People who make a lot of online transactions, are popular online and who respond to most of the emails they receive are at the highest risk for being duped by malicious phishers, according to a multi-university study.
That's because they don't focus properly and so make decisions about what to do with emails based on simple cues embedded within rather than analyzing their entire contents, say researchers at the University of Buffalo, Brock University, Ball State University and the University of Texas, Arlington.
LATEST PHISHING THREAT: 'We regret to inform you': The Epsilon breach letters you don't want to see
People are most susceptible if they read so many emails that they don't have the time to accurately weigh whether they are spam, the researchers say. Contributing to this problem are receiving a lot of emails, responding a lot of emails, maintaining many online relationships and conducting lots of online transactions.
Authors of spam have tapped into the psyche of the email recipient to exploit basic human weaknesses, the researchers say. Statements indicating urgency -- disaster relief, security of bank accounts, free tickets -- distract recipients and make them more likely to miss indicators that the email isn't legitimate, they say.
There are steps email users can take. The researchers offer tips on reducing the likelihood of being duped, starting with spam blockers. "By way of prevention, we found that spam blockers are imperative to reduce the number of unnecessary emails individuals receive that could potentially clutter their information processing and judgment," says Professor Arun Vishwanath, of the UB Department of Communication.
They suggest using many email accounts, each dedicated to a single purpose -- banking, personal correspondence, etc. -- so off-topic spam seems out of place. For instance, if banking spam shows up in the personal account, it will stand out, the researchers say, making the recipient consider it more carefully.
The researchers say setting aside a regular time for handling different email accounts also helps recipient focus and be less susceptible to phishing.