Most people believe they are smarter than the criminals behind phishing e-mails, which is why so many fall easily into a trap and lose money, scientists, including one of Indian origin, have found.
A new study by H R Rao and colleagues from the University of Texas at San Antonio (UTSA) in the US examines overconfidence in detecting phishing e-mails.
“A big advantage for phishers is self efficacy. Many times, people think they know more than they actually do and are smarter than someone trying to pull off a scam via an e-mail,” said Rao.
However, phishing has continued to evolve with the Internet. Phishing e-mails often look like messages from companies ordinary people recognise and trust. “They are getting very good at mimicking the logos of popular companies,” Rao said. “In any of these situations, overconfidence is always a killer,” he said.
Rao’s study utilised an experimental survey that had subjects choose between the genuine and the sinister e-mails that he and his colleagues had created for the project. Afterward, the subjects explained why they made their choices, which allowed Rao to classify which type of overconfidence was playing a role in their decision-making processes.
“Our study’s focus on different types of over-confidence is unique and allows us to understand why certain tactics appeal to different people,” Rao said. “It helps us to figure out ways to teach people to guard against these kinds of methods,” he said.
According to Rao, people will continue to be victimised by phishing scams until the public becomes better educated and, subsequently, less overconfident. He suggested citizen workshops or even an online game that would inform people of the newer every day dangers of the Internet.
“Thousands of e-mails are sent out every day with the aim of harming someone or gaining access to their financial information. Avoiding that kind of damage is entirely in our own hands,” Rao said.
The study appears in the Journal of the Association for Information Systems.