UTSA study shows how phishing scams thrive on overconfidence
(Jan. 9, 2017) -- A new study by H.R. Rao, AT&T Distinguished Chair in Infrastructure Assurance and Security at The University of Texas at San Antonio (UTSA), examines overconfidence in detecting phishing e-mails. According to Rao, most people believe they're smarter than the criminals behind these schemes, which is why so many fall easily into a trap.
"A big advantage for phishers is self efficacy," Rao, a UTSA College of Business faculty member, said. "Many times, people think they know more than they actually do, and are smarter than someone trying to pull of a scam via an e-mail."
However, phishing has continued to evolve with the internet. It's no longer strangers posing as troubled Nigerian princes looking to cheat the average person out of their credit card information. Instead, phishing e-mails often look like messages from companies ordinary people recognize and trust.
"They're getting very good at mimicking the logos of popular companies," Rao said.
The researcher was actually nearly caught up in a phishing scam last year, when an e-mail that appeared to be from UPS informed him that there was a problem with a package he had sent. Even Rao, a highly experienced cybersecurity researcher, nearly fell for the scam, as he happened to have recently mailed a package via UPS.
"In any of these situations, overconfidence is always a killer," he said.
Rao's study, which he collaborated on with colleagues from The University of Texas at Arlington and Columbia College, utilized an experimental survey that had subjects choose between the genuine and the sinister e-mails that he and his colleagues had created for the project. Afterward, the subjects explained why they made their choices, which allowed Rao to classify which type of overconfidence was playing a role in their decision-making processes.
"Our study's focus on different types of over-confidence is unique, and allows us to understand why certain tactics appeal to different people," Rao said. "It helps us to figure out ways to teach people to guard against these kinds of methods."
According to Rao, people will continue to be victimized by phishing scams until the public becomes better educated and, subsequently, less overconfident. He suggested citizen workshops or even an online game that would inform people of the newer every day dangers of the internet.
"Thousands of e-mails are sent out every day with the aim of harming someone or gaining access to their financial information," Rao said. "Avoiding that kind of damage is entirely in our own hands."
UTSA is ranked among the top 400 universities in the world and among the top 100 in the nation, according to Times Higher Education.
Read H.R. Rao's study "Overconfidence in Phishing E-mail Detection."
Learn more about the UTSA Department of Information Systems and Cyber Security.
Learn more about cybersecurity at UTSA.
The virtial event will feature undergraduate student research and creative endeavors from across the university. Students who have participated in research experiences beginning summer 2020 through Spring 2021 are invited to participate.Virtual Event
By participating in this training you will feel more prepared to recognize potential harm on a spectrum, decide how you would respond in certain situations and take action to keep our Roadrunner Community safe.Virtual Event
At UTSA, there are many ways to connect with others, gain relevant career experience, and leave your mark at a world-ranked university. With over 300 student organizations, there’s something for everyone at UTSA. Hear from various UTSA Students Leaders about their life as a Roadrunner and why UTSA is their new home.Virtual Event
This course is offered by UTSA's Employee Assistance Program EAP Deer Oaks. Every new beginning comes from something else ending, and in our ever changing world, it is essential to develop the ability topositively cope with change. This session provides participants with the insight to understand the nature of change and learn how to effectively deal with both the losses and the gains that change brings to one’s life.Virtual Event
On April 28, 2021, millions of people across the world will wear jeans with a purpose, support survivors, and educate themselves and others about all forms of sexual violence. To support this movement our donation drive will be items that we will be putting together to make Care Kits. These Care Kits are for students, faculty and staff to get in case of an emergency and they need to leave the situation they're in ASAP and do not have time to pack.Ximenas Ave Garage
ISD Saturdays are an exclusive opportunity for students at an ISD in San Antonio. Each event will group various districts together for each presentation date or session.Virtual Event
Floor captains play a critical role in emergency preparedness, safety awareness and crime prevention techniques throughout the university. They focus on safety and security initiatives while providing guidance and direction to building occupants. During emergency activations, they assist with required evacuations and reentry, shelter-in-place commands, interface with police and other first responders, and help those who may require assistancer.MyTraining Webinar