Roughly half of people who receive messages from strangers click on foreign links even though a large majority know of the inherent risks.
Security researchers at a German university conducted a test on 1,700 test subjects, and the results revealed that people were very willing to open Uniform Resource Locators (URLs) from email addresses or Facebook accounts they are unfamiliar with.
The first trial included messages with the recipient first name, and the second did not contain any personal names.
The first phase of testing yielded clicks from 56 percent of email targets and 38 percent of the Facebook message recipients. Conversely, only 20 percent of email recipients in the second experiment clicked on the links, but “the percentage of Facebook users who did so went up to 42 percent.”
“The overall results surprised us as 78 percent of participants stated in the questionnaire that they were aware of the risks of unknown links,” explains Dr. Zinaida Benenson of Friedrich-Alexander University in Erlangen-Nuremberg who led the study.
In total (both Facebook and email testing), around 20 and 16 percent of people from the two trials said they clicked on the link, but after the researchers analyzed the actual clicks, results revealed that 45 and 25 percent of the subjects respectively had selected to open the URLs.
The majority of the test subjects who clicked on the URLs said their decision was based on curiosity. According to the study’s published findings, many people said that the email address contained a name of someone they knew. Some even justified their careless actions by explaining that they “had been to a party the previous week where there were people they did not know.”
Unlike traditional “phishing,” which has been around since the invention of email and involves attackers indiscriminately sending out malicious messages to as many people as possible, “spear phishing” is a relatively new phenomenon.
Hackers and fraudsters, often looking for ways to cheat people out of money, use this tactic in which an email is likely to appear from an individual or business that the recipient knows. Spear Phishing is a ploy that has become wildly popular for cybercriminals in recent years.
While standard phishing decreased from 300 billion messages per day to 40 billion between 2010 and 2011, the InfoSec Institute reports that in the same time period, “spear phishing grew by 300% and for a good reason: a spear phishing campaign is calculated to provide ten times the ROI [return of investment] compared to mass phishing attempts.”
Victims open spear phishing emails in 70 percent of cases and normal mass spam emails are opened at a rate of 3 percent, according to the InfoSec Institute’s “A Brief History of Spear Phishing.”
Many people are presumably fully aware that it is not prudent or advisable to click on strange links from unfamiliar email addresses.
“But what conclusions can be drawn from the experiment? ‘I think that, with careful planning and execution, anyone can be made to click on this type of link, even it’s just out of curiosity,” Benenson says. “I don’t think one hundred percent security is possible. Nevertheless, further research is required to develop ways of making users, such as employees in companies, more aware of such attacks.”
Send tips to [email protected].
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact [email protected].