Too Smart to Fall for a Phishing Ruse? Think Again!

Ever wonder how stupid or careless someone has to be to be fooled by a phishing scam? Well, according to research conducted by a group of German experts, virtually anyone can be fooled.

In their study “Unpacking Spear Phishing Susceptibility” the researchers showed that although email  phishing scams get more publicity, Facebook scams would appear to be more effective.

“By a careful design and timing of a message, it should be possible to make virtually any person click on a link, as any person will be curious about something, or interested in some topic, or find themselves in a life situation that fits the message’s content and context.”

The Goal of the Study

The researchers, sensing there was a dearth of research related specifically to spear phishing decided to create a study that would fill the gap. They constructed a study that would explore the differences in delivery medium effectiveness (Facebook vs. email) while at the same time quantify the personal motivations that led to people either clicking on the phishing link, or just as importantly, not clicking on the link.

The Phishing Scam

The selected participants were sent a phishing link either as part of an email or a personal Facebook message from fake, non-existing person. The message claiming the link led to pictures from a party.

Facebook Gets 2X Clickthrough Rate

As Table 2 shows, when the same phishing message is presented via Facebook as compared to email individuals are over 2X more likely to click on the link and begin the phishing process.

Source:  Zinaida Benenson, Robert Landwirth, Friedrich-Alexander-Universitat, Freya Gassmann, Universitat des Saarlandes

 

Why Did They Click?

Source:  Zinaida Benenson, Robert Landwirth, Friedrich-Alexander-Universitat, Freya Gassmann, Universitat des Saarlandes

Why Didn’t They Click?

Just as important to the researcher’s was attempting to understand why people didn’t click. Here is what they found.

Source:  Zinaida Benenson, Robert Landwirth, Friedrich-Alexander-Universitat, Freya Gassmann, Universitat des Saarlandes

How Can Konsultek Help?

Whenever humans are involved there are going to be errors in judgement and successful phishing. That’s why all of our custom security solutions take a holistic approach to network security using a proven model of intrusion prevention, detection and mitigation. When you are ready to take your network security to the next level, give us a call.

 

© Copyright 2018 Konsultek