Heavy Email Users More Susceptible to Phishing Scams
Written by Paul Mah on April 14, 2011
A new study titled “Why do people get phished?” scheduled for publication in the journal Decision Support Systems and Electronic Commerce offers a new, in-depth exploration of the reasons why people fall prey to phishing scams. The academically inclined will want to download the full 27 pages paper from this page here, or review the executive summary at physorg.com.
To help those who are more pressed for time, I dissected part of the report and highlighted some pointers and suggestions on how spam administrators and IT managers can better protect their users.
The problem of heavy email load
What is interesting was the finding that a person’s individual competency with computers did not necessarily protect them from scams. On the contrary, the report noted that “Our findings suggest that habitual patterns of media use combined with high levels of email load have a strong and significant influence on individuals’ likelihood to be phished.” In a nutshell: Heavy email users have a greater likelihood to be scammed into giving away their personal particulars.
There appears to be multiple variables at play here, one of which is related to the dearth of time available to respond to an email. And as noted above, this is a situation often exacerbated by a heavy email load. As a result, corresponding attention to important details such as the source of the email, attention to grammar and spelling, and the use of title and subject is consequently reduced. This is complicated by the fact that spammers typically incorporate what the researchers call “urgency cues” to push for immediate reactions; these cues could range from the use of statements that invoke emotions such as fear, threat, excitement, or urgency.
Moreover, I can imagine that this situation isn’t helped by the popularity of accessing emails on smartphones and tablets devices. While there is no detriment in accessing emails with portable devices by itself, details such as source address and other red flags used to identify phishing attempts might not as readily accessed and validated on certain platforms. In addition, the above mentioned devices tend to encourage access in time limited window periods, further occluding judgment.
So what are some measures or practices that users can adopt to better protect themselves?
Be up-to-date on new phishing schemes
While computer literacy doesn’t protect users from phishing scams, the study does find that awareness about phishing in conjunction with healthy email habits does play a part in avoiding online deception. What is clear is that merely reiterating a list of “best practices” is no substitute for regular updates and news of the latest phishing scams – even if the users are computer experts. To this end, we are proud to say that this is one of our objectives here on AllSpammedUp.com.
Separate work and personal emails
Separating work and personal emails was mooted by one of the researchers, Arun “Vish” Vishwanath, who is the associate professor in the University at Buffalo, Department of Communication. This should be a fairly easy practice to adopt, given the availability of reliable and free email hosts. Furthermore, Vishwanath also suggested using different email accounts for different purposes, which can be implemented via the use of aliases or disposable email addresses. I must confess I am not sure if such advice is still relevant though, given the seeming increasing security breaches at email outsourcing providers. In that vein, colleague Ed Fisher did write on a number of services that offers disposable email addresses previously.
Make use of a good spam filter
Finally, I think page 23 of the report offers the most compelling argument to my last recommendation for today. The report noted that “Habitual patterns of media use, in the presence of high levels of email load, tend to trigger automatic responses to relevant looking emails.” Be it due to fatigue, or related to how humans are programmed, the fact is that users are simply more vulnerable to scams after exposure to a high volume of emails. This is unfortunately a somewhat unavoidable situation for most office workers today, and effectively trashes most arguments against investing in a spam filter.
Businesses tempted to save some dollars with the fallacious belief that staffers are sufficiently intelligent to tell the scams from the real McCoy are being penny wise but pound foolish. Investing in a good spam filter on the other hand, will see to it that inboxes are less cluttered up, which reduces the chance of a deception from succeeding.
Are you a heavy email user? Feel free to chip in with any suggestions and comments below.
Loading ...
People who have reliably full or active inboxes make a point to reach a certain watermark of read vs. unread emails, in my experience. That means less time reading and analyzing emails and more time spent responding and opening. When it becomes a mechanical reflex instead of a thoughtful task. I think heavy email users who are not dealing with time-sensitive responses may be a fringe group less susceptible to scams.
As a heavy email user myself, I received tons of phishing scams everyday. It’s not the number of email you receive a day that determines whether or not you are are scam-prone. For me, it’s how knowledgeable you are about scam.
Older people are common victims of phishing and other forms of online scams because most of them are not well-informed about how computers and Internet work, which makes them more gullible.