From security experts to local government officials, everyone has consistently talked about the importance of not clicking on links from people you don't know. You would think "phishing" e-mails wouldn't have a place in today's world anymore - but that just isn't the case. Awareness hasn't helped us at all. Researchers at a German university found that half of the email recipients in a recent study clicked on links that were from strangers and Facebook messages.
The researchers at the Friedrich-Alexander University (FAU) of Erlangen-Nuremberg, Germany, which was led by FAU Computer Science Department Chair Dr. Zinaida Benenson, said that the simulated "spear phishing" attacks looked at 1,700 test subjects. These subjects were university students, who should be more technologically savvy than others.
The email and Facebook accounts were set up with common names and ages in the group. There were varying levels of publicity with the Facebook profiles. The messages said that there were photos taken at a New Year's Eve party a few weeks before the study. As the messages were sent out, they addressed each person by their first name. The links didn't lead to anything but a website that logged the clicks of each student.
The messages that used names had clicks from 56% of the targets; the Facebook posts had 37% interaction. The less-targeted messages had 42% Facebook interaction, but only 20% email interaction.
"The overall results surprised us, as 78 percent of participants stated in the questionnaire that they were aware of the risks of unknown links," Dr.Benenson said. "And only 20 percent from the first study and 16 percent from the second study said that they had clicked on the link." But in fact, of those claiming they were security savvy, "we found that 45 and 25 percent respectively had clicked on the links," Dr. Benenson said.
Most of the people who clicked on the link said that they did it out of curiosity. Some clicked because they were worried about the account being hacked. Others said they didn't click because they didn't recognize the name.
"I think that with careful planning and execution, anyone can be made to click on this type of link, even if it’s just out of curiosity," Benenson said.