Study looks at who gets phished by Internet scammers

Everyone is susceptible to a phishing attempt, says Teju Herath, shown here with a warning from Brock's ITS department about giving out user names and passwords.

Everyone is susceptible to a phishing attempt, says Teju Herath, shown here with a warning from Brock's ITS department about giving out user names and passwords.

Being technologically savvy does not mean you are safe from email phishing attempts. In fact, the more active someone is online, the more likely they are to be targeted.

Those are the findings of a recent study conducted by Teju Herath, an assistant professor of Information Systems at Brock, as part of a team at University at Buffalo (UB). The soon-to-be-published study found that the more email and online relationships you have, the more likely you are to receive a phishing attack.

The team looked at a phishing attempt targeted at UB staff and students, some of whom handed over their user names and passwords. They found that the more active someone is in cyberspace, the more phishing attempts they’ll receive, and the more email they get, the more likely they are to respond hurriedly and hand over personal information.

“Spam blockers are imperative to reduce the number of unnecessary emails individuals receive that could potentially clutter their information processing and judgment,” Herath said.

Phishing is particularly successful when the email appears to come from a relevant organization, such as the recipient’s bank or the administration where the recipient works. The only real cure is awareness and keeping users mindful, Herath said.

“Phishing awareness plays an important role,” she said. “Just because we have a high skill set in using the technology doesn’t mean we’re safe.”

Phishing is a process where emails appear to come from credible businesses – such as banks, charities or email providers – asking for the recipient’s personal information like usernames, passwords, bank account information or credit card details. The information is then used for nefarious purposes.

In addition to Herath, the research team included Arun Vishwanath and H. Raghav Rao from UB; Rui Chen from Ball State University, and Jingguo Wang from the University of Texas. Their findings will be published in the journal Decision Support Systems.

The study also recommends using different email accounts for personal and business use.

Phishing attempts only net information from three to five per cent of the users, Herath said. But that’s enough to do damage.

“If three per cent of account holders give out their information, that can have a large impact on an organization,” she said.

Posted on April 13, 2011

Leave a comment

 

Switch to our desktop site