It’s easy to get fooled by phishing scams, especially spearphishing attacks that are so well targeted. But are certain people more susceptible to falling for a phishing email than others?
That’s what a group of researchers from North Carolina State University wanted to find out. In a study presented to the International Human Factors and Ergonomics Society, the researchers revealed that they found that just about everyone is likely to fall for a phishing email. According to the Los Angeles Times:
Before taking the test, 89% of the group had said they were “confident" in their ability to tell the difference between an authentic email and one sent by a scammer. But when put to the test, just 7.5% of the participants were able to spot all the fake emails. And more than half of the group missed half of the fake emails and deleted at least one authentic email.
However, certain people, the researchers found, are more susceptible than others: introverts, females, and those who were overconfident when they came into the testing. Or more to the point, according to Fox Business:
The results revealed that women were less likely than men to correctly label phishing emails, and subjects who self-reported as "less trusting, introverts or less open to new experiences" were more likely to delete legitimate emails.
Curious, I took a phishing IQ test. I figured I’d do okay because I’m pretty good at spotting phishing email, considering I see so many samples sent to me by security experts. But I only got 7 out of 10 right (so I guess I do fall into the pattern of those most susceptible, considering I’m female, was confident in how I’d do, and I’m a bit of an introvert). Now, the downside to that test I took was the inability to put my cursor over the links in the emails to make sure they were legitimate. However, the ones I got wrong were also ones I spent a little extra time on because there were little things about each email that could have made my decision swing either way.
Of course, companies shouldn’t think that the women in the company are always going to be the ones falling for a phishing scam. And it should also be noted that the people used in the study were young adults – undergraduate students – who may not have had much experience with phishing scams. The researchers do plan to expand their research to professionals in the workplace. However, the researchers do think there is a need to develop better training tools to help employees recognize legitimate versus phishing. Until then, the phishing IQ tests available online are a good place for companies to start the conversation.