Half of small and medium-sized businesses in the UK have suffered a cyberattack in the past year, and 54% of attacked businesses have suffered a financial loss as a result. Most of these cases were targets of ransomware or phishing, which are often used as a means to distribute malware.
We’ve all heard about these online scams. Our long-lost aunt left us her £1 million in her will and all we have to do is click on the link and receive the money This is a terrible email. Many of us think it’s funny, but how can people be fooled by something so simple?
How do cybercriminals actually get away with phishing, BEC scams, or other seemingly simple online scams? Unfortunately, scams aren’t as easy to identify as we think. The reality is that many people fall for scams. Many cybercriminals use a variety of tactics to exploit our psychology and habits, easily fooling even security-conscious employees into making mistakes. Successful scams depend on hitting the right target at the right time, and the fact that phishing emails and fake websites are becoming increasingly convincing doesn’t help.
How does the Internet enable cybercrime?
What many people don’t realize is how much the Internet actually facilitates cybercrime. The World Wide Web has created important opportunities, allowing people to connect around the world, but it also facilitates illegal and anonymous online activity.
The Internet allows people to act more confidently because they can hide behind a curtain of anonymity. Similarly, cybercriminals use this to create different personas to deceive their victims. They may use the Internet as a safety blanket to hide behind and present themselves as authoritative or trustworthy. Also, the lack of physical presence and contact makes it easier for attackers to feel disconnected from their crimes and their victims. This means that attackers are no longer afraid of getting caught, and instead become bolder in their actions. Add to this the general lack of regulation and the fact that the internet is expanding the victim base for criminals, and we have a perfect storm.
Co-founder and CEO of CyberSmart.
How do cybercriminals exploit us?
Moreover, threat actors are well aware of our all-too-human weaknesses and are quick to exploit them for deceptive schemes. One way is to create a sense of urgency. This is seen in phishing attacks, where threat actors create fake “emergencies” that require quick action, such as a friend or family member needing money for medical bills or other financial support. It can also look like a chance to win, or have already won, a prize, usually in the form of a large cash prize. The time pressure causes victims to panic and lose their sense of logic and end up clicking on malicious links or entering their personal information on fake girlfriend websites.
Additionally, the online personas created by cybercriminals often appear very personal, leading victims to idealize the stranger behind the avatar. This situation is further exacerbated by the large amount of information found online (e.g. on social media platforms), which cybercriminals can use to create more targeted attacks. For example, instant her messaging allows cybercriminals to exploit the emotional heuristic cognitive bias (the human tendency to be overly influenced by emotions). They know exactly how to manipulate their victims into rapport very quickly, falsely gaining trust, and coaxing victims into disclosing personal and confidential information without much prompting. I am. Similarly, they can use familiar names or logos to make emails seem more legitimate, taking advantage of victims’ tendency to respect authority or bias towards authority. As a result, victims become less critical and tend to act more impulsively. An example of this was seen in the impersonation of the World Health Organization (WHO) surrounding the pandemic. This scam was so widespread that the NCSC had to issue a warning and alert the public.
Other cognitive biases that can influence an individual’s response to fraud include decision fatigue, choice overload (individuals being overwhelmed with decisions, information, and communication), and anchoring and herd mentality. Anchoring allows employees to focus only on new information being shared, such as the latest threats to be aware of, and may overlook other signs and dangers. Therefore, you may not think to fall victim to what appears to be a simple scam. Herd mentality risks causing employees to follow the crowd when it comes to lackluster security practices. For example, sharing passwords or valuable information may not be so dangerous if other employees have done it and haven’t had a bad experience.
How can psychology help improve cybersecurity?
But not all hope is lost. While cybercriminals can exploit our psychology to carry out their plans, we can also take the time to understand our own psychological tendencies and better protect ourselves.
By understanding how deception affects human decision-making, small businesses can develop better protections and response plans. It’s a good idea to start regular security awareness training to spot the telltale signs of phishing and BEC attacks. Additionally, leaders should use their self-efficacy and response effectiveness to encourage employees to become more security-aware. Self-efficacy refers to an individual’s ability to respond to threats. Leaders can use positive reinforcement and encouragement to increase employees’ confidence in how to respond to potential fraud. One way she accomplishes this is by giving public recognition for her successful work. Response effectiveness relates to the training and controls used to respond to threats within an organization. These must be easy to use, high quality and timely to improve the user experience.
Additionally, it’s important for small businesses to understand the basics of good cybersecurity. One way he does that is by becoming certified in Cyber Essentials. It is a UK government scheme that covers the basics of cyber hygiene and helps businesses protect against 98.5% of the most common cyber threats, particularly those aimed at deception and manipulation. their target.
In the physical world, interactions include cues, expressions, and behaviors that help others understand potentially deceptive intentions. This is not the case in the cyber world. That’s why it’s so important for individuals and organizations to understand what digital cues to look out for that could indicate illegal activity, potential attacks, or fraud.
We’ve featured the best encryption software.