Phishers rely on overconfidence, study shows
Many people believe they are smarter than the criminals behind phishing schemes, and are consequently caught out by them, research shows.
The study by HR Rao, AT&T Distinguished Chair in Infrastructure Assurance and Security at The University of Texas at San Antonio (UTSA), primarily examines overconfidence in detecting phishing emails.
Phishers have become skilled at deceiving people, with emails often appearing to come from well-known companies that are largely trusted by consumers.
"They're getting very good at mimicking the logos of popular companies," Rao said.
"A big advantage for phishers is self-efficacy. Many times, people think they know more than they actually do, and are smarter than someone trying to pull off a scam via an email."
The study focuses on different types of overconfidence, attempting to understand why certain tactics appeal to different people.
It utilised an experimental survey that asked subjects to choose between the genuine and the sinister emails that Rao and his colleagues had created for the project. Afterward, the subjects explained why they made their choices, which allowed Rao to classify which type of overconfidence was playing a role in their decision-making processes.
It is hoped that this will help to figure out ways to teach people to guard against the various methods used in phishing attacks.
Rao himself was nearly caught up in a phishing scam in 2016, when an email that appeared to be from UPS informed him that there was a problem with a package he had sent. Even Rao, a highly experienced cybersecurity researcher, nearly fell for the scam, as he happened to have recently mailed a package via UPS.
"In any of these situations, overconfidence is always a killer," he said.
"Thousands of emails are sent out every day with the aim of harming someone or gaining access to their financial information. Avoiding that kind of damage is entirely in our own hands."
Rao believes that people will continue to be victimised by phishing scams until the public becomes better educated and, subsequently, less overconfident. He has suggested citizen workshops or even an online game that would inform people of the newer everyday dangers of the internet.
CrowdStrike to buy Adaptive Shield
CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...
LockBit named nastiest malware of 2024
LockBit, a ransomware malware known to have been used to attack Australian targets, has been...
Extreme Networks launches ZTNA solution
Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...