By now most of us can sniff out blatant spam. Nigerian princes are never going to wire transfer anyone real money, and our friends are never going to start sending us suspiciously generic weight loss links on Twitter and Facebook.
But sometimes it gets confusing. I spent about 20 minutes last week trying to figure out whether I’d get a computer virus from watching that twerking girl who set herself on fire. (No virus, but I did lose a decent amount of self respect!)
So yes, some spammer tactics can fool even the most tech-savvy Internet users. And some people are more susceptible than others to these attacks, and researchers from the Polytechnic Institute of New York University looked into the psychology behind clicking on bad links to find out why some people just can’t resist phishing attacks.
Their research indicates that certain personality types are more vulnerable to phishing attacks. They used the “big five” personality framework in their assessment, taking a look at neuroticism, extroversion, openness, agreeableness, and conscientiousness as potential factors. The researchers hope that they can help develop customized security measures for personality types more likely to succumb to online attacks.
People who participated in the study took a questionnaire to determine where they fell on the personality spectrum. In addition to the standard test administered to delve into these personality categories, the researchers added some questions that would gauge how often people used the Internet and how preoccupied with Internet culture they were. The test subjects also filled out a questionnaire about their Facebook habits and how they assess risk involved with sharing information online.
Then the researchers started getting tricky. They sent each person participating in the study an identical spam email promising a free Apple computer. They included a few classic phishing tip-offs to give the subjects chances to identify the email as suspicious — there were spelling mistakes, the link text didn’t match the link address, and a number of other problems. The students who clicked on the link were directed to a screen and asked to log in. Those who did were considered phished.
And 17 percent of the test subjects were finished, a high number considering all of the test subjects were all university students who grew up using e-mail.
There was one stark, sad predictor when it came to who got phished: While 14 percent of the male test subjects clicked on the log-in link, more than half of the women were gullible enough to click on the link — 53 percent of the female participants did. The women who clicked on the links tended to have neuroticism as a primary personality category, while the men who clicked on it were more of a mixed group, without any one personality trait more likely to fall for the trick than any other.
So the research reveals the group of people most likely to click on link-bait — neurotic women — but it also looked at whether they could predict the likelihood of people clicking on phish-based on their Facebook activity.
Their test found a link between Facebook use and phishing susceptibility: “This result points to the fact that there is a correlation between Facebook activity and phishing response. This indicates that being more active in online social networks may cause higher susceptibility to such attacks. Therefore, people who feel more comfortable with online communication and expressing themselves online may also be more likely to respond to phishing emails,” the researchers wrote.
This might be counter-intuitive, since one might assume that people who spend more time online would be better at detecting spam, but they’re not — and even people who said that they were highly concerned that their passwords would be stolen were just as likely to take the bait as people who were not concerned.
The conclusion focused on how women with neurosis are most likely to fall victim to phishing schemes involving prizes, and that people who engage on Facebook more regularly are more vulnerable to security attacks because they often have less restrictive privacy settings. It should be mentioned that women are also the highest users of Facebook, so there’s a correlation there.
The researchers recommended that future work focus on different types of email, and it will be interesting to see if Google’s decision to split email into tabs will have an impact on the frequency of spamming, since many of the messages that would’ve sneaked through may be relegated to the promotions tab or stuck in the spam folder, while people who use other services may have a much higher chance of seeing spam in the first place.