If you think you could never fall for a cyber scam or a phishing attack, you may actually be increasing the odds that you will be susceptible to this type of crime. A recent study conducted by a team of researchers from the NYU Department of Psychology and the NYU Tandon Department of Electrical and Computer Engineering reveals that those who feel less likely to be taken in by such scams seriously underestimate their vulnerability to such risks. This overconfidence in one’s own ability to detect scam can cause us to overlook data, or “base rate information,” that could otherwise help us recognize and avoid risk.

As published in the journal Comprehensive Results in Social Psychology in May 2020, this effect is partially explained by “differences in how we use base rate information, or actual data on how many people are actually victimized by such scams,” notes co-author Quanyan Zhu, an associate professor at Tandon and a member of the Center for Cybersecurity. “We avoid it when assessing our own behavior, but use it in making judgments about actions others might take. Because we’re less informed in assessing our actions, our vulnerability to phishing may be greater.”

The study has been covered in a number of media outlets, such as The Ladders, Science Daily, and the British Psychological Society Research Digest. The article, which was co-written by Emily Balcetis, an associate professor in New York University’s Department of Psychology, and E. Blair Cox, who is research laboratory manager of NYU’s SPAM Lab, can be read here, or a press release summarizing the work can be read here.