People In A Good Mood Are Easier To Trick By Hackers

Everyone probably wants to feel happy. Nobody wants to be sad and stressed all the time. But in some cases, a good mood may not bring you good things like making you become hackers' easy target.

Google and the University of Florida’s researchers studied psychology around phishing campaigns, along with the way hackers exploit human psychology and nature to make people click on phishing links.

The study was led by Daniela Oliveira, a professor at the University of Florida, and Dr. Natalie Ebner. The leader of the anti-abuse research team from Google, Elie Burszstein, also joined in. On August 7, at the Black Hat cybersecurity conference, Oliveira presented their research.

Phishing is the scamming attempt to steal sensitive information, like credit card info, phone number, passwords, and usernames by pretending to be a reliable entity from electronic communication. Such scams often direct people to give out their personal info at a fake site that looks exactly like the legitimate one. According to Verizon’s annual report, phishing is one of the major reasons for data breaches.

Burszstein said that the number of phishing emails that Google blocks every day is around 100 million. He also said that hackers keep changing and updating their phishing schemes in order to make them more efficient. It’s really difficult to detect all of them because they quickly adapt and keep the number of targeted users low.

People are easily attacked by scams unless they use multi-factor authentication. Although it’s not too hard to detect phishing attacks, they’re still effective. As Werner Vogels, the chief technology officer of Amazon, said that there is always someone stupid enough to click on the link.

The research by Google and the University of Florida shows that when you click on those links, you are not an idiot, you are just human.

There were 158 people who took part in the research. Researchers told them that this research focused on how people use the internet. Each day, the participants would receive a phishing email, which was based on a real phishing campaign that Google had detected, and researchers would see whether they clicked on it.

Hackers take advantage of human nature and create phishing emails. Oliveira found that there are people who make decisions really quickly without thinking. They would click on the email link as a reflex. People are easily attacked by phishing campaigns because they trick the way our brains make decisions.

When we have to make a decision, our brains often work in 2 ways, Oliveira said. With daily activities, such as brushing teeth, eating, or taking a shower, our brains work automatically. Big decisions, such as buying a car or a house, getting married, take lots of thought and deliberation. Clicking on links falls into the former group. Attackers rely on our fast decision-making to trick us and steal our personal information.

Unfortunately, as Burszstein said, Google surveyed internet users in the UK, the US and Australia, and half of them have no idea what phishing is. And Google plans a campaign to raise awareness.

Fortunately, people have psychological protection working in the background. When you are stress, you can detect deception, such as phishing emails, better than when you’re in a good mood. That’s why phishing campaigns usually try to make people feel good by using psychological triggers. Olivia said: