Blatant nosiness is the reason why email users click on the links embedded within electronic messages, according to university researchers.
This new evidence, discovered in a study, throws into question the basic premise behind phishing. That presumption is that when an iffy email looks like it comes from a legitimate organization, but contains a link to a bogus website where financial details are guzzled by bad guys, that gullible people are being bamboozled by the apparent legitimacy of the email.
+ Also on Network World: 10 companies that can help you fight phishing +
That’s in fact incorrect, computer science experts from Friedrich-Alexander-Universität in Germany believe. In reality, people are so curious that they will click on the link anyway. And that’s even though they know the link may be perilous.
Half of users click on hyperlinks that are sent from people they don’t know, the university discovered. But “most people know that emails and Facebook messages from unknown senders can contain dangerous links,” the researchers say in their press release.
“Many users still click on them,” it says. And it says it has evidence that not only are its findings correct, but also that some users deny they’ve done it.
The team sent 1,700 fellow students two batches of emails or Facebook messages using a fake sender name. The signatures were from “one of the 10 most common names for the target group’s generation.”
Both tranches of messages included a link to supposed images of a party the previous weekend. The first chunk used the recipients’ first names, and the second was generic, although that tranche included specific information about the event—it was a New Year’s Eve party, they were told.
Various Facebook accounts were also set up.
Overall 56 percent of email recipients and 40 percent of Facebook users clicked on the link. A follow-up questionnaire asking the recipients if they knew that clicking on links might be problematic revealed that over three-fourths of the respondents (78 percent) were aware of it.
“Seventy eight percent of participants stated in the questionnaire that they were aware of the risks of unknown links.”
Why do they click?
When asked why they did it, the “large majority” indicated: “curiosity with regard to content of the photos or the identity of the sender.” Others’ justifications included that they’d been to a party the previous weekend, and more rationalized that they thought they knew the name of the sender.
Interestingly, the tally for those who admitted clicking on the innocuous little blue link did not match the totals of those who actually did the deed. Through a checking system, the scientists found that many more actually clicked the link (45 percent in one group) than those who said they did (20 percent in the same group).
The researchers, somewhat benevolently, think the mismatch might be “due to participants simply forgetting the message with the link after having clicked on it.” One might also guess they could be fibbing.
Users don't pay attention
Computer users aren’t spending enough time attempting to identify phishing, a separate, unrelated study said in 2015. Using eye movement tracking and brain activity measurements, University of Alabama at Birmingham scientists say they discovered a lack of attentiveness, predominantly from people who were generally un-attentive in nature, which was causing phishing successes.
Real-time neural scanning could be a way to identify whether people were alert enough to open emails, those scientists suggested.
This article is published as part of the IDG Contributor Network. Want to Join?