“Congratulations! You have just won 30 million euros – follow the link to grab it!”, said the message I received last week. Honestly, it was too much to be true. However, manipulation of human emotions is what cyber attackers do. Methods they use are borrowed from practical psychology and relate to social engineering. Playing with human feelings, fears and reflexes allows cyber criminals to gain access to the information they look for.
When creating phishing email messages, attackers have two main goals: gain the user’s password or try to force a certain file download. Unfortunately, the level of user awareness about modern cyber threats is still rather low. In this post I will describe the basic techniques to help you recognize a trap.
When you work hard, you receive and reply tons of emails every day. It can be difficult to focus on every message, whether you work in the office or from home.
You get an email message that contains an attachment or a link in its body. Lack of attention especially re-enforced by respect for authorities can persuade you to open the document without checking it twice.
Our digital profiles are as precious as gold for us. Business and personal data, access to social networks and online banking – it is all online. Anybody would be scared to have their money, data and reputation compromised.
Fear especially boosted by the sense of urgency would make ordinary users go to change their passwords straight away, clicking the link in the email. Unfortunately, it would lead to a phishing web page looking identical to the real one.
The pandemic and the current economic situation also increase human fears. In this scenario attackers send mass phishing messages simulating notifications from the national health system (especially in this period), judicial or executive authorities, tax offices etc. Fear can take advantage over rational thoughts and trigger the user to react emotionally. That is exactly what the cybercriminal is waiting for.
You receive an email stating that some messages were not delivered due to server problems. What if you missed something important?
Many people are curious by nature and cannot resist the temptation to click the link, even if they have not sent any message recently. By the way, it is one of the most popular methods to conduct a phishing attack.
Oh no! It is never the right moment to receive such a message. Especially if you are in a hurry, accomplishing a few urgent tasks while attending a call with colleagues.
Following the link, you can even find your login already there, so you are just entering your password and… you get hacked!
Learn more about the way you can train non-IT teams inside your organization to recognize manipulation of human emotions attempts alongside the other basics of cyber security awareness.
Image by dart ok target
|_ga||2 years||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.|
|_gat_gtag_UA_150416163_1||1 minute||Set by Google to distinguish users.|
|_gid||1 day||Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.|
|pardot||past||The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.|
|visitor_id909942-hash||10 years||No description|
|lpv909942||30 minutes||No description|
|visitor_id909942||10 years||No description|