Profile of likely e-mail phishing victims emerges in human factors/ergonomics research

July 25, 2013

The author of a paper to be presented at the upcoming 2013 International Human Factors and Ergonomics Society Annual Meeting has described behavioral, cognitive, and perceptual attributes of e-mail users who are vulnerable to phishing attacks. Phishing is the use of fraudulent e-mail correspondence to obtain passwords and credit card information, or to send viruses.

In "Keeping Up With the Joneses: Assessing Phishing Susceptibility in an E-mail Task," Kyung Wha Hong discovered that people who were overconfident, introverted, or women were less able to accurately distinguish between legitimate and phishing e-mails. She had participants complete a personality survey and then asked them to scan through both legitimate and phishing e-mails and either delete suspicious or spam e-mails, leave legitimate e-mails as is, or mark e-mails that required actions or responses as "important."

"The results showed a disconnect between confidence and actual skill, as the majority of participants were not only susceptible to attacks but also overconfident in their ability to protect themselves," says Hong. Although 89% of the participants indicted they were confident in their ability to identify malicious e-mails, 92% of them misclassified phishing e-mails. Almost 52% in the study misclassified more than half the phishing e-mails, and 54% deleted at least one authentic e-mail.

Gender, trust, and personality were correlated with phishing . Women were less likely than men to correctly label phishing e-mails, and subjects who self-reported as "less trusting, introverts, or less open to new experiences" were more likely to delete legitimate e-mails.

Hong will continue to develop a user profile that can predict when and with whom phishing attacks are likely to be successful. Information gained in these studies will be used to design effective tools to prevent and combat phishing .

Explore further: Official-looking e-mails claiming to be from IRS are fraudulent

Related Stories

Hackers turn PlayStation into pay station

May 10, 2011

In late April, a hacker crippled Sony’s PlayStation Network by stealing the names, home addresses and perhaps even the credit card numbers of some 70 million subscribers, who play and download games through the online ...

Google finds hack attempts on eve of Iran election

June 13, 2013

(AP)—Google says it has discovered and stopped a series of attempts to hack the accounts of tens of thousands of Iranian users in an effort the company believes is an attempt to influence the country's upcoming election.

'Phishing' scams explode worldwide, researchers shows

June 21, 2013

Those insidious email scams known as phishing, in which a hacker uses a disguised address to get an Internet user to install malware, rose 87 percent worldwide in the past year, a security firm said Friday.

Recommended for you

Smart home heating and cooling

August 28, 2015

Smart temperature-control devices—such as thermostats that learn and adjust to pre-programmed temperatures—are poised to increase comfort and save energy in homes.

Smallest 3-D camera offers brain surgery innovation

August 28, 2015

To operate on the brain, doctors need to see fine details on a small scale. A tiny camera that could produce 3-D images from inside the brain would help surgeons see more intricacies of the tissue they are handling and lead ...

Team creates functional ultrathin solar cells

August 27, 2015

(Phys.org)—A team of researchers with Johannes Kepler University Linz in Austria has developed an ultrathin solar cell for use in lightweight and flexible applications. In their paper published in the journal Nature Materials, ...

Interactive tool lifts veil on the cost of nuclear energy

August 24, 2015

Despite the ever-changing landscape of energy economics, subject to the influence of new technologies and geopolitics, a new tool promises to root discussions about the cost of nuclear energy in hard evidence rather than ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.