Curiosity and Facebook are Phishing's Best Pals

The combination of human nature and Facebook are currently a phisherman's greatest ally. According to research, curiosity is phishing’s finest friend and Facebook as a close second. Educating consumers on how to avoid even the most basic phishing scams apparently goes out the window when it comes to Facebook users. Scammers know combining the two provides extra fertile phishing grounds and they’re not shy about doing it.

Phishers are constantly refining the methods they use, always looking to improve what works and where it works best. Researchers are trying to understand what’s at the heart of successful phishing and why knowing users still fall for it. When they do fall for it, it appears Facebook is the place it happens most. German researchers studied what compels people to click on those links and where it happens most often. Thanks to this study (Unpacking Spear Phishing Susceptibility), the numbers tell an interesting, eh, phishing tale.

In this study, phishing lures were sent to email and Facebook users alike. An alarming 42.5% of Facebook users opened links sent to them on Facebook, while only 20% of those using email clicked links. Users were twice as vigilant toward email links, but not so much with Facebook lures. So why do twice as many phishing scams work on Facebook? Their research shows the informality and ease of Facebook messaging lends itself to perceived security and a more relaxed attitude toward links.

Researchers stress the importance of curious human nature as something phishers count on. Perhaps a simple message using your name in the title or a perceived connection to you or someone you know flips your curiosity switch. Beware the thought of combining that curious nature with your Facebook account. It’s working great for phishers but not at all for users.

In fact, of the 1,255 students surveyed, 42.5% of them had no fear clicking on Facebook links, even if they knew that the photos sent to them were not specifically intended for them. They were simply curious.

-This study suggests a common-sense approach to links on Facebook.

-Leave curiosity to the cats when using Facebook.

-Before clicking a link, always do what you can to trace and/or verify the source.

-Beware of Facebook messages and links trying to lure your curiosity, appearing to be from “friends of friends” or interests you keep tabs on.

Sad but true, Facebook or email…phishing scams are continually improving by becoming more targeted and more sophisticated to survive. Although security-minded users are putting up a fight, it’s proving quite a struggle.

It seems that for now researchers can only focus on understanding the success of phishing efforts after they’ve happened. What we can count on as users, are scammers polishing their next lures and where to place them.

© Copyright 2017 Stickley on Security