Dutch data with the largest available dataset from the US. Strikingly, far more messages pretend to be from shops, internet service providers and telecom companies in the US than in the Netherlands. Out of the people who reported messages to the Fraudehelpdesk, 69 per cent said that they were suspicious because they weren't customers of the company that the message claimed to come from.


Lastdrager will publicly defend his thesis From fishing to phishing at 4:30pm on Friday 9 February. The venue is the Professor G. Berkhoff Lecture Theatre in the Waaier Building on the University of Twente campus. The research project was supervised by Pieter Hartel of the university's Services, Cybersecurity and Safety Department and Marianne Junger of the Industrial Engineering and Business Information Systems Department. Lastdrager currently works at SIDN Labs, the research division of SIDN, the registry for the .nl domain.Source: University of Twente



Elmer Lastdrager

Research engineer

+31 26 352 55 00

  • Monday 12 November 2018


    How to spot a fake URL


    Tips to spot a fake URL

    Read more
  • Friday 15 March 2019


    Security of smart devices more important than ever


    Market for smart home products is growing

    Read more
  • Thursday 5 September 2019


    Evaluation of validating resolvers on Linux: Unbound and Knot Resolver recommended


    "Systemd-resolved and Dnsmasq have serious bugs"

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.