Directive Blogs
Be Wary of Hackers’ Psychological Attacks!
There's a computer security threat so menacing that not even the best security technology can stop it. It's called psychology, and it's used with email phishing scams to trick users into overriding their security solution. The only way to stop this threat is with common sense, and unfortunately, there's no app for that.
It seems like hackers utilizing phishing scams all have degrees in psychology. They understand the human mind very well, and they use this knowledge to exploit their victims. In order to get you to click on a link in the phishing email, hackers will draft their message to play to on your fears, desires, needs, and a host of other aspects that motivates human beings.
Essentially, a phishing scam is all about getting a rise out of you. It's the hackers' hope that you will come across their message and an emotional connection will be made. They expect you to react illogically and do something that you know you shouldn't, like download the attachment to a strange email. This is something that, when you are in your right mind, you have the willpower to resist the scam's lure; but, when you're charged up after getting an email about the poor and starving orphans, then all common sense is tossed out the window and you select "override," even when your security software warns you of the risk.
One recent example of this was with hackers exploiting people's fears regarding a chaotic situation that they themselves created. Last December, it was revealed that hackers stole credit and debit card numbers from over 40 million customer accounts from the major retail store Target. For the hacker that understands the human psyche, they interpreted this hot news story as a goldmine to further victimize those that have already been defrauded, which is a total slimeball thing to do.
A scam like the Target hack is especially appealing for hackers because there are so many people worried about it, including anybody that has ever shopped at Target. When you first learned about the hack, did you panic and immediately check your credit card statement for fraudulent purchases? If you did, then there's a special phishing email made just for you.
Knowing that there would be millions of worried Target customers on the Internet, psychologically savvy hackers created a phishing email just for the occasion offering financial protection from hackers. If you were already emotional and panicked about Target's breach, then hackers wanted to exploit this so that you would immediately click on the links contained in the email--even though everybody knows that actions like clicking links in unsolicited emails is how the worst computer viruses spread.
This scam on top of a scam prompted Target to issue a warning to their customers on their website regarding phishing emails targeting customers' sensitive information: "Be wary of scams that may appear to offer protection but are really trying to get personal information from you. If you have any suspicions about the authenticity of an email or text, do not click the links in it. Please go directly to the sites you need to access."
When it comes down to it, security technology updates will always be one step behind hackers because hackers always look for new vulnerabilities and exploit them with psychology. The best thing you can do to protect yourself and your business from phishing scams is to simply avoid emotional clicking.
When you get worked up about an unsolicited email, take a step back and clear your head. You will then be able to approach the email logically and realize that there's something fishy about the phishing email. Only with a clear mind and a proper understanding of how hackers operate can you overcome hackers' psychological tricks.
Of course, there is still an immense value to having security solutions like enterprise-level email spam filters from Directive, and it's vital that you and your staff are trained to know what to look for in a phishing scam, but the security solution that works best is a clear head. Call Directive at 607.433.2200 to protect yourself from the worst of the web.