Summary

The article discusses 6 personality traits that make people more vulnerable to phishing scams. These traits are:

  • Extroverted: Extroverts tend to be more trusting and less suspicious of others, which makes them more likely to fall for phishing scams.

  • Agreeable: Agreeable people are more likely to be empathetic and want to help others, which can make them more vulnerable to phishing scams that appeal to their emotions.

  • People-pleasing: People-pleasers are more likely to go out of their way to help others, even if it means putting themselves at risk. This can make them more susceptible to phishing scams that demand urgent action.

  • Quick to trust: People who are quick to trust others are more likely to fall for phishing scams, even if the message seems suspicious.

  • Fear of or respect for authority: People who have a strong fear of or respect for authority figures are more likely to be fooled by phishing scams that pose as authority figures.

  • Poor self-control: People with poor self-control are more likely to act impulsively, which can make them more vulnerable to phishing scams that demand immediate action.

The article also provides tips for staying safe from phishing scams, such as:

  • Pause before responding to any suspicious message. Don’t click on any links or open any attachments in a message unless you are sure it is from a legitimate source.

  • Investigate the source of the message. Look for misspellings or grammatical errors in the message, which can be a sign of a scam.

  • Think carefully before reacting to the message. Don’t feel pressured to act immediately. Take some time to research the company or organization that the message claims to be from.

  • Lvxferre
    link
    fedilink
    arrow-up
    12
    ·
    1 year ago

    The key trait here is #4, being quick to trust. Everything else is circumstantial and depends on the phishing attempt.

    Other hints that the text could provide:

    • Always ask yourself “why would they contact me?” and “why would they contact me here?” (here = email, phone message etc.) Those two simple questions make 90% of the phishing attempts smell like rotten phish.
    • Look for further info. Take the Nigerian prince scam for example, on its original form; would you take it seriously if you knew that Nigeria is a republic? (No.) A websearch like “nigeria wikipedia” is pretty much a no-brain.
    • upstream@beehaw.org
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Nigerian prince isn’t phishing.

      It’s just a scam, at least the ones I’ve seen.

      Definition of phishing:

      the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

      • Lvxferre
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 year ago

        Here’s a better example then:

        Same deal - why would the bank contact you, and why by email? And why websearching this “trustedbank” shows mostly results with a similar but never identical name?

        That said scam and phishing work rather similarly: both prompt you to act against your interests, to the benefit of someone else (who claims to be a third party), offering you either a reward for action or a punishment for inaction. The same scepticism that saves you from one will also save you from another.

        • upstream@beehaw.org
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Not disagreeing, but the article/study seemed only to be interested in phishing, as a subtype of scamming. Only reason I bothered to mention it.

          There are different tactics involved in the Nigerian prince example than in most phishing attempts.

          The Nigerian prince scam assumes you are a complete idiot, while most phishing attacks disguise themselves as legitimate stuff and often try to instill a sense of urgency, hoping that you act without having time to stop and think things over.

          Package related scams are for instance more common around seasons where people order lots of packages, increasing chances of hitting someone who’s waiting for a package.

    • towerful@beehaw.org
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      I will say that a good scammer will circumvent a lot of the “earning trust” stage.
      Through social engineering or just sheer luck, they will catch you at a time when your guard is down and they will manipulate a sense of urgency.

      “Hi mom, my phone fell in the toilet and I really need it for work tomorrow. I’m using a friends phone right now, all my bank access was on that phone. I’m so stressed. Can you send me $800 via (dodgy website) so I can buy a new phone and get to work”.

      Instantly hits on an emotional pressure point. Adds a huge sense of urgency, with good reasons for an untrusted number and a dodgy payment method, and makes it seem difficult to corroborate with the mom’s kid.

      “Hello, this is your real estate agent. Unfortunately there has been a complication with the purchase of your new house. Due to extra fees, $10,000 needs to be transferred to X by midnight, otherwise the banks will reject the purchase/mortgage/whatever. Sorry for the out-of-hours contacts, I’m currently in (city) on other business and not in the office”

      Another hugely stressful scenario. Massive sense of urgency with a disastrous deadline.
      People don’t buy houses every day, and may not be fully aware of the process. They might take this as an unexpected but legit part of the process.
      Obviously, this requires significant social engineering to set the scam up in the first place (knowing someone is buying a house and roughly when). But the payout can be significant.

      The biggest piece of advice I can give is:
      If someone is applying a sense of urgency on any decision: STOP.
      Take a breather, think about the scenario. And then contact “the person/company” via another way through means you research yourself.

      If it’s on the phone, ask for a case number, Google the company and phone them directly. By text or email, same thing. Find their phone number via Google.
      If it is legitimate, an extra 30m isn’t going to harm anything. Especially if you say “sorry about that, I wasn’t sure if it was a scam or not”.