Saved in:
Bibliographic Details
Main Authors: Menon, Mythili, Vinayaga-Sureshkanth, Nisha, Schon, Alec, Hemberger, Kaitlyn, Jadliwala, Murtuza
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2509.04700
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866918141051797504
author Menon, Mythili
Vinayaga-Sureshkanth, Nisha
Schon, Alec
Hemberger, Kaitlyn
Jadliwala, Murtuza
author_facet Menon, Mythili
Vinayaga-Sureshkanth, Nisha
Schon, Alec
Hemberger, Kaitlyn
Jadliwala, Murtuza
contents Phishing and sophisticated email-based social engineering attacks disproportionately affect vulnerable populations, such as refugees and immigrant students. However, these groups remain understudied in cybersecurity research. This gap in understanding, coupled with their exclusion from broader security and privacy policies, increases their susceptibility to phishing and widens the digital security divide between marginalized and non-marginalized populations. To address this gap, we first conducted digital literacy workshops with newly resettled African refugee populations (n = 48) in the US to improve their understanding of how to safeguard sensitive and private information. Following the workshops, we conducted a real-world phishing deception study using carefully designed emails with linguistic cues for three participant groups: a subset of the African US-refugees recruited from the digital literacy workshops (n = 19), African immigrant students in the US (n = 142), and a control group of monolingual US-born students (n = 184). Our findings indicate that while digital literacy training for refugees improves awareness of safe cybersecurity practices, recently resettled African US-refugees still face significant challenges due to low digital literacy skills and limited English proficiency. This often leads them to ignore or fail to recognize phishing emails as phishing. Both African immigrant students and US-born students showed greater caution, though instances of data disclosure remained prevalent across groups. Our findings highlight, irrespective of literacy, the need to be trained to think critically about digital security. We conclude by discussing how the security and privacy community can better include marginalized populations in policy making and offer recommendations for designing equitable, inclusive cybersecurity initiatives.
format Preprint
id arxiv_https___arxiv_org_abs_2509_04700
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Linguistic Hooks: Investigating The Role of Language Triggers in Phishing Emails Targeting African Refugees and Students
Menon, Mythili
Vinayaga-Sureshkanth, Nisha
Schon, Alec
Hemberger, Kaitlyn
Jadliwala, Murtuza
Computers and Society
Phishing and sophisticated email-based social engineering attacks disproportionately affect vulnerable populations, such as refugees and immigrant students. However, these groups remain understudied in cybersecurity research. This gap in understanding, coupled with their exclusion from broader security and privacy policies, increases their susceptibility to phishing and widens the digital security divide between marginalized and non-marginalized populations. To address this gap, we first conducted digital literacy workshops with newly resettled African refugee populations (n = 48) in the US to improve their understanding of how to safeguard sensitive and private information. Following the workshops, we conducted a real-world phishing deception study using carefully designed emails with linguistic cues for three participant groups: a subset of the African US-refugees recruited from the digital literacy workshops (n = 19), African immigrant students in the US (n = 142), and a control group of monolingual US-born students (n = 184). Our findings indicate that while digital literacy training for refugees improves awareness of safe cybersecurity practices, recently resettled African US-refugees still face significant challenges due to low digital literacy skills and limited English proficiency. This often leads them to ignore or fail to recognize phishing emails as phishing. Both African immigrant students and US-born students showed greater caution, though instances of data disclosure remained prevalent across groups. Our findings highlight, irrespective of literacy, the need to be trained to think critically about digital security. We conclude by discussing how the security and privacy community can better include marginalized populations in policy making and offer recommendations for designing equitable, inclusive cybersecurity initiatives.
title Linguistic Hooks: Investigating The Role of Language Triggers in Phishing Emails Targeting African Refugees and Students
topic Computers and Society
url https://arxiv.org/abs/2509.04700