Arun Vishwanath and H. Raghav Rao, both of the University at Buffalo, and colleagues say their study, "Why Do People Get Phished?" published in the journal Decision Support Systems and Electronic Commerce, is timely in light of the online marketing firm Epsilon having its database breached by hackers recently.
Phishing is the term used for the tactic of using the names of credible businesses such as American Express, government institutions such as the Internal Revenue Service or well-known events such as Beijing Olympics to get people to divulge their usernames, passwords and credit card details.
The senders of these malicious e-mails use statements invoking fear, threat, excitement or urgency to persuade people to respond with personal and sensitive information, the study says.
"Individuals need to be extra careful when utilizing a single e-mail account to respond to all their e-mails," the researchers say in a statement. "An effective strategy is to use different e-mail accounts for different purposes. If one e-mail address is used solely for banking and another is used solely for personal communication with family and friends, it will increase your attention to the details of the e-mail and reduce the likelihood of chance-deception because of clutter."