EVEN SECURITY-AWARE USERS CLICK ON MALICIOUS LINKS OUT OF CURIOSITY STUDY FINDS
Even cyber-savvy employees are prone to clicking on malicious links out of curiosity, according to a new study.
In an experiment by researchers at Friedrich-Alexander University (FAU), around half of users clicked on links in suspicious emails and Facebook messages.
56 per cent of email recipients and 40 per cent of Facebook users clicked on links from unknown senders even though most of them knew of the infection risks.
The students in the study were sent messages telling them to click a link to see photos from a party. One set of messages addressed them by name, while another did not address them personally but gave more details about the party where the photos were supposedly taken.
In the first study, 56 per cent of email recipients and 38 per cent of Facebook users clicked the links, while in the second 20 per cent of email users and 42 per cent of the recipients of the Facebook messages clicked through using the suspicious links.
“The overall results surprised us as 78 per cent of participants stated in the questionnaire that they were aware of the risks of unknown links,” said FAU’s Dr Zinaida Benenson.
“And only 20 per cent from the first study and 16 per cent from the second study said that they had clicked on the link. However, when we evaluated the real clicks, we found that 45 and 25 per cent respectively had clicked on the links.”
The most common reason the students gave for clicking the links was that they were curious about the content of the photos or the identity of the sender. Others said they knew people with the sender’s name or had recently been to parties with people they did not know.
“Conversely, one in two of the people who did not click on the link said that the reason for this was that they did not recognise the sender’s name,” Benenson said.
“Five per cent stated that they wanted to protect the sender’s privacy by not looking at photos that were not meant for them. I think that, with careful planning and execution, anyone can be made to click on this type of link, even it’s just out of curiosity.
“I don’t think 100 per cent security is possible. Nevertheless, further research is required to develop ways of making users, such as employees in companies, more aware of such attacks.”