Skip to main content

Not so fast! Research shows we’re overconfident at spotting phishing emails

A hand on a laptop in a dark surrounding.
Image used with permission by copyright holder
Think you know a phishing email when you see one? Not so fast. Most people are overconfident when it comes to identifying potentially dangerous emails and often get it wrong.

According to new research from the University of Texas at Arlington, our judgmental confidence exceeds our actual performance in decision making when identifying a malicious email. As a result, we’re even more at risk of breach than ever, even when we think we’re safe.

Recommended Videos

Overconfidence in Phishing Email Detection was published recently in the Journal of the Association for Information Systems.

In the study, about 600 people took part in the experiment to see if they could recognize phishing emails. Each participant was shown 18 emails from banks like Bank of America and Chase. About half of them were legitimate emails from those banks. The other half were phishing emails purporting to be from these companies.

Simple things like being familiar with the business sending the email increased overconfidence and by placing a greater cognitive effort into examining these emails can decrease this overconfidence. That may be easier said than done, though.

“We found out that many people are overconfident. In other words, a lot of people thought they had made correct judgment on an email, yet they did not. Their confidence is a poor indicator for their actual performance,” said co-author Jinggou Wang. “Therefore, one suggestion from the study is that following one’s confidence on judgment to take subsequent actions on an email may not be recommended.”

The study proves that phishing, although a classic method of infiltration, is still an effective way to dupe people. We deal with so many messages daily that it’s easy to fall for the scams at least half of the time.

Wang is currently in the middle of further research into phishing that looks at how users respond to phishing emails when they discover them. “They might just decide to delete everything, which isn’t effective or worthwhile,” he said.

The researchers believe that by analyzing how people identify and react to phishing emails will help businesses and users alike get better at reducing the amount of malicious emails sent and received.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Just buy a new laptop? Here’s how to know if you should return it
An Apple MacBook Pro 14 sits open on a table.

So, you just bought a shiny new laptop and pulled it out of its box. You're dying to fire it up and start playing around with it -- I still have that feeling even after unboxing over 200 different machines. Each one is new and different, and that appeals to the part of our brains that craves novelty.

But there's no worse feeling than realizing there's a problem with it after your return period ends. There's no good reason to hold on to a machine with a significant flaw when a simple return is available, so here are a few things to look for that can help you avoid getting stuck with a lemon or spending hours dealing with warranty support.

Read more
How to take a screenshot on a Windows PC or laptop
Dell XPS 15 OLED laptop sitting on a small table.

Screenshots are incredibly helpful for capturing images on your desktop, but the method for taking one on a Windows laptop or PC may not be immediately obvious if you haven't done it before.

Read more
Leaked MSI presentation shows that Ryzen 9000X3D may fail to impress
AMD Ryzen 7 7800X3D sitting on a motherboard.

AMD's 3D V-Cache CPUs have been atop the list of the best gaming processors ever since the 5800X3D launched in 2022. It's no wonder that many gamers are anticipating the 9000X3D lineup, especially because the non-3D Zen 5 failed to move the needle in gaming scenarios. However, according to a new leak from a surprising source, we might not see much of a change going from the 7000X3D to the 9000X3D.

The information comes from a leaked MSI presentation that was reportedly posted by HardwareLuxx following a tour of the MSI factory. The slides appear to have been taken down, but other sources, such as VideoCardz, preserved them for all of us to see. Keep in mind that even though these look like they contain official MSI data, nothing is confirmed until the processors are out and being tested by reviewers.

Read more