Study reveals how easily people are fooled and fall victims of cyber attacks
The latest ‘WannaCry’ ransomware attack reached over 200,000 computers worldwide with victims paying over $92,000 in bitcoin. Experts at the University of Houston found that people are easily fooled by fake emails and say email users need to be more careful to the details.
In order to determine the factors which contribute to successful cyber attacks, University of Houston computer science professors Rakesh Verma, Arjun Mukherjee, Omprakash Gnawali and doctoral student Shahryar Baki used publicly available emails from Hillary Clinton and Sarah Palin. Using natural language generation, a tactic often adopted by hackers who replicate the writing styles of the compromised accounts, the team created fake emails and planted certain signals, such as fake names, repetitive sentences and “incoherent flow.”
According to a press release, 34 volunteers participated in the study and all were given eight Clinton emails and eight Palin emails. Half of them were real, half were fake.
The results of the study showed that participants could not detect the real emails with any degree of confidence, as they had a 52 percent overall accuracy rate. The team discovered that using more complex grammar resulted in fooling 74 percent of participants.
Also, 17 percent of participants could not identify any of the signals that were inserted in the impersonated emails and only 50 percent of the participants mentioned the fake names. From the 34 volunteers, only six could show the full header of an email.
Younger participants did better in detecting real emails, but the team says that education, experience with emails usage and gender did not make a difference in the ability to detect the deceptive emails.
“Our study offers ideas on how to improve IT training. You can also generate these emails and then subject the phishing detectors to those kind of emails as a way to improve the detectors’ ability to identify new attacks. There will be copycat attacks in the future and we have to watch out for that,” Professor Rakesh Verma said.
The University of Houston computer science expert added that in the case of the recent Google Docs attack – where users who opened a given URL were sent to a permissions page and hackers got control of their emails, contacts and potentially their personal information – people fell for the scam because they trust Google.
Email users are urged to look closely at the sender of the email and the full header that has information about how the email was routed, but also at the body of the email for any fake, broken links that can be identified by hovering a mouse over them.
Also, experts say people should think about the context of the email and how long it has been since you have had contact with the sender.
The ongoing WannaCry ransomware attack targets computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. Around 230,000 computers in over 150 countries were infected since 12 May, the day the attack was launched.