Your own computer behavior can be blamed for all those phishing emails cluttering up your in box. That’s the conclusion of a university-based communications research project:
Pride in the number of social networking friends you have just might make you a target of those phishing schemes. The greater your number of contacts, the greater the exposure. The chances of becoming a phishing target are increased by the number of good deals you just couldn’t pass up on line. Of course, if you take the bait and actually respond to a phishing email, they’ve gotcha on the sucker list.
Four PhD’s took the problem to heart using an integrated information processing model to test individual differences in determining who is vulnerable to phishing. Arun Vishwanath, H. Raghav, Tejaswini Herath, Rui Chen, and Jingguo Wang from several universities across the US wrote about their study in the journal “Decision Support Systems and Electronic Commerce.” Consumer behavior, information technology, and e-business all were considered.
The sender may display with a credible business name, current event, or government institution in your email message. Maybe it’s a credit card company or bank that appears to have sent you an important note. Could be that the Department of Motor Vehicles needs you to respond. Perhaps a travel agency is sending you a “special” or an organization for a “good cause” is vying for your attention. All of them should be scrutinized and usually avoided. Even though they will entice you with statements which arouse fear (delinquent payment), excitement (cheap tickets to a concert), or urgency (Tsunami victims need help now), don’t be hooked.
The team had several suggestions for ferreting out phony phishing from valid emails. First and foremost install a spam blocker. You can’t always rely, as we have all seen, on generic web security. The AntiPhishing Working Group (APWG) is a law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types. They indicate that phishing resulting from classified ads rose 142 percent between the first and second quarter of 2010. They warn us that phishers can even imitate the “https://” that you normally see when you’re on a secure Web server. The APWG suggests forwarding suspicious email to mailto://reportphishing@antiphishing.org. The group has more useful information on the APWG site.
The Buffalo University led team suggested having several email accounts to help you recognize oddball mailings, if having more passwords to remember doesn’t drive you crazy. When you have a single account dedicated to banking transactions and another for communicating, it should be easier to notice when an unusual or unrelated email pops up. Finally, keep business and personal emailing separate and review them apart from each other when you can focus on what you are doing.
The university research was based on “a sample of intended victims of an actual phishing attack,” Vishwanath said. The phishers commonly are attempting to get people to provide personal and sensitive information such as their usernames, passwords, and even credit card details. He noted, “Our findings suggest that habitual patterns of media use combined with high levels of email load have a strong and significant influence on individuals’ likelihood to be phished.”
Before you say, “I don’t have to worry; I’m computer literate,” think again. The study showed that a person’s computer competency was not protection from phishing scams. Taking time to be aware of potential deceptions was. So, if it seems too good to be true, it probably is… a phishing scheme.