When I worked as a Principal Researcher at RSA Labs around year 2000, I was tasked to identify what might affect our revenue stream. “Anything,” I thought. Upon further reflection, I argued that criminals would start trying to steal passwords to gain access to accounts, transfer funds and steal information. This, of course, is what we now call phishing.
My colleagues weren’t convinced. “Nobody would be that dumb,” was the most common response.
Falling for phishing is not about being dumb, but rather about not paying sufficient attention. In either case, nearly 20 years ago, there was no evidence that people could be tricked, so I devised some experiments to test my hypothesis.
