Skip to main content Text-only Version

The Psychology of Phishing

GRAPHIC: Phishing image with fishing hook grabbing email, other items from PC monitor

Students, faculty, and staff are taught the basics of phishing: to be mindful of misspellings, unrealistic money offers, and password requests. Scammers have transitioned from information-rich emails to more simplistic emails, but the goals remain the same:

1. Invoke fear

Often, “URGENT!” is included in the subject line to make potential victims act fast without thinking. This method was used in the recent phishing scam that targeted President Fuchs. It is common practice to target people who are required to respond to higher-level staff members such as organizational presidents, directors, and deans because they are afraid to disappoint their superior, regardless of the request.

2. Build trust

According to Webroot, approximately 1.5 million phishing websites are created each month. These fraudulent websites are embedded in emails that make you feel as if you are emailing with a person or a group known to you–like the UF Computing Help Desk. The goal is to get a potential victim to trust the message enough and invoke a response (i.e., a click.)  

3. Get information

A big misconception about phishing scams is that they only want money. In many cases, cybercriminals are interested in stealing company data (medical or student financial records) or intellectual property (research). Institutions like UF are targeted because faculty have advanced research that is internationally desirable.

If you suspect an email in your UF inbox is a phishing email or may contain a malicious link, then please forward it to abuse@ufl.edu.