Over 50% of internet users fall for this despite risks, says research

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
A research has recently discovered that over 50% of internet users will fall for clickbait, and open links sent by unknown people, despite awareness of possible malware contraction or the risk of identity theft.

The experiment, which consisted of two studies, was conducted by the Friedrich-Alexander-Universität Erlangen-Nürnberg in Germany, led by Dr. Zinaida Benenson of the university's Computer Science department. Both of the studies sent scam emails and Facebook messages to 1700 students of the university under an unknown name. The messages tried to lure the recipients, by urging them to click on the link provided, which purportedly contains images of them at a party.

However, upon opening the link, the recipients were greeted by an "Access Denied" warning. This then enabled the researchers to register the click rates.

The first study addressed the test subjects in the alleged party images message by their first names. Meanwhile, the second one did not personally address the subjects, but provided more specific information regarding the occasion where the photos of the fake party were allegedly taken.

The researchers found that in the first study, 56 percent of the e-mail recipients opened the clickbait link, while 38 percent was recorded on Facebook. As for the second version of the experiment, only 20 percent of email recipients got curious and opened the link, but the percentage of Facebook users who clicked went up to 42 percent.

Moreover, the researchers sent a questionnaire to all the test subjects, which asked them to rate their own awareness of computer security before they explained all about the experiment. They also asked them why they clicked, or did not click on the clickbait link. Benenson states:

"The overall results surprised us as 78 percent of participants stated in the questionnaire that they were aware of the risks of unknown links. And only 20 percent from the first study and 16 percent from the second study said that they had clicked on the link. However, when we evaluated the real clicks, we found that 45 and 25 percent respectively had clicked on the links."

When the subjects were asked why they clicked on the link, a majority answered that it was out of curiosity regarding the content of the photos or the identity of the sender. Others stated that the fake sender name provided in the message sounded familiar, or because they really had been to a party the week before.

These responses validate the reasons why clickbait is an effective method of social engineering online. The method was designed to induce curiosity or shock among the audience, which will lead to a clickthrough. While there are some who innocently do it (sorry about that), cybercriminals also utilize it, in order to spread malware and other things that may make a computer or mobile phone go haywire.

Dr. Benenson caps her study with a concluding statement:

"I think that, with careful planning and execution, anyone can be made to click on this type of link, even it's just out of curiosity. I don't think one hundred percent security is possible. Nevertheless, further research is required to develop ways of making users, such as employees in companies, more aware of such attacks."

Source: Friedrich-Alexander-Universität Erlangen-Nürnberg via Bleeping Computer
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Thanks for the share :)

All links from unknown senders are disabled by default, on the web client I use (urls => pictures, etc...)
 
  • Like
Reactions: frogboy

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
So how can this problem be overcome?
Simply don't click the link, it may sound silly but if you think you are not involve on some event better steer away. Build a mindset to click link if needed. Remember that any suspects could not hide the evidence, it can show even minimal links,
 
  • Like
Reactions: DardiM

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
If you are really , realky curious (it might happen) and cannot resist, check the link with Virustotal and then, if you still cannot resist, open it at least in a vm or SD protected system ...but best is not to click...
 
  • Like
Reactions: DardiM

davidp

Level 1
Verified
Aug 16, 2016
26
I really don't think this is something that will every be a non-issue if the main focus is to make users suspicious of links. It's all well and good for folks who have a strong grasp of exploitation processes, but clickbait for an interesting-sounding or pertinent email will very often succeed. More focus on stopping the receipt or the successful exploitation of these emails is where I'd spend my time.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top