Comprehensive List of User Deception Techniques in Emails
2026-04-06 • Cryptography and Security
Cryptography and SecurityHuman-Computer Interaction
AI summaryⓘ
The authors list 42 ways people can trick others using emails, with 64 specific examples. They organize these tricks based on parts of an email like the sender, links, attachments, and how emails are shown. Instead of saying which tricks are most dangerous, they explain how each trick works on its own. This list helps others create better protections and design safer email tools.
email deceptionsecurity indicatorsphishingemail attachmentsemail sender spoofingemail client designemail rendering environmentcybersecuritycountermeasuressocial engineering
Authors
Maxime Veit, Mattia Mossano, Tobias Länge, Melanie Volkamer
Abstract
Email remains a central communication medium, yet its long-standing design and interface conventions continue to enable deceptive attacks. This research note presents a structured list of 42 email-based deception techniques, documented with 64 concrete example implementations, organized around the sender, link, and attachment security indicators as well as techniques targeting the email rendering environment. Building on a prior systematic literature review, we consolidate previously reported techniques with newly developed example implementations and introduce novel deception techniques identified through our own examination. Rather than assessing effectiveness or real-world severity, each entry explains the underlying mechanism in isolation, separating the high-level deception goal from its concrete technical implementation. The documented techniques serve as modular building blocks and a structured reference for future work on countermeasures across infrastructure, email client design, and security awareness, supporting researchers as well as developers, operators, and designers working in these areas.