Abstract
When people identify potential malicious phishing
emails one option they have is to contact a help desk to report
it and receive guidance. While there is a great deal of effort put
into helping people identify such emails and to encourage users to
report them, there is relatively little understanding of what people
say or ask when contacting a help desk about such emails. In this
work, we qualitatively analyze a random sample of 270 help desk
phishing tickets collected across nine months. We find that when
reporting or asking about phishing emails, users often discuss
evidence they have observed or gathered, potential impacts they
have identified, actions they have or have not taken, and questions
they have. Some users also provide clear arguments both about
why the email really is phishing and why the organization needs
to take action about it.
