Indian American researcher Arun Vishwanath from the University at Buffalo has revealed that online phishers are increasingly using "information-rich" e-mails with graphics, logos and markers that communicate authenticity to lure people.
Such e-mails alter recipients' cognitive processes in a way that facilitates their victimisation.
In addition, the text is carefully framed to sound personal, arrest attention and invoke fear.
"It will often include a deadline for response for which the recipient must use a link to a spoof 'response' website. Such sites, set up by the phisher, can install spyware that data mines the victim's computer for usernames, passwords, address books and credit card information," explained Vishwanath, professor of communication.
The study involved 125 undergraduate university students - a group often targeted by phishers - who were sent an experimental phishing e-mail from a Gmail account prepared for use in the study.
The message used a reply-to address and sender's address, both of which included the name of the university.
The e-mail was framed to emphasise urgency and invoke fear.
It said there was an error in the recipients' student e-mail account settings that required them to use an enclosed link to access their account settings and resolve the problem.
They had to do so within a short time period, they were told, otherwise they would no longer have access to the account.
According to Vishwanath, 49 participants replied to the phishing request immediately and another 36 replied after a reminder.
"'Presence' makes a message feel more personal, reduces distrust and also provokes heuristic processing, marked by less care in evaluating and responding to it," he pointed out.
In these circumstances, researchers found that if the message asks for personal information, people are more likely to hand it over, often very quickly.
In this study, such an information-rich phishing message triggered a victimisation rate of 68 percent among participants.
"These are significant findings that indicate the importance of developing anti-phishing interventions that educate individuals about the threat posed by richness and presence cues in e-mails," he explained.
The results were shared at the 48th Hawaii International Conference on System Sciences at the University of Hawaii recently.
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app