The Psychology of Phishing

An anonymous reader writes Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals understand that we are a generation of clickers and they use this to their advantage. They will take the time to create sophisticated phishing emails because they understand that today users can tell-apart spam annoyances from useful email, however they still find it difficult identifying phishing emails, particularly when they are tailored to suit each recipient individually. Fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link. To put that into context a legitimate marketing department at a FTSE 100 company typically expects less than a 2% click rate on their advertising campaigns. So, how are the cybercriminals out-marketing the marketing experts?

Re:well

[Joe Gillian]

I think it's more that the criminals tend to structure their phishing emails around things that look like they need to be clicked - I've seen a lot of phishing emails that purport to be from the reader's bank (I've gotten a few of these, all mimicking banks I don't use) telling them that fraud has been detected on their account or that there's some other urgent issue threatening their money. A lot of people will click these things without even giving it a second thought because to them, it looks like their life savings/credit score are at stake.