40% of Facebook Users click on the Malicious Links

According to a study conducted by Friedrich-Alexander University (FAU) of Erlangen-Nuremberg, Germany, about 40% users are susceptible to Facebook phishing and 56% of the email recipients click on phishy links from unknown senders. As per the study, it is the curiosity which drives them. Links titled like “Amazing Birthday Pictures” or so can easily invoke curiosity among Facebook users and make them click it.

The study led by FAU Computer Science Department Chair Dr. Zinaida Benenson, were released at the Black Hat 2016 conference. The entire study was divided into two sub-studies or experiments in which the the researchers sent fake messages, under false names, to about 1,700 FAU students. These links were sent on Facebook and through Email. The messages were signed with one of 10 of the most common names for the target group’s generation. Further the messages sent on both Facebook and the email were laced with a link and text that served as a click bait. In this study the text was titled “Photos from a New Year’s Eve party?! Bring it on!!”. It was done for the purpose of “Social Engineering”.

Once the user clicked on the bogus link he was taken to an altogether different page that displayed the message “Access Denied” which enabled the researchers to measure the rates at which the targets clicked through. Afterwards the test subjects were sent a questionnaire asking :

1. Asked them to rate their own awareness of security.
2. Explained the experiment.
3. Asked them why they did or didn’t click on the link.

In the first sub-study the subjects were addressed by their first names while in the second study they were not addressed by their first names but instead were fed more information about the party where the photos were supposedly taken. Adequate care was taken to address the issue of bogus profiles.

The results of the two studies:

• In the first study 56% of the email recipients and 38% of the Facebook message recipients clicked on the links.
• In the second study, 20% of email recipients clicked through, while the percentage of Facebook users who clicked went up to 42%.

The conclusions of the study are quite clear. Firstly, the subjects can more easily be socially engineered to click on suspicious links by raising their curiosity. Secondly, the email recipients are more likely to click when they are sent an email which is personally addressed to them by their first name. A good number of Facebook users also fall prey to this. But less people are likely to click on the link in their email when it is not addressed to them by their first name. However on Facebook, more users will fall prey to curiosity which is raised by making the text attractive.