A phishing email is a scam email in which the sender hopes to gain access to the recipients’ personal information in some form or plays on their vulnerability, such as asking them for something to some extent. They range from ones that you can typically spot, such as a deceased individual who has left you a lump sum of money, to more “hard to spot” ones, such as reconfirming your log in details to access a service. Additionally, some mimic the look of an electronic bank transfer. But why do some people fall for them?
At some point, we have all received at least one phishing email. Depending on the day and what’s going on personally, we have likely clicked on one at a time or another. Phishers typically play on normal human emotions to conduct their malicious email scams. The most common is excitement or fear. Who wouldn’t be excited about a random email transfer? Or fearful of a service being turned off due to a balance that is past due. As with marketing, there is a series of personal emotions, experiences, desire, want and state of mind for ads to be successful even if they continuously run, which can also be applied for successful phishing scams.
But how do we as people who are aware that these are happening still fall for them? Because people, including those that work daily with computers, have a blind spot when it comes to phishing emails. In a study that was conducted, most people can determine—for the most part—a phishing email, especially with financial information. However, to reconfirm a password or login information is the largest blind spot. Why? Because the senders’ email appears to be valid and the redirected URL (link) brings you to an official-looking website. Another large blind spot is an email that seems like it originated from the user or internally. Additionally, at times it is a human error with a misclick. Have you ever accidentally clicked on something without intending on clicking on it
Another vulnerability that can cause more people to fall for phishing scams is the perception of being rude or not being helpful if the sender is asking for something specific, such as money and gift cards, or general assistance. This issue is magnified when it seems like the sender is known, e.g. a co-worker, friend or a family member’s name. In another study, it was stated that older adults are more vulnerable than younger internet users, especially to help or assist someone or if there is a threat.
All phishing emails consistently seek out the users’ vulnerability or a blind spot in the hopes that someone takes the bait. What steps can we as internet users take to ensure we do not fall victim? Firstly, second-guess the email—especially if the context is strange, too good to be true, unexpected or strange. Secondly, verify the sender’s email address and when in doubt call the business, institution or person that sent the email to verify the legitimacy. We must also be cautious on social media, such as Facebook, for inquiries coming through messenger, photos, links and duplicated friends on our friends’ list.
For more information, please read more:
Why Do People Fall for Phishing Scams?
Why Do People Fall for Phishing Scams?
Why we fall for phishing emails — and how we can protect ourselves