Phishers are using your nonstop Internet usage to reel you in.
Communication researchers at UB and three other major research universities have determined that the more visible your web persona, the more susceptible you are to email phishing scams. Those who receive a lot of email, actively respond to most of it, complete many online transactions, and are otherwise immersed in online communication culture, are most vulnerable.
"Phishing" is a scamming technique in which users receive urgent emails from an outside party claiming to be a trustworthy entity, such as a bank or government institution, and are lured to outside websites that look and feel like the original. Phishing can lead to identity theft if recipients, in turn, surrender passwords, account numbers, and credit card information.
"The heart of any communication is trust and phishing erodes the trust of consumers in the system," said Arun Vishwanath, associate professor in the department of communication and one of the study's leading researchers.
The researchers used empirical data drawn from a sample of college students to determine what factors explain vulnerability. Results indicate that people respond to phishing emails emotionally because they are influenced by simple messages of urgency, fear, or excitement embedded in the email.
Vishwanath attributed most phishing success to preoccupation: it is often difficult for inattentive consumers to identify potentially dangerous emails because they do not take the time to verify the sources of their emails.
"What we're doing is not paying attention," Vishwanath said. "We think we're so much smarter and so much better because we grew up with [technology], but experience with technology does not protect you from phishing. It's an equal opportunity attack."
H. Raghav Rao, Ph.D., a professor in the department of management science and systems and participating researcher, said that consumers should be wary of errors in seemingly legitimate emails; most phishing messages contain factual or structural mistakes.
"[The study] suggests that in the presence of a relevant email, individuals focus disproportionately on urgency cues, often ignoring other elements of the email such as its source and the grammar and spelling used in the email," Rao said.
Vishwanath recommends consumers become proactive to combat phishing.
If email users reduce inbox clutter by using spam blockers, they can be more focused on weeding out harmful messages, according to Vishwanath. Similarly, people should always maintain more than one email account and set up specific times to respond to emails rather than responding to them as they filter in.
"If you [receive] all emails in one account, you're in trouble. It's easy for a phisher to trap you," Vishwanath said.
By linking online activity to separate accounts rather than only one, it is more difficult for phishers to determine usage patterns.
"These days it is important to be on guard. And, fundamentally, never give away personal and private information unless you are really, really sure of who is at the other end," Rao said.
Awareness and knowledge about how phishing works will protect consumers, according to the findings.
"The main things are managing your email correctly, watching your email habits, and most of all, paying attention," Vishwanath said.
Vishwanath believes that everyone, not just college students, is susceptible to phishing. He notes, however, that the hectic lives of students often distract them from paying attention the content of their emails; they simply want to sort, organize, and respond as quickly as possible.
Email: news@ubspectrum.com
Photo: Courtesy of Laron Fomby
