Phish in a Barrel

Cyber attacks target the most vulnerable.

Somewhere in cyberspace, someone is creeping on your Facebook page, studying your LinkedIn account, scoping out your company’s website, and Googling your name. Using information you trust, she is crafting the perfect email, and it’s headed for your inbox. In one click, a split second, you hand over the keys to your little kingdom: passwords, retirement accounts, credit cards. What if this personal crisis became a national crisis? What if you are a top-level politician or the CEO of a multinational corporation? In that case, the livelihood of millions might be at stake, or democracy threatened.

In their interdisciplinary research on phishing, University of Florida Professor of Psychology Natalie Ebner and Professor of Electrical and Computer Engineering Daniela Oliveira have found that older adults are particularly vulnerable to phishing. Those who are leaders of industry or politics are favorite targets for phishing attacks, particularly what’s known as spear phishing — a form of social engineering that uses deception to get someone to reveal personal or financial information, which can then be used fraudulently.

portrait of sweet womanNatalie Ebner

“Cognition alone does not explain why individuals fall for social engineering attacks.”

Older people are high in crystallized intelligence, which is based on experience and ability to see the big picture. But fluid intelligence — how fast our brains process information and how our memory works — declines with age, and that can make older adults susceptible to spear phishing. Ebner’s and Oliveira’s research groups study how susceptible people are to weapons of influence in social engineering. “Cognition alone does not explain why individuals fall for social engineering attacks,” says Ebner. “In fact, our data suggest that low self-reported positive affect, such as feelings of unhappiness or loneliness, constitutes another risk factor, particularly in the oldest individuals.”

Social media, the outlet for manufactured happiness, can be a social engineer’s best friend. Things that seem innocuous, such as employees taking pictures of their cubicles and coworkers, or posting pictures that contain company badges, or clients tagging a company on Twitter or Facebook, provide fodder for phishing attacks. This blending of personal and professional social media works to the social engineer’s advantage.

“Older adults often occupy positions of power in organizations and politics, and thus online deception of these individuals can result in negative consequences with broad societal impact,” Ebner says. Research shows that sensitivity to deception decreases as people age. As people become more trusting, they become more vulnerable.

Read more at UF News.


To support the people, program, or research featured in this story, please visit

Psychology Department Fund

Dean’s Fund for Excellence