What makes phishing emails so successful?
According to the results of a study performed by researchers from the University at Buffalo, “information-rich” emails that alter the recipients’ cognitive processes are mostly to blame for the success of phishing scams.
By “information-rich” they mean emails equipped with logos and graphics recognizable by the recipients. Add to this text carefully framed to make the email sound personal, a dash of fear-invoking language and a deadline within which the recipient is asked to respond, and you have a winning recipe.
“We found that these information-rich lures are successful because they are able to provoke in the victim a feeling of social presence, which is the sense that they are corresponding with a real person,” shared Arun Vishwanath, professor of communication at the University at Buffalo, and one of the authors of the study.
“Presence makes a message feel more personal, reduces distrust and also provokes heuristic processing, marked by less care in evaluating and responding to it. In these circumstances, we found that if the message asks for personal information, people are more likely to hand it over, often very quickly.”
The researchers tested their theory on 125 undergraduate university students, and 68 percent of them fell for the ruse.
The phishing email was made to look like it came from the University’s IT department, and said that there was an error in their student email account settings. They were asked to follow an enclosed link to access their account settings in order to solve the problem, and were instructed to do it fast, as access to their account would be permanently blocked in a short while.
The result? 49 of the students did what the email requested immediately, and 36 more did it after they received a reminder.
“These are significant findings that indicate the importance of developing anti-phishing interventions that educate individuals about the threat posed by richness and presence cues in emails,” Vishwanath pointed out, especially as email is slowly becoming the dominant way of communicating worldwide.