The Psychology Of Phishing: The Danger Behind Some Emails
With the emergence of technologies, and specifically the development of the Internet, everything that surrounds us has been adapting to this format. Thus, criminal acts are no less. Cyberattacks are quite common and have taken many forms: spyware , adware , worms, or Trojans. Another of the most common cyberattacks is phishing , which consists of stealing information through e-mail.
This type of attack is very dangerous, since cybercriminals impersonate people or companies that require action from users. Among them, opening a malicious file or filling in a series of data -banking or personal-, which will always be to your benefit. In addition, it is a method capable of infecting many people very quickly. It is estimated that in 2019 there were more than 9 million attacks of this type.
Although a priori it may seem easy to identify these scams, which in many cases are, criminals know how to do it so that users fall into their networks. With their methods, they play with emotions and basic psychological processes of people, achieving on numerous occasions that their strategy is not identified as deceptive.
Your social engineering
Cybercriminals design their scams based on insights from sociology and social psychology. Generally, all his tricks are set up to play on four emotions: greed, curiosity, grief, and fear. The combination of these emotions makes people react almost instinctively.
So, playing with those four aspects and taking into account other social behaviors, phishing cybercriminals have generated various tactics to get us to provide them with valuable information. TO
Next, the three main behaviors that they have taken into account to attack us will be described. However, this will depend on the personal characteristics of each one and the ability to differentiate those signals that can serve as alarm.
Respect for authority
Generally, people have a tendency to follow orders or instructions, without question, from someone who has some prestige or power. That is to say, this cognitive bias causes them to ignore their own opinions or consequences for a moment and to attend, mainly out of fear, to the orders given by that higher entity.
This representation of the authority can be a head, an important state organization or even a company with a certain prestige. Thus, for phishing , criminals often use accounts that appear to be corporate or large businesses, requesting an action that may seem relevant. In this way, the recipient of the mail will consider at a first glance that what he reads is real and gives him a sense of security.
An example of this strategy are scams that have been carried out on behalf of the Tax Agency, requesting that a link be accessed with the false promise of obtaining tax refunds. Or, an e-mail from a senior manager of a company requesting that a file be opened for a new project.
The sense of urgency
This manipulation technique has been widely used in areas other than phishing , such as marketing. Basically, it consists of creating an emergency situation that puts the user in the situation of having to act quickly. When using this strategy, fear is generally used.
The mail that is received alerts the person with a danger message. For example, “you have a virus on your computer” or “someone has tried to access your personal account”. Another variation is to generate the need to be the first (“Only the first 50 people to register will get the prize”). At that point, the fear of missing the opportunity can cause us to buy or accept the proposal without considering other options.
That is, they provoke a fear that leads to a poorly considered, quick and irrational decision, ignoring aspects of the message that may be key. In addition, large and red words are usually included to enhance that feeling of danger. The problem is that even if there are suspicions that it may be a hoax, you can fall into the trap by trying to prevent if it were true.
Automatic actions
There are many actions that we do automatically, without being fully aware. They are usually the result of experience and repetition, so we activate a pilot and do not pay attention. For example, clicking a big red button that says “click here” in front of a button that goes more unnoticed.
In this sense, phishing criminals take advantage of these automatisms to make us fall into the trap. They can make use of this by asking us to resend an email that, apparently, has not been sent. Or give us the false option of not receiving more emails from that account. When in reality, none of the actions that they request are real.
This type of strategy is effective and dangerous, since they are apparently innocent actions that we are used to doing. They play with it, knowing that in the face of this type of task our attention is diminished and we unconsciously select only striking information. That is, we ignore the details and make decisions without too detailed analysis.
How to avoid the trap?
Of course, there are people who know how to detect this type of deception better than others. But we are all potential victims. Therefore, to try not to be scammed, it is necessary to become aware of the possibility of danger. Thus, the entire e-mail or message will be read more consciously. If the sender is not known, try to find out if the email account is real.
And, above all, you have to try not to react quickly and stop to think about the consequences, or whether the message is relevant or common that is communicated in that way. That is, take a moment to think about what time meant and try to spot signs that might be suspicious. In addition, it is important to notify the authorities so that the phenomenon does not cause harm to other people.