Most of us know it’s dangerous to click on a link from an unknown sender, but that doesn’t stop us from doing it. In a recent study conducted by Germany's University of Erlangen-Nuremberg (FAU), up to 56 percent of email users and 42 percent of Facebook users clicked on a link sent by an unknown sender, despite the fact that 78 percent of participants claimed they were aware of the risks associated with unknown links.
In order to gauge what drives people to click on potentially dangerous links, FAU professor Zinaida Benenson and her team emailed or Facebook messaged 1700 FAU students, using a fake name. In their first experiment, researchers addressed the study’s unknowing participants by name, then provided a link which they claimed contained images taken at a party the previous weekend. In their second experiment, researchers didn’t include participants’ names in the message, but included more details about the party (it was a New Year's Eve party). If participants of either experiment clicked on the link, they were sent to a website that revealed an error message but logged their clicks.
In the first experiment, 56 percent of email users and 38 percent of Facebook users clicked the link, while in the second experiment, 20 percent of email users and 42 percent of Facebook users clicked on it.
Researchers then sent out a follow-up email with a questionnaire and description of the study. They questioned participants about their knowledge of online safety and security, and asked them why they clicked on the link. Though the majority of participants claimed to know that mysterious links can be risky, they said they clicked the links anyway out of simple curiosity.
Researchers say the study shows how easy it is to trick people into opening dangerous links, and serves as a reminder to be careful what you click on. “I think that, with careful planning and execution, anyone can be made to click on this type of link, even it’s just out of curiosity,” Benenson explains. “I don’t think one hundred percent security is possible. Nevertheless, further research is required to develop ways of making users, such as employees in companies, more aware of such attacks.”