The use of information-rich phishing scams can alter recipients' cognitive processes, making them more likely to fall victim to the emails, according to a study led by University at Buffalo professor Arun Vishwanath.
The study involved 125 undergraduate university students who received an experimental phishing email from a Gmail account prepared for use in the study. The message's reply-to address and sender's address both included the name of the university. The email emphasized urgency and fear by saying there was an error in the recipient's email account settings that required them to use an enclosed link to access their settings in order to resolve the problem. The recipient had to do so within a short time period or they would no longer have access to the account. Vishwanath says 49 participants replied to the phishing request immediately and another 36 replied after a reminder. The phishing attack had an overall success rate of 68 percent.
Vishwanath says information-rich emails include graphics, logos, and other brand markers that suggest authenticity and also create a feeling of social presence. He notes such social presence makes a message appear more personal and curbs distrust, while also encouraging "heuristic processing, marked by less care in evaluating and responding to it."
From University at Buffalo News
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA