Phishers rely on overconfidence, study shows


Friday, 13 January, 2017
Phishers rely on overconfidence, study shows

Many people believe they are smarter than the criminals behind phishing schemes, and are consequently caught out by them, research shows.

The study by HR Rao, AT&T Distinguished Chair in Infrastructure Assurance and Security at The University of Texas at San Antonio (UTSA), primarily examines overconfidence in detecting phishing emails.

Phishers have become skilled at deceiving people, with emails often appearing to come from well-known companies that are largely trusted by consumers.

"They're getting very good at mimicking the logos of popular companies," Rao said.

"A big advantage for phishers is self-efficacy. Many times, people think they know more than they actually do, and are smarter than someone trying to pull off a scam via an email."

The study focuses on different types of overconfidence, attempting to understand why certain tactics appeal to different people.

It utilised an experimental survey that asked subjects to choose between the genuine and the sinister emails that Rao and his colleagues had created for the project. Afterward, the subjects explained why they made their choices, which allowed Rao to classify which type of overconfidence was playing a role in their decision-making processes.

It is hoped that this will help to figure out ways to teach people to guard against the various methods used in phishing attacks.

Rao himself was nearly caught up in a phishing scam in 2016, when an email that appeared to be from UPS informed him that there was a problem with a package he had sent. Even Rao, a highly experienced cybersecurity researcher, nearly fell for the scam, as he happened to have recently mailed a package via UPS.

"In any of these situations, overconfidence is always a killer," he said.

"Thousands of emails are sent out every day with the aim of harming someone or gaining access to their financial information. Avoiding that kind of damage is entirely in our own hands."

Rao believes that people will continue to be victimised by phishing scams until the public becomes better educated and, subsequently, less overconfident. He has suggested citizen workshops or even an online game that would inform people of the newer everyday dangers of the internet.

Image credit: ©stock.adobe.com/au/Glebstock

Follow us on Twitter and Facebook

Related News

Veeam buys ransomware response company Coveware

Veeam has arranged to augment its cyber extortion incident response capabilities with the...

Commvault arranges to buy Appranix

Cyber resilience provider Commvault plans to leverage its acquisition of Appranix to help...

Fujitsu establishes security consulting division

Fujitsu's new digital security consulting division will help organisations prepare for and...

Content from other channels on our network

Cobalt Iron earns patent on analytics-based dynamic authorisation control

Shoalhaven City Council uses AI to deliver safer roads to the community

Smart technologies: helping councils improve community services and sustainability

Infrastructure projects a funding black hole without asset management

Gartner announces top government technology trends

Robotic lab enhances battery manufacturing

Machine learning used to create fabric-based touch sensor

Hybrid sodium-ion battery can be charged in a few minutes

Researchers develop energy-efficient probabilistic computer

Wearable sensor measures real skin feel

Virtual power plants installed at regional schools

Meeting demand for off-grid power generation

EV future for Monash Uni

Shell Cove battery launched on NSW South Coast

Million-dollar rooftop solar for Kimberley hospital

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd