September 6, 2021
Hacking computers, hacking networks, hacking people. Yes, people. And not just any people, but your people. Bob in sales, Gemma who has the corner desk, even you. Cyber criminals have gotten wise to how the human mind works meaning they are preying on our fears, doubts, and uncertainties and making a lot of money out of it too.
Social engineering is a cyber attack which manipulates and exploits our insecurities, and they are on the rise. You may be aware of the onslaught of phone calls from bogus numbers in recent months as phone scammers use sophisticated techniques to peel our money away from us and access private information. These “human hacking” scams convince us to part with details which can influence malware attacks or encourage us to expose data.
It’s a clever system really when you think about it as hackers exploit our own knowledge and use what we share against us. They navigate our emotions and vulnerabilities by leveraging psychology to open the door to our bank accounts and to our organisations. Covid-19 has added to the rise of social engineering scams as they explore our weaknesses driven by fear during an already significantly stressful time.
Jenny Radcliffe, the Founder and Director of Human Factor Security, a social-engineering-focused cybersecurity firm, says
“Criminals use the fear, the uncertainty, and the doubt—or FUD as we call it in the business—to create this atmosphere of uncertainty in people’s heads. In that atmosphere it seems easier to click on a link. It seems like an easy way out, and something we can do to get rid of this state of cognitive disarray.”
These hackers build up our trust, isolate us from our rational thinking, and confuse their intentions. And they do so expertly. These scams work because they know what they are doing, and they know how to manipulate the human mind.
The idea is to mislead us into behaviours which will make us vulnerable. The dialogue will manipulate our emotions and heighten our stress or enthusiasm levels. The issue at hand will also be time sensitive making us act abruptly and often unconsciously. And we trust them. Somehow, some way, they persuade us to have confidence in what they are saying.
There are so many. From phishing attacks through email, phone calls, text messages, search engines, or URL phishing. There are baiting attacks through email attachments or abandoned hard drives. Or social engineering attacks through means of developing a relationship and pretext. Anything which navigates your emotions and makes you vulnerable is potentially harmful.
If in doubt ask yourself these questions:
· Are my emotions intensified?
· Is the offer too good to be true?
· Do I know where an email, text, or call is coming from?
· Are attachments or links suspicious?
· Are they really who they say they are, and can they prove it?
“To make your organization more secure—post, pre, and during this pandemic—the answer is, was, and always will be in people,” says Radcliffe. Invest in the mindset of your people, teach them to be aware, and conscious of provoking attacks which could irreparably damage your business. Build a policy of one for all, and all for one by making sure your employees know no one is to blame if defences are purged or lowered. These are sophisticated scams which need preventative measures. Be alert, ask questions, and ensure everyone knows the security policy in place to counter these cyber criminals.