Who Falls for Phish? A Demographic Analysis of Phishing
Search for the full article on Bing
ARTICLE SUMMARY
This paper presents research on how gender, age, and availability of educational materials affect responses to phishing.
POLICY RELEVANCE
Educating users about the potential risk of phishing attacks is one way to lower the risk of users unintentionally disclosing private information on the internet.
KEY TAKEAWAYS
- Phishing is a process in which scammers send emails and other messages to individuals in order to con them into providing their login credentials and personal information.
- Research shows that people are vulnerable to phishing for several reasons:
- People tend to judge a website’s legitimacy by its “look and feel,” which attackers can easily replicate.
- Many users do not understand or trust the security indicators in web browsers.
- Awareness of phishing does not reduce a consumer’s vulnerability.
- The perceived consequences of phishing do not predict users’ behavior.
- People tend to judge a website’s legitimacy by its “look and feel,” which attackers can easily replicate.
- Here, subjects were recruited to take a test that analyzed their susceptibility to phishing before and after an educational training session.
- The study suggested that some demographics are more vulnerable to phishing than others.
- Women appear to be more susceptible than men to phishing.
- People between the ages of 18 and 25 are more susceptible than other age groups.
- Women appear to be more susceptible than men to phishing.
- Following phishing education there was a forty percent drop in susceptibility. However, some training material decreased users’ tendency to click on legitimate links as well as phishing links.
- Proper phishing education is a necessary step in helping to protect users, but even educated users fell for twenty-eight percent of phishing messages, indicating that education alone is not enough. Furthermore, the type of educational materials must be carefully structured so as to not prevent users from clicking on legitimate links out of fear.
QUOTE
TAGS
About Lorrie Faith Cranor
Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. She teaches courses on privacy, usable security, and computers and society.
