After everything we’ve learned about Internet security and how to protect ourselves from malicious attacks, you’d think less people would click on links unknown to them or sent by unknown users – but that’s not the case.
Dr. Zinaida Benenson from the Chair of Computer Science 1 at Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) has investigated why this many people are still clicking on unknown links. Her experiments showed that up to 56% of e-mail recipients and about 40% of Facebook users clicked on a link from an unknown sender, even though they knew of the risks.
So, what was the main reason for this? Curiosity, she says.
For the experiment Dr. Benenson and the team conducted two studies in which they sent around 1,700 FAU students e-mails or Facebook messages under a pretend name. They adapted the fake messages to the target groups by signing them with one of the ten most common names for the target group’s generation. In both of the studies the text claimed that the link in the message was to a page with images of a party the previous weekend.
If he or she clicked on the link they were taken to a page displaying the message: “access denied”. This allowed the researchers to register the click rates. They then sent a questionnaire to all of the test subjects asking them to rate their awareness of security and asking them why they did or did not click on the link.
There were a variety of factors that influenced the decisions. For example, in one study the researchers addressed participants by their first names, whereas another study simply provided specific information about the event they were claiming to have photos from.
For the Facebook messages the researchers created profiles with a public timeline and photos, as well as less public profiles without no photos and only a minimum amount of information. There were different results in each study. 56% of the e-mail recipients and 38% of the Facebook message recipients in the first study clicked on the links. In the second study the percentage of e-mail recipients who clicked went down to 20%, while the percentage of Facebook users who clicked went up to 42%.
‘The overall results surprised us as 78% of participants stated in the questionnaire that they were aware of the risks of unknown links,” said Dr. Benenson. “And only 20% from the first study and 16% from the second study said that they had clicked on the link. However, when we evaluated the real clicks, we found that 45 and 25% respectively had clicked on the links.”
The researchers believe this could be a result of participants forgetting the message with the link after having clicked on it.
When asked why they clicked on the link, the large majority of participants said that it was due to curiosity about the photos or the identity of the sender. Other users said that they knew someone with the sender’s name or had been to a party the previous week where there were people they did not know.
“Conversely, one in two of the people who did not click on the link said that the reason for this was that they did not recognize the sender’s name.” said Dr. Benenson.
From the study, Dr. Benenson concludes that with careful planning and execution, nearly anyone can be prompted to click on this type of link.
“I don’t think one hundred percent security is possible. Nevertheless, further research is required to develop ways of making users, such as employees in companies, more aware of such attacks,” she concludes.
Comments are closed, but trackbacks and pingbacks are open.