Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness

by Zinaida Benenson
Sept. 15, 2017 1 comment www.blackhat.com belen_caty Management

Messages containing links to malware-infected websites represent a serious threat. Despite the numerous user education efforts, people still click on suspicious links and attachments, and their motivations for clicking or not clicking remain hidden. We argue that knowing how people reason about their clicking behavior can help the defenders in devising more effective protection mechanisms. To this end, we report the results of two user studies where we sent to over 1600 university students an email or a Facebook message with a link from a non-existing person, claiming that the link leads to the pictures from the party last week. When clicked, the corresponding webpage showed the "access denied" message. We registered the click rates, and later sent to the participants a questionnaire that first assessed their security awareness, and then asked them about the reasons for their clicking behavior.


Steven Ulm 8 months, 1 week ago

This is a bit of psychology here: make them want something so bad that the security warning mean nothing. Interesting...