Skip to main content

Not so fast! Research shows we’re overconfident at spotting phishing emails

Think you know a phishing email when you see one? Not so fast. Most people are overconfident when it comes to identifying potentially dangerous emails and often get it wrong.

According to new research from the University of Texas at Arlington, our judgmental confidence exceeds our actual performance in decision making when identifying a malicious email. As a result, we’re even more at risk of breach than ever, even when we think we’re safe.

Recommended Videos

Overconfidence in Phishing Email Detection was published recently in the Journal of the Association for Information Systems.

In the study, about 600 people took part in the experiment to see if they could recognize phishing emails. Each participant was shown 18 emails from banks like Bank of America and Chase. About half of them were legitimate emails from those banks. The other half were phishing emails purporting to be from these companies.

Simple things like being familiar with the business sending the email increased overconfidence and by placing a greater cognitive effort into examining these emails can decrease this overconfidence. That may be easier said than done, though.

“We found out that many people are overconfident. In other words, a lot of people thought they had made correct judgment on an email, yet they did not. Their confidence is a poor indicator for their actual performance,” said co-author Jinggou Wang. “Therefore, one suggestion from the study is that following one’s confidence on judgment to take subsequent actions on an email may not be recommended.”

The study proves that phishing, although a classic method of infiltration, is still an effective way to dupe people. We deal with so many messages daily that it’s easy to fall for the scams at least half of the time.

Wang is currently in the middle of further research into phishing that looks at how users respond to phishing emails when they discover them. “They might just decide to delete everything, which isn’t effective or worthwhile,” he said.

The researchers believe that by analyzing how people identify and react to phishing emails will help businesses and users alike get better at reducing the amount of malicious emails sent and received.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
The Samsung Odyssey G8 gaming monitor is a steal with this deal
Uncharted Legacy of Thieves collection running on Samsung Odyssey Neo G8.

If your dream PC gaming setup is still missing a screen, we highly recommend taking a look at Samsung monitor deals for nice bargains. Here's one that's available right now: the 32-inch Samsung Odyssey Neo G8 gaming monitor with a $550 discount, which almost halves its original price of $1,300 to only $750. You shouldn't be wasting time though, as the offer may disappear at any moment -- you're going to have to proceed with your purchase immediately in order to secure the savings.

Why you should buy the 32-inch Samsung Odyssey Neo G8 gaming monitor

Read more
This Lenovo ThinkPad is usually $2,059 — today it’s under $1,000
The Lenovo ThinkPad L13 Yoga 2-in-1 laptop in tablet mode.

You can enjoy the best of both worlds between laptop deals and tablet deals if you go for a 2-in-1 laptop like the Lenovo ThinkPad L13 Yoga Gen 4, which is currently on sale from Lenovo itself at 54% off. Its estimated value of $2,059 may seem a bit too high, but in any case, it's a smart purchase at its discounted price of just $931. You'll have to be quick in finishing the purchase process for this device though, as it may be back to its regular price as soon as tomorrow.

Why you should buy the Lenovo ThinkPad L13 Yoga Gen 4 2-in-1 laptop

Read more
‘You can’t lick a badger twice’: How Google’s AI Overview hallucinates idioms
Samples of Google AI Overview errors.

The latest AI trend is a funny one, as a user has discovered that you can plug a made-up phrase into Google and append it with "meaning," then Google's AI Overview feature will hallucinate a meaning for the phrase.

Historian Greg Jenner kicked off the trend with a post on Bluesky in which he asked Google to explain the meaning of "You can't lick a badger twice." AI Overview helpfully explained that this expression means that you can't deceive someone a second time after they've already been tricked once -- which seems like a reasonable explanation, but ignores the fact that this idiom didn't exist before this query went viral.

Read more