Cybercrime's Newest Victim? KnowBe4 Challenges "Inaccurate' Study Labeling Neurotic Women More Likely to be Phish-Prone


A recent article detailed a study that says neurotic women are more likely to fall for internet scams. KnowBe4 founder, Stu Sjouwerman, says cybercrime does not discriminate, and everyone is equally vulnerable.

(TAMPA BAY, FL), Oct. 28, 2013 -- Phishing scams, designed to trick users into revealing confidential information, have become highly refined--scammers are now targeting high-profile companies, as well as individuals via social media sites (1).  A recently-published Softpedia article detailed a study conducted by researchers at the Polytechnic Institute ofNew York University (NYU-Poly) which determined that women who--according to a personality assessment--were neurotic were most likely to fall for phishing scams (2). Stu Sjouwerman, Internet security expert and founder of Internet security awareness training firm KnowBe4, says the study was inundated with ambiguity and inaccuracies, making the results unreliable.

According to Sjouwerman, the IT community remains overwhelmed with falsehoods about cybercrime, and NYU-Poly's labeling of "neurotic women" as being more susceptible to phishing is yet another instance of misleading information being touted as truth.  Sjouwerman disputes the claim as false, and explains the prime mistakes that render the study inadmissible:

1. One hundred students from an undergraduate psychology class were selected and asked about their online habits and beliefs. They were also asked to rate the likelihood of having their passwords stolen, as well as other similar negative things that could happen to them online. In addition, they took a multidimensional personality assessment survey.

a. Why it is implausible: A sample of 100 people is not nearly a large enough number to create a true statistically significant sample. Furthermore, a group comprised solely of college students is far too homogeneous from which to draw valid results.

2. Subjects were sent phishing emails that promised them prizes in return for some personal information. The researchers made sure that the emails contained spelling and grammatical errors, as well as other clues that can usually help users determine whether an offer is legitimate or not.

a. Why it is implausible: Offering prizes is only a very small part of the whole gamut of social engineering. Far from sufficient testing was done to draw any kind of conclusions about why people really fall for phishing scams.

3. Seventeen percent of the students fell for the scam. Interestingly, the group had considerable computer knowledge. Most of the victims were women. However, researchers have determined that women who--according to the personality assessment they took--were neurotic were most likely to fall for the scam.

a. Why it is implausible: The real number of people falling for phishing scams, per Sjouwerman, is between 20 and 30%, and the clicks are evenly distributed between men and women. The real truth, per Sjouwerman, is that the subjects were not given sufficient and effective security awareness training.

"Businesses and individuals often think they're adequately protected against security threats because they have anti-virus software, but the reality is that cybercriminals can bypass that software by tricking you into clicking a link in a phishing email," says Sjouwerman.  "We are now in a time where we can no longer depend on anti-virus software to defend against attacks--security awareness training is the answer."

Sjouwerman's authority on cybercrime was cemented with a recent study conducted by Osterman Research, which specializes in conducting market research for IT and technology-based companies. End results of the research found that KnowBe4'ssecurity awareness training program not only increased confidence in employee capability to distinguish phishing attempts and malware, but also nearly tripled the chances of an organization decreasing its phishing problem.

As phishing and social engineering tactics became increasingly sophisticated and difficult to detect, KnowBe4 collaborated with Kevin Mitnick, once the "World's Most Wanted Hacker," and developed Kevin Mitnick Security Awareness Training, a product designed to help organizations defend against network insecurity.  But as cybercriminals constantly refine their techniques, KnowBe4 has announced that an upgraded Kevin Mitnick Security Awareness Training is in the beginning stages, and will be unveiled in 2014.  The program is interactive and web-based, and includes case studies, live demonstration videos and short tests.  The initial training session can be completed in 30 to 40 minutes, with follow-up phishing security tests to help keep employees on their toes.

KnowBe4 is comprised of over 300 customers, 42% of which are banks and credit unions, and has successfully reduced the rate of employees clicking on spear-phishing links by up to 80% or more.

For more information about KnowBe4 and its services, contact KnowBe4 online at www.knowbe4.com.

About Stu Sjouwerman and KnowBe4:
Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. He and his colleagues work with companies in many different industries, including highly-regulated fields such as healthcare, finance and insurance. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.

1.   Egan, Matt.  "McAfee: Beware of ObamaCare Phishing Scams."  Foxbusiness.com.  Fox News, 1 Oct. 2013.  Web.  14 Oct. 2013.  foxbusiness.com/industries/2013/10/01/mcafee-warns-phishing-scams-tied-to-obamacare-launch/.

2.   Kovacs, Eduard.  "You're More Likely to Fall for a Phishing Scam If You're a Neurotic Woman--Study."  N.p., 2 Oct. 2013.  Web.  14 Oct. 2013.  news.softpedia.com/news/You-re-More-Likely-to-Fall-for-a-Phishing-Scam-If-You-re-a-Neurotic-Woman-Study-387984.shtml.

Get the latest about social engineering

Subscribe to CyberheistNews