Researchers at Friedrich-Alexander University in Germany conducted a study that sent out 1,700 emails that simulated a phishing scam, and made an unfortunate discovery: around half of the participants, even ones that claimed to be aware of such security risks, clicked on the links.
They conducted two studies. In both, researchers sent out fake messages via email and Facebook signed with “one of the ten most common names for the target group’s generation.” The content of the message claimed to link to a page containing pictures from a New Year’s Eve party from the weekend prior. If the subject opened the link, they were taken to an ‘access denied’ page. For the Facebook messages, they created some some profiles with photos and minimal information and some without. In the first study, researchers addressed the subjects by their first names, but in the second, they not.
When subjects were addressed by name, 56% of them clicked on the email phishing scam, while 38% Facebook users did. The researchers found that when they did not target the subjects by name, only 20% of them clicked on the emails, but 40% clicked on the links in the Facebook messages.
When the researchers interviewed the subjects after the study, 78% of them said they were conscious of phishing scams, yet many weren’t even aware they clicked the suspicious links.
Let this be a lesson that even if you’re curious as fuck about a sort of strange looking link in your inbox, don’t click it. But moreover, you might not understand what a suspicious link looks like, and that’s cause for concern.