Half web users click on links from unknown senders even though they know it could infect their computer with a virus.
New research reveals main reason for ignoring warnings about opening spam (here shamelessly soundtracked by Monty Python's Spam Song) from unrecognised sources is ... curiosity.
Research led by University of Erlangen-Nuremberg chairman of computer science Dr Zinaida Benenson reveals more than half email users are just too intrigued to ignore junk mail.
She and her team ran two studies in which they sent around 1,700 students emails or Facebook messages under a false name with fake posts promising pictures from a party the previous weekend in a link.
LOCAL NEWS: Taser used by South Yorkshire Police officers
As a means of luring their targets even more, messages signed off with one of the ten most commonly used names.
Fifty-six per cent of students fell for the fake emails and 40 per cent were tricked by the Facebook message, despite admitting they knew risks involved.
Dr Benenson said: "The overall results surprised us as 78 percent of participants stated in the questionnaire that they were aware of the risks of unknown links."
The two studies adopted different approaches to lure their targets. In the first, researchers addressed the subjects by their first names while, in the second, they did not address them personally but gave more detail about the photos - a New Year's Eve party the week before.
For the Facebook messages the researchers created public and private profiles. There were different results in each study. In the first study 56 per cent of students clicked on the link via email and 38 per cent via Facebook. In the second study only 20 per cent clicked on the link via email and 42 per cent via Facebook.
When asked why they clicked on the link, the large majority of participants said that it was due to curiosity about the photos or the identity of the sender.
Other users said that they knew someone with the sender's name or had been to a party the previous week where there were people they did not know.
Dr Benenson continued: "Conversely, one in two of the people who did not click on the link said that the reason for this was that they did not recognise the sender's name.
"Five percent stated that they wanted to protect the sender's privacy by not looking at photos that were not meant for them."
She concluded that most people can be easily fooled by fake messages. "I think that, with careful planning and execution, anyone can be made to click on this type of link, even it's just out of curiosity."I don't think one hundred percent security is possible.
"Nevertheless, further research is required to develop ways of making users, such as employees in companies, more aware of such attacks."