How do hackers get someone else’s access data and passwords? You ask for it. Flattery, dangerous curiosity or misunderstood willingness to help, especially in the run-up to Christmas, can be the door opener. HP names the six most common psychological tricks used by cybercriminals.
Social engineering attacks – the art of getting someone to do things they shouldn’t be doing. The attackers use deeply rooted mechanisms of the human psyche to manipulate their opponents. They turn off healthy skepticism and tempt you to take action with far-reaching consequences. The psychological tricks are amazingly simple.
- Everyone is susceptible to flattery: cybercriminals exploit human weaknesses such as vanity and pride. If employees report in the social networks about their achievements or successes, hackers like to use this information to get sensitive data through flattery.
- Exploiting your willingness to help: Most people have a more or less strong urge to help other people. Hackers take advantage of these noble motives. In doing so, they use seasonal opportunities such as the pre-Christmas period or invent an emergency in which they trust their victims to be willing to help. For example, the attackers pretend to be stressed colleagues under pressure and urgently need support. Especially in large companies, there is a high probability that not all employees know each other and can easily be deceived in terms of company affiliation or skills. Calls for donations during the Christmas season are a popular tool for cybercriminals.
- Build up the pressure and stir up fear: In a stressful situation, people react differently, and critical questioning often falls by the wayside. The attackers take advantage of this fact and threaten serious consequences or possible penalties if they fail to act. A popular example is overdue fines in fake billing emails. Another method used by phishing scammers is to create artificial time pressure: With sentences like “Act now or an important project is in danger”, the attackers pretend to be superiors or authorities and thus exploit the natural hierarchy in companies.
- Focus on common ground: By citing what they think they have in common, cybercriminals create the necessary trust for their further activities. Reference is made to a recent conversation on a topic or detailed information that theoretically only the person and their conversation partner can know. The attackers obtain knowledge about this from eavesdropping attacks or social media accounts.
- Awaken Curiosity: Human curiosity is still one of the surest ways to capitalize. Cybercriminals prefer to use current topics as hooks. Employees are promised explosive information or “shocking pictures” of current events by clicking on the infected file attachment in an email.
- Reward Promised: Spam and phishing scammers try to appeal to human greed. Simple promises are sufficient for this: a reward or possible benefits, such as employee discounts, are promised. Especially at Christmas time, when providers advertise with extremely cheap deals, and many want to grab them quickly when hunting for the perfect gift, the wave of fraud does not stop.
No one is immune from tall tales, manipulation, or flattery. The social engineering attackers use the information they have gained from eavesdropping or spying on social media. Once they have gained the trust of their counterpart, they try to penetrate deep into the company network with the help of malware-infected email attachments, compromised links or by disclosing sensitive data.