AMES, Iowa – The sheer number of phishing scams that bombard our inboxes is an indication of the success scammers have in deceiving people through electronic communication. It is such a prevalent problem that some businesses are now taking action to defend against the scams by sending out fake phishing emails to educate employees who respond.
Joey George, John D. DeVries Endowed Chair in Business and a professor of information systems at Iowa State University, says our reliance on email and text messaging makes it harder to detect deception compared to personal interactions. This is especially true if the source appears credible.
“If a source seems to be reliable and honest, whether it’s reliable or not, it’ll be seen as honest. If it seems sketchy or suspicious, it’ll be judged as dishonest, whether it’s honest or not,” George said. “Even if someone is the most honest person in the world, but they come across as a little questionable, whatever they say, we’re not going to believe.”
Detecting deception is often easier through face-to-face communication or talking over the phone, said George, who recently received the Association of Information Systems’ LEO award for Lifetime Exceptional Achievement in Information Systems, for his work in the field. But traditional indicators, such as changes in pitch or long pauses in conversation, are of little help with email or text messages.
There are some textual indicators, such as the use of the word not or other negative terms, that can help detect deception, George said. Language errors, brief responses and overuse of the passive voice are other indicators of dishonesty. However, if the message appears credible, that often outweighs any red flags in text, George added.
Human resources application
Defending against phishing scams is not the only action businesses are taking to detect deception. In the human resources arena, deception is also a concern when hiring employees, George said. Several of the large hiring firms make initial contact and conduct interviews online.
While this online communication is convenient, it also presents some challenges. George says it is not uncommon for people to lie on their resumes – which can range from a slight exaggeration in job responsibilities to falsifying credentials – and it often goes undetected. Computer-based interaction makes it even more difficult to detect.
In general, people are only as good as chance in knowing when someone is lying. Training can improve that rate, but only slightly, George said. In a study published last year in the journal Computers in Human Behavior, George and his colleagues found that employees trained on cues of deception were more likely to question the sender’s credibility when communicating by email. While that paid off in some cases, it also increased the number of false alarms, George said.
“It’s never the case that you can train somebody to be 100 percent correct. You can move the needle a little bit in making people better at detecting deception, but you do that by making them more suspicious,” George said. “Businesses need to understand the training comes with a price.”
George says businesses must decide if they prefer human resources employees to be better than average when detecting deception. If they train them to be better, there is a risk of being wrong in some cases. The cost of investigating false alarms may not be worth the potential benefit, George said.
Responses to specific questions about work experience or examples of ethical dilemmas can give some insight as to whether a person is being truthful. George says if an interviewee tries to distance himself from an issue or deflects responsibility, that is a red flag.
For example, an interviewer may ask the applicant if he or she has ever been tempted to commit fraud. If the interviewee does not give a direct answer, but makes a general statement, that can be an indication of deception, George said.