Article Review #2

Posted by ewall016 on

Article Review #2; How even the most cautious can fall for phishing traps
Eli Wallace
Department of Cybersecurity, Old Dominion University
Cyse 201S
Professor Diwakar Yalpi
November 16, 2024

Introduction

There are many different ways a person or even a robot can fall for a trap on the internet. An example of one of these traps would be phishing. There are a couple different variants of phishing but the main definition is an attack where a victim is lured to click on an infectious link or open an infectious attachment. There are some demographics who are more susceptible to falling for this style of trap being mostly older people as well as very young ones. There is a very large rate of susceptibility for falling for phishing traps. In the article it is quoted, “Another example is the study by Quinkert et al. [2], in which the susceptibility rates for the scams ranged from 3% to 34%. Thus, different scams are clearly associated with different susceptibility levels” (Sommestad & Karlzén, 2024). This study was just meant to show that the trap scales with effectiveness depending on how specific the trap can get and how gullible the person might be. 

The Research Methodology

A study was done with 106 individuals over a 16 month period to test the susceptibility of workers with their workplace email. The workers were chosen from Swedish jobs that are important and have high societal impact. The test was done using real-world information that would make sense in some variation to each individual. Over the course of the study roughly over 2000 emails were sent out. In the article it states the specifics by stating, “Overall susceptibility was in terms of clicking links 6.4% (125 out of 1953 emails), and in terms of executing code 3% (66 out of 2199 emails)” (Sommestad & Karlzén, 2024). While the percentages of suspicious emails being clicked on were low, they weren’t zero. This is important to think about because these Swedish employees were selected without their knowledge because they have socially important jobs. It is almost expected that most employees wouldn’t fall for a fake email but when it’s people who contribute heavily to daily function it’s expected of them to be held at a higher standard. 

Deductive reasoning

There are many reasons that phishing experiments can be flawed such as something similar but a real scenario phishing attack could happen at the same time. It can also change with new employees coming in as well as it can depend on how descriptive the email or attachment could be that someone clicks on it. In the article it states, “ In pairwise comparisons between these 34 scams, the mean difference in phishing susceptibility was a factor of 2.46. The same number for 31 scams executed at least once is 1.9. Thus, this study produced an unusually small difference between scams.” The difference between the study and real world examples were not too far off so just as how many average people could click on a link, those who have a super high impact could also click on a link.

ReferencesSommestad, T., & Karlzén, H. (2024, November 14). The unpredictability of phishing susceptibility: Results from a repeated measures experiment. OUP Academic. https://academic.oup.com/cybersecurity/article/10/1/tyae021/7900092?searchresult=1

Leave a Reply

Your email address will not be published. Required fields are marked *