Ever wonder why users still click on suspicious emails and Facebook messages, even though they know the risks? Researchers conducted an experiment to find out why, and the answer seems to be “curiosity.”
A research team, headed by Dr. Zinaida Benenson, Chair of Computer Science 1 at Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU), sent about 1,700 FAU students emails or Facebook messages under a false name, adapting the messages to the target groups by signing them with one of the most common names for their generation. The text came with a link claiming to be pictures of a party from the previous weekend. If the recipient clicked the link, they were sent to a page with an “access denied” message (allowing the researchers to register click rates).
In one version of the study, the researchers addressed subjects by their first names; in the second, they weren’t addressed personally but included more specific information about the event, claiming it was a New Year’s Eve party.
The results were different for each study:
- In the group addressed by name, 56% of the email recipients and 36% of the Facebook recipients clicked the links, and
- In the group given party details, 36% of email recipients and 42% of Facebook recipients clicked the links.
What’s especially alarming: 78% of surveyed participants said they were aware of the risks of unknown links. If that’s the case, why did so many click the link anyway? The majority said it was due to curiosity regarding the content of the photos or the identity of the sender.
The takeaway: “I think that, with careful planning and execution, anyone can be made to click on this type of link, even it’s just out of curiosity,” Dr. Benenson said. “I don’t think one hundred% security is possible. Nevertheless, further research is required to develop ways of making users, such as employees in companies, more aware of such attacks.”
That’s something important to consider when educating your organization’s staff on even basic cybersecurity steps – remind them what curiosity did to the cat!