How user curiosity helps scammers reach their goal

Curiosity killed the cat. Pretty soon, it will probably kill your internet connected devices too. In spite of researchers’ constant warnings about online risks and vulnerabilities, users are still careless in their daily activity.

One in two users still clicks suspicious links from unknown senders, according to a study by German Friedrich-Alexander University. This reckless attitude exposes them to a number of attacks, phishing scams being the most popular. By launching phishing attacks, hackers steal financial information and login credentials, but also launch other scam campaigns through that user’s computer.

Ironically, some users still can’t tell the difference between a scam and the real deal, so Dr. Zinaida Benenson from FAU’s Chair of Computer Science 1 ran two tests on 1,700 FAU students to see which scam campaign proved more effective and why. Before the tests, respondents were asked to rate their knowledge of online security and risks.

The first test consisted in sending e-mails and Facebook messages using fake names and personally addressing the receivers with the most common 10 names. The link inserted in the body promised to take the users to pictures from a party. When clicked, the user received an ‘access denied’ page. While not as personal as the first test, the second also sent out e-mails and Facebook messages. The difference was in the details; this time the information about the party was more detailed and the Facebook profiles had minimum information, photos and a public timeline.

Out of curiosity, “up to 56 percent of e-mail recipients and around 40 percent of Facebook users clicked on a link from an unknown sender although they knew of the risks of their computer becoming infected with a virus,” research found.

“The overall results surprised us as 78 percent of participants stated in the questionnaire that they were aware of the risks of unknown links,” Dr. Benenson says. “And only 20 percent from the first study and 16 percent from the second study said that they had clicked on the link. However, when we evaluated the real clicks, we found that 45 and 25 percent respectively had clicked on the links.”

When confronted with the results, the students admitted that curiosity about the party and pictures played an important role in the outcome of the tests, although in some cases they didn’t know the sender’s name or which party they were mentioning. Consequently, FAU researchers feel everyone is exposed to scams, regardless of how many online security trainings they attend, leaving 100 percent security a utopia, in their opinion.

Leave a Reply