Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

Experts: 9-Second Break Not Enough to Thwart Scams, Phishing, and Malware

Comment

Experts: 9-Second Break Not Enough to Thwart Scams, Phishing, and Malware

Netvora June 2, 2025 at 10:41 AM Security
Experts: 9-Second Break Not Enough to Thwart Scams, Phishing, and Malware

Experts: 9-Second Break Not Enough to Thwart Scams, Phishing, and Malware

By Netvora Tech News

A new awareness campaign is advising people to take a 9-second pause before clicking, downloading, or sharing to prevent scams, phishing, and malware attacks. However, security experts Bruce Schneier and Arun Vishwanath say this approach is not only unrealistic but also misguided.

The Take9 campaign, supported by numerous American organizations, urges people to take a moment to think before taking action. However, Schneier and Vishwanath argue that this advice is not feasible in today's fast-paced digital world.

A Realistic Approach

"A 9-second pause is an eternity for something routine like using your computer or phone," Schneier and Vishwanath pointed out. Additionally, it's unclear when exactly this pause should be taken, such as for every received message or every click.

The experts also question whether the campaign has been tested on real users. "I doubt they've tested this idea on actual users," they said.

The Problem Goes Deeper

Schneier and Vishwanath acknowledge that pausing can help break habits. "If we're habituated to clicking, sharing, linking, downloading, and connecting, a pause can help break that habit," they said. However, the problem goes beyond habits.

  • The problem is that people are unable to distinguish between legitimate and malicious activities.
  • It's not just a matter of taking a pause and thinking; people need to be taught how to critically evaluate information.

A More Effective Approach

A successful awareness campaign should take a two-step approach, according to Schneier and Vishwanath. First, it should instill skepticism and encourage users to look beyond the surface.

Only then can people be taught what to look out for and how to make informed decisions. "A successful campaign leads users through a two-step process: first, skepticism, and then, critical thinking," they said.

The Blame Game

The Take9 campaign also places blame on the user, implying that if they don't take a pause and make a better decision, it's their fault if an attack occurs. Schneier and Vishwanath argue that this is not only unfair but also counterproductive.

The blame game is one of the biggest mistakes in the security industry, they said. "The problem is that we've developed systems that are so insecure that normal, non-technical people can't use them with confidence."

Comments (0)

Leave a comment

Back to homepage

You might also like