It’s no secret that millions of phishing emails make their way to people’s inboxes every year. We expect that our email client’s spam filter will catch them, but a lot of them make it uncaught. Of those, many simply slide past our own judgment and are clicked and opened. A recent study has revealed what our ability to spot phishing emails is like and how likely we are to take the bait.
This Carnegie Mellon University study involved participants that were asked to evaluate 38 different emails, half of which were legitimate and half of which were phishing. On average, they were able to accurately identify just over half of the phishing emails presented to them.
“Despite the fact that people were generally cautious, their ability to detect phishing emails was poor enough to jeopardize computer systems,” explains Casey Canfield from Carnegie Mellon’s Department of Engineering and Public Policy.
Based on the results of the study, the researchers suggest interventions such as providing users with feedback on their abilities to spot phishing emails and emphasizing the consequences of phishing attacks. One of the training methods that use is called embedded training and it involves sending out fake phishing emails and teaching users about phishing emails if they open the email. Although it’s possible that methods like these don’t actually make people better at telling the difference, it’s certain that they can make them more cautious, which is really the point.
Source:
Carnegie Mellon University, College of Engineering(http://engineering.cmu.edu/media/feature/2016/10_06_gone_phishin.html)
Chanwoo's Weekly Tech 