Phishing attacks often seem rudimentary. With their spelling and grammar errors, blurry replicas of company logos and conspicuous twists on sender names, they should be easy to spot, shouldn’t they?
So why is it, instead of dying down, phishing attacks are on the rise?
Why is it phishing emails are more likely to cause a breach than any other form of cyber attack?
Why are phishing attacks successful?
Phishing emails rely on psychology
Dig beneath the skin of a typical phishing email and you’ll soon see it isn’t as “rudimentary” as it might first appear.
Phishing emails – even the most haphazard – invariably aim to manipulate recipients psychologically. Criminals are fully aware of the power of psychology, and know that if their emails tick certain boxes there’s a chance they’ll lure victims in… no matter how poor their speelling and grammer.
Phishing emails might play on the human desire to help those in need, for example, which you can see in emails purporting to be from a distressed friend in need of help.
Or phishing emails might take advantage of the human tendency to obey authority – which explains the crime known as CEO fraud. CEO fraud is disturbingly simple: criminals purport to be a figure of authority, such as a CEO, and do little more than demand accounts departments transfer large sums of cash. Occasionally, thanks to their desire to obey, accounts departments comply.
Elsewhere, around sales such as Black Friday, criminals build scarcity into their phishing emails. Commitment, consistency, social proof, rapport; criminals routinely use known weapons of influence in their phishing emails to encourage recipients to take some extraordinary actions.
So phishing emails might be filled with spelling errors, typos and inconsistencies… but they can (and do) still influence people’s behaviour. Because, more often than not, it’s psychology that explains why phishing attacks are successful.
Empowering people to defend against phishing
Fortunately, when you know why phishing attacks are successful, you can begin to reverse the trend – and even use psychology to counter threats such as phishing.
CybSafe, for example, is developed in collaboration with psychologists and behavioural scientists. It uses pioneering research from leading academics to ensure people take a genuine interest in cyber security and respond to attacks in the appropriate manner. In doing so, the platform empowers people to spot and shut down phishing attacks at source, ensuring the attacks can do no damage.
In some security circles, people are routinely seen as a cyber weakness. At CybSafe, we actually think the opposite is true.
Clearly, engaged people who actively prevent cyber attacks are far from a weakness.
When properly empowered, people are our ultimate cyber defence.