How your Brain is affected by Phishing Scams
A recent study says that people are more mindful of online safety issues than what experts had previously believed. An article on phys.org says that Nitesh Saxena, PhD, wanted to know what goes on in users’ brains when they come upon malicious websites or malware warnings.
Study subjects were asked to tell the authentic login pages of popular websites from phony replications. A second task for them was to differentiate between harmless pop-ups while they read some news articles and pop-ups with malware warnings.
The fMRI showed brain activity as it corresponded to the users’ online activity: attention, making decisions, solving problems. The images lit up for both tasks, but of course, fMRI can’t tell if the user is making the right decision.
That aside, the results were that the users were accurate 89 percent of the time with the malware warning task. When users were met with malware warnings, the language comprehension area of the brain lit up. Saxena states in the phys.org article, “Warnings trigger some sort of thought process in people’s brains that there is something unusual going on.”
The accuracy rate of telling an authentic website from a phony one was just 60 percent. Saxena believes this might be because users don’t know what to look for. For instance, they don’t know to look at the URL, which can give away the phoniness.
This study also had the participants complete a personality evaluation to measure impulsiveness. The fMRI images revealed differences based on impulsivity. Saxena says there was a “negative correlation” between brain activity and impulsive behavior. The impulsive user is prone to hastily clicking “yes” to proceed, when a malware warning pops up.
There was less brain activity in the key cerebral areas of decision-making in the users who had greater degrees of impulsivity.
This study has potential applications for the improved design of malware warning systems. These results can also assist company managers by identifying impulsive workers who need stronger online security training.