Spear phishing psychology

[harlan4096]

When speaking about vulnerabilities, we generally mean coding errors and weaknesses in information systems. However, other vulnerabilities exist right in a potential victim’s head.

It’s not a question of lack of awareness or neglect of cybersecurity — the way to deal with those problems is more or less clear. No, it’s just that the user’s brain sometimes functions a little differently than IT security gurus would like, under the influence of social engineering.

Social engineering is essentially a fusion of sociology and psychology. It is a set of techniques for creating an environment that leads to a predetermined result. By playing on people’s fears, emotions, feelings, and reflexes, cybercriminals can gain access to useful information. And it is largely this “science” that lies at the heart of most of today’s targeted attacks.

Four main feelings that scammers prey on:

• Curiosity
  
  
• Pity
  
  
• Fear
  
  
• Greed
  

It wouldn’t be right to call them [i]vulnerabilities[/i]; they are simply natural human emotions. Perhaps a more apt description would be “channels of influence” through which manipulators try to sway their victims, ideally in such a way that the brain is actuated automatically, without the application of critical thinking. To achieve this, cybercriminals have plenty of tricks up their sleeve. Sure, some ploys work better on some people than others. But we decided to take a look at a few of the most common, and explain exactly how they are used.

Full reading: https://www.kaspersky.com/blog/phishing-...ogy/25440/