How People Get Duped by Phishing Attacks

The website InfoSecWriters released a study last week entitled Some Psychological Factors of Successful Phishing.

Phishing is a fraudulent email made to look like it comes from a legitimate source that attempts to get you to divulge personal data that can then be used for illegitimate purposes.

"The successful 'phishing' attack relies on the victim’s willingness to divulge sensitive personal data to a non-legitimate source in response to an email request or an invitation to a web site. This paper will look at some of the psychological mechanisms involved in these types of scams and what the future might hold."

Some of the psychological factors identified in the paper are:

• Trust of authority
• Textual and graphics presentation lacks traditional clues of validity
• E-mail and web pages can look real
• Clues to the fraudulent nature of phishing scams are often below the threshold of the average recipient

Earlier Library Boy postings about phishing include:

• More IT security threats on the horizon (March 9, 2005)
• Phishing Resources (July 5, 2005)
• Legal Systems Can't Stop Cybercrime (July 7, 2005)
• The Fight Against Phishing Sites (October 18, 2005)
• How to Fight Phishing (October 31, 2005)
• New Website on Internet Scams and Fraud (November 23, 2005)
• Data Security - Year in Review 2005 (December 16, 2005)
• Report on Future Trends in Malware, Spyware, Viruses and Other Baddies (January 11, 2006)
• The Secrets of Why Phishing Scams Work (April 27, 2006)