3 Signs Youre Phishing Bait

Beware, introverts and overconfident people. Phishers love to fool you, email security researchers say.

10 Top Password Managers(click image for slideshow)
Are you overconfident, introverted or female? Then you might be more susceptible to phishing attacks, in which emails with malicious links or attachments are disguised to make them appear to be legitimate.
Those findings come from Keeping Up With the Joneses: Assessing Phishing Susceptibility in an E-mail Task, a research paper thats due to be presented at the
International Human Factors and Ergonomics Society Annual Meeting
next month. The study, which was authored by five researchers at North Carolina State University (NC State), is part of a phishing-defense research project funded by the National Security Agency.
For the study, the NC State researchers combined personality assessments with tests of students ability to correctly classify emails as being legitimate or suspicious in targeting for deletion. They also assessed peoples ability to mark as important emails that required responses or follow-on actions.
[ Are you scam savvy? Protect yourself:
How To Spot A Facebook Scam
. ]
The results showed a disconnect between confidence and actual skill, as the majority of participants were not only susceptible to attacks but also overconfident in their ability to protect themselves, said Kyung Wha Hong, the lead author of the paper, in a statement. Notably, 89% of the study participants said they were skilled at recognizing malicious emails, but researchers saw 92% of participants misclassify at least some phishing emails. Furthermore, 52% of participants misclassified over half of the phishing emails, and half of participants deleted at least one legitimate email, believing it to be malicious. All told, only 2% of participants managed to not mishandle either phishing or legitimate communications.
Thus the Joneses research papers conclusion: gender, dispositional trust, and personality appear to be associated with the ability to correctly categorize emails as either legitimate or phishing.
Paper co-author Christopher B. Mayhorn, an NC State psychology professor, said the dispositional trust finding -- which refers to peoples self-assessment of their own expertise -- wasnt a surprise, but that the personality results were. He said the verdicts still out on whether women are more likely phishing victims than men, owing to the groups of students involved having hailed only from the universitys psychology and computer science (CS) departments. I am cautious about making too much of the gender difference because we also found that there were differences between computer science and psychology students in terms of phishing susceptibility, he said, noting that most psychology students were female and most of the CS students were male. In other words, CS students in general, thanks to their computing expertise -- relative to the rest of society -- might be better at avoiding phishing attacks.
Going forward, the researchers plan to expand their research beyond the tested students -- who were all aged 18 and 27 -- to cover professionals in the workplace. They already conducted related studies of employees of an unnamed government agency, although have yet to analyze the results.
How might these findings be applied?
Hongs academic profile
notes that the goal of the phishing research project is to develop better phishing susceptibility profiles and anti-phishing tools.
Many of the anti-phishing tools that are currently available are not based on research with human users, so we think we can do better in developing an effective tool that can be personalized to meet the needs of individual users, said Mayhorn. Such a training tool might require users to respond to a short survey taking 15 minutes or less that gauges their phishing awareness. Another option might be a system along the lines of Amazon.coms artificial intelligence
predictive buying
algorithms, only tailored to assess what types of risky behaviors people might exhibit as they handle their email.
Either approach would allow a training tool to build a better profile of individual users and target any risky behavior. If one person is susceptible due to trust-based issues, but another is susceptible due to attacks that cater to their personality traits, it would be useful to have systems that can address specific needs -- not one size fits all systems ... that attempt to address everything, which may not be necessary, said Mayhorn.
Some information security experts, however, have argued that in general, attempting to train users in security is a
waste of time
. But given the
quantity
and
severity
of phishing attacks -- now a favored tool of todays
advanced persistent threat
(APT) attackers -- as well as the inability of security tools to block all phishing attacks, might not related training be a necessity?
Mayhorn argued that training and technological defenses must supplement each other. Unfortunately, technological approaches will not always be responsive to new threats, he said. Cyber-criminals will continue to come up with new ways to attack and security measures will always be reactive rather than proactive. As long as there is a human in the loop, there is always going to be the potential for security breaches so we need to use both approaches -- training and security approaches -- to combat efforts to exploit computer systems.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
3 Signs Youre Phishing Bait