In an era dominated by digital interactions, phishing campaigns have evolved to exploit not just technological vulnerabilities but also human traits. This study takes an unprecedented deep dive into large-scale phishing campaigns aimed at Meta's users, offering a dual perspective on the technical mechanics and human elements involved. Analysing data from over 25,000 victims worldwide, we highlight the nuances of these campaigns, from the intricate techniques deployed by the attackers to the sentiments and behaviours of those who were targeted. Unlike prior research conducted in controlled environments, this investigation capitalises on the vast, diverse, and genuine data extracted directly from active phishing campaigns, allowing for a more holistic understanding of the drivers, facilitators, and human factors. Through the application of advanced computational techniques, including natural language processing and machine learning, this work unveils critical insights into the psyche of victims and the evolving tactics of modern phishers. Our analysis illustrates very poor password selection choices from the victims but also persistence in the revictimisation of a significant part of the users. Finally, we reveal many correlations regarding demographics, timing, sentiment, emotion, and tone of the victims' responses.

翻译：在数字交互主导的时代，钓鱼活动已演进为不仅利用技术漏洞，更利用人类特性的攻击手段。本研究以前所未有的深度剖析针对Meta用户的大规模钓鱼活动，从技术机制与人文要素双重视角展开分析。基于对全球超过25000名受害者数据的分析，我们揭示了这些活动的细微之处，涵盖攻击者部署的精妙技术，以及目标用户的情感与行为模式。与以往在受控环境中开展的研究不同，本调查直接取自活跃钓鱼活动所提取的广泛、多样且真实的原始数据，从而能够更全面地理解驱动因素、促进条件及人为要素。通过运用包括自然语言处理和机器学习在内的先进计算技术，本研究揭示了关于受害者心理与现代钓鱼者不断演变策略的关键洞察。分析表明，受害者普遍存在极差的密码选择习惯，同时相当比例的用户持续遭受二次侵害。最终，我们揭示了受害者在人口统计特征、时间分布、情感、情绪及回复语气等多维度上的显著关联性。