[email protected] +603-2181 3666
IT News
Phishing – why do we still fall victim?
February 2, 2015

Many people have a love-hate relationship with emails.  In our daily lives, we are sometimes or may be very often, bombarded with emails, be it on private matters, work related or even spam.   How we wish they will go away?  But do we really want them to go away?

Emails have become a communication tool that we are unable to live without, though we may sometimes loathe it (if the emails are not what we expect!).  Nevertheless, we are sometimes “seduced” by “information-rich” emails that alter our perception, leading us to believe that such emails are legitimate.  “Information-rich” emails are equipped with logos and graphics that are familiar to the recipient.  Think of emails that are supposedly sent by banks that request the recipient to click a link in the email to update their particulars.  Such emails more likely than not will contain the bank’s logo and images that convinces the uninformed recipient that it is legitimate.

Aside from this, the email will sound personal, contain language that may invoke fear (e.g., if you do not respond within the stipulated time, your account will be blocked) and a deadline within which time the recipient is to respond.

These email campaigns are successful because a personal touch is added that convinces the recipient is communicating with a real person.  As Arun Visvanath, professor of communication at University of Buffalo said, “…it provokes in the victim a feeling of social presence, which is the sense that they are corresponding with a real person.”

It’s this social presence that convinces the recipient to let their guard down.  In such circumstances distrust is reduced and the potential victim pays less attention in evaluating such emails.  If these email messages asks for personal information, people are more likely to provide it.

Researchers from the University of Buffalo tested this theory on 125 undergraduate students and found that 68 percent fell for the scam.

A phishing (see Definition) email was sent to the students, but was made to seem that it came from the University’s IT department.  It said that there was an error in their email account settings and they were requested to follow the enclosed link to access their account settings to resolve the problem.  If they failed to do so, their account would be permanently blocked.

The result was that many students did what the email requested.

So, be aware of such emails.  When you receive emails requesting personal information or asking you to follow a link contained therein, you should ask yourself, “Is this a real?” “Is this a legitimate email?” Check with the IT personnel in your organization.  If the email is from a bank, call the bank for verification.  Always check, always seek verification.  Always.


Help Net Security.


Phishing – is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites.