.jpg?width=400&height=199&name=iStock-1284435908%20(1).jpg)
Employees who multitask are significantly more vulnerable to phishing attacks, according to a study from the University at Albany published in the European Journal of Information Systems.
“In real-world settings, users are frequently engaged in other digital tasks when a suspicious message appears, requiring them to momentarily interrupt their workflow,” the researchers write. “Under such multitasking conditions, phishing detection becomes a secondary, interrupting task that must compete for attention and cognitive resources.”
Attackers exploit fundamental human vulnerabilities to trick victims into clicking on malicious links or downloading malware. If users are aware of the hallmarks of social engineering attacks, they can build a healthy sense of suspicion that alerts them to these red flags.
“Key tactics used in crafting phishing messages include urgency, reciprocity, authority, scarcity, consistency, fear, and liking, all of which significantly heighten individuals’ phishing vulnerability,” the researchers write.
“Message framing is another critical factor. Messages that include gain or loss framing—emphasising potential rewards or the risk of loss—can make individuals more vulnerable, as humans tend to approach rewards and avoid losses….Additionally, emotional cues embedded in phishing messages, particularly those inducing positive valence and low certainty, have been shown to increase susceptibility.”
While it’s not feasible to ask employees to stop multitasking, there are measures that can increase their ability to detect phishing attacks during the course of their workdays. Security awareness training with realistic phishing simulations can help employees be more vigilant even while they’re busy. If employees know they’re going to receive simulated phishing emails, they’ll be more likely to spot the real ones.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Digital Information World has the story.
