Email is ubiquitous, and in the context of phishing, it becomes critical, as risky behaviours like clicking on phishing links or downloading malicious files can lead to severe consequences. While much research exists on phishing susceptibility, there is still a gap in understanding factors that influence user micro-behaviour when interacting with phishing emails. To address this, we offer a tool, the Precision Email Simulator, to support phishing researchers, as well as considerations in conceptualising controlled `experimental simulation' studies, which are currently underutilised in phishing research. The Precision Email Simulator simulates real-world email inboxes and tracks precision user data, such as time spent on messages and eye-tracking for key areas like URLs and sender addresses. We discuss the practical uses of our simulator, and provide recommendations and guidelines of using our email simulator.
https://dl.acm.org/doi/10.1145/3706598.3714143
The ACM CHI Conference on Human Factors in Computing Systems (https://chi2025.acm.org/)