Half of web users click on links from unknown senders even though they know it could infect their computer with a virus, new research reveals.
And the biggest reason for ignoring warnings about opening emails from unrecognised sources is just curiosity.
I think that, with careful planning and execution, anyone can be made to click on this type of link, even it’s just out of curiosity
Research led by Dr Zinaida Benenson, Chair of Computer Science at the University of Erlangen-Nuremberg, shows more than half of email users are too intrigued to ignore junk mail.
Dr Benenson and her team in Germany ran two studies in which they sent around 1,700 students emails or Facebook messages under a false name.
The fake messages promised pictures from a party the previous weekend in a link.
As a means of luring their targets even more the messages signed off with one of the ten most commonly used names.
Fifty-six per cent of students fell for the fake emails and 40 per cent were tricked by the Facebook message, despite admitting they knew the risks involved.
Dr Benenson said: “The overall results surprised us as 78 percent of participants stated in the questionnaire that they were aware of the risks of unknown links.”
The two studies adopted different approaches to lure their targets.
In the first study the researchers addressed the subjects by their first names.
In the second study they did not address them personally but gave more detail about the photos - a New Year’s Eve party the week before.
For the Facebook messages the researchers created public and private profiles.
There were different results in each study. In the first study 56 per cent of students clicked on the link via email and 38 per cent via Facebook.
In the second study only 20 per cent clicked on the link via email and 42 per cent via Facebook.
When asked why they clicked on the link, the large majority of participants said that it was due to curiosity about the photos or the identity of the sender.
Other users said that they knew someone with the sender’s name or had been to a party the previous week where there were people they did not know.
Dr Benenson said: “Conversely, one in two of the people who did not click on the link said that the reason for this was that they did not recognise the sender’s name.
“Five percent stated that they wanted to protect the sender’s privacy by not looking at photos that were not meant for them.”
She concluded that most people can be easily fooled by fake messages.
She said: “I think that, with careful planning and execution, anyone can be made to click on this type of link, even it’s just out of curiosity.
“I don’t think one hundred percent security is possible. Nevertheless, further research is required to develop ways of making users, such as employees in companies, more aware of such attacks.”
Dr Benenson presented her findings at a computer security meeting, Black Hat Conference in Las Vegas.