The Psychology of Phishing Attacks
For National Cybersecurity Awareness Month (NCSAM), we teamed up with Wakefield Research and a Carnegie Mellon research professor to dig into why phishing attacks are so successful. Results from 4,000 individuals revealed intriguing (and worrisome) finding about why we click the things we do.
Email Overload!
It only takes one wrong click to fall for a phishing attack, and many of us have plenty of chances to take the bait. Nevertheless, we tend to be confident that we can spot the difference between a phishing email and a legitimate one. And our overconfidence has consequences.
74% of Americans get over 15 emails per day
86% think they can pick out a phishing email
But We Still Get It Wrong
Despite our self-confidence, we still fall for phishing attacks hook, line, and sinker. Americans click on phishing links more than email users in other regions, and 1 in 3 fail to change passwords even after a breach has been discovered.
76% know they have received a phishing email
62% have had personal information compromised
Why Phishing Attacks Work
In “Hook, Line, and Sinker: Why Phishing Attacks Work,” researchers and academics helped us understand some of the factors that contribute to the success of phishing attacks. Carnegie Melon research professor Cleotilde Gonzalez says it comes down to urgency, familiarity, and context.
“If you already expect to receive emails from your boss at your office (context and familiarity), and you are accustomed to messages that request quick action (urgency), then you are likely to assume the message is real. It might never occur to you to suspect that it could be phishing.”
– Cleotilde Gonzalez, Ph.D., Research Professor, Carnegie Mellon