Vulnerability to phishing scams may be linked to personality, study shows

(Medical Xpress)—Phishing scams are some of the most effective online swindles, hooking both savvy and naïve computer users. New insights from researchers at the Polytechnic Institute of New York University (NYU-Poly) point to two factors that may boost the likelihood that a computer user will fall prey: being female and having a neurotic personality.

A multidisciplinary team comprised of Tzipora Halevi, postdoctoral scholar in computer science and engineering; James Lewis, instructor in the NYU-Poly Department of Science, Technology and Society; and Nasir Memon, professor and head of the Department of Computer Science and Engineering, set out to probe the connections between types and phishing to better inform computer security education and training.

In a preliminary study, the researchers sampled 100 students from an undergraduate psychology class, most of whom were science or engineering majors. Participants completed a questionnaire about their online habits and beliefs, including details about the type and volume of information they share on Facebook. They were also asked to rate the likelihood of negative things happening to them personally online, such as having an Internet password stolen. Finally, participants answered the short version of a widely used multidimensional personality assessment survey.

Shortly thereafter, the researchers used the email provided by participants to execute a real-life phishing scam, attempting to lure the students to click a link to enter a prize raffle and to fill out an entry form containing . Like many phishing scams, the "from" field in the email did not match the actual address, and the email contained spelling and grammatical errors.

"We were surprised to see that 17 percent of our targets were successfully phished—and this was a group with considerable computer knowledge," Lewis said.

The majority of those who fell for the scam were women, and those women who were categorized as "neurotic" according to the personality assessment were likeliest to fall for the . Neurotic personalities are characterized by irrational thoughts and a tendency toward negative feelings like guilt, sadness, anger, and fear.

There was no correlation between men's personality types and their vulnerability to phishing.

"These results tell us that personality characteristics may exert considerable influence when it comes to choices about online behavior, and that they may even override awareness of online threats," Lewis explained.

The team found no correlation between participants' level of knowledge of computer security and their likelihood of being phished.

The researchers also examined the connections between the amount of personal information participants admitted to sharing on Facebook and personality traits. Those categorized as having "open" personalities tended to share the most information on Facebook, and to have the least restrictive privacy settings on the social networking site, thus increasing their vulnerability to privacy leaks.

"In the moment, it appears that computer users may be more focused on the possibility of winning a prize or the perceived benefits of sharing information on Facebook, and that these gains distract from potentially damaging outcomes," Lewis said.

The researchers also uncovered an inverse relationship between those with "openness" and "extroversion" as personality traits and the likelihood of their being phished or sharing copious information on Facebook. Among the cohort studied were 12 people without Facebook accounts. All were men, none fell prey to the phishing scheme, and all were least likely to be characterized as "open" or "extroverted."

While the researchers emphasized that their study sample was small and further investigation is needed, they believe that insights into how impact decision-making online may aid in the design of more effective computer interfaces, as well as security training and education. As this experiment tested a single type of scam—prize phishing—future work may explore whether other prove vulnerable to different types of scams.

add to favorites email to friend print save as pdf

Related Stories

Personality test a tool for schools

Aug 26, 2013

A study of personality in children will inform the development of an Australian-first assessment that helps parents and teachers to better understand a child's personality type.

How personality affects fertility

Aug 21, 2013

Men with neurotic personality traits are having fewer children compared to previous generations, according to a new study published in the European Journal of Personality. The study examined the effect of per ...

'Phishing' scams explode worldwide, researchers shows

Jun 21, 2013

Those insidious email scams known as phishing, in which a hacker uses a disguised address to get an Internet user to install malware, rose 87 percent worldwide in the past year, a security firm said Friday.

Recommended for you

Report advocates improved police training

41 minutes ago

A new report released yesterday by the Mental Health Commission of Canada identifies ways to improve the mental health training and education that police personnel receive.

Meaningful relationships can help you thrive

8 hours ago

Deep and meaningful relationships play a vital role in overall well-being. Past research has shown that individuals with supportive and rewarding relationships have better mental health, higher levels of subjective well-being ...

Learning to read involves tricking the brain

8 hours ago

While reading, children and adults alike must avoid confusing mirror-image letters (like b/d or p/q). Why is it difficult to differentiate these letters? When learning to read, our brain must be able to inhibit ...

User comments