Phishing: that uncontrollable human urge to click without thinking

phishing

Raise your hand if you never had a close encounter with a suspicious e-mail. Or if you never met someone who has fallen into the trap of phishing. And yet, in spite of widespread knowledge, the theft of sensitive information continues to grow exponentially. Ransomware attacks continue to affect organisations of all sizes, with a high success rate. So much so that according to a recent FBI report, phishing and its variants, such as Vishing, Smishing and Pharming, are by far one of the most widespread and successful computer crimes.

But what makes this type of scam so insidious? Certainly the continuous evolution of cyber crime techniques. But, above all, the unstoppable human impulse to click immediately without first counting to 10.  This is a behaviour that, in general, in front of a monitor and a keyboard, can have serious consequences. In short, clicking on a link takes a moment, but it can take a long time and a lot of money to repair the damage that can result from this action.

Cybercriminals are well aware of this and are aware that the key to their success lies in their ability to manipulate a person into performing specific actions. Despite what you might think, it is not only inexperienced users who fall into the trap, but also those with more experience, precisely because they move and act with more ease and repetition.

The 5 traps of Phishing: Let’s get to know them

Phishing attacks are created to induct people to act before thinking. To do so, hackers use some very efficient tips. Let’s learn more about them.

  • The reliable source  – one technique is to make the reader of the e-mail feel safe. Phishing campaigns very often use false identities and famous brands as sender. Microsoft has repeatedly come out on top as one of the favourite fake brands of cyber criminals. Netflix and PayPal also topped the list.
  • The unresistable click – 79% of people claim to be able to recognise a phishing e-mail, although in reality the percentage of people who click on a link in a suspicious e-mail is still very high. One of the reasons for impulsive clicking is probably related to the habit of using simple and intuitive applications. Clicking has become almost a Pavlovian response when an e-mail contains a link.
  • The simple actions – The lack of thought before performing an action is often also related to the simplicity of the task to be performed and its repetitiveness. This leads to many clicks without thinking too much about the possible consequences. If the task to be performed is work-related, it is even more likely that the click will be made, triggering the phishing attack. It is no coincidence that repetitive and recognised activities, such as resetting passwords, are a favourite with hackers.
  • The urgency – Phishing e-mails often contain a kind of conditioning to induce people to click automatically. They are often linked to a deadline or the need to perform a certain action, such as paying a bill. Some phishing campaigns, those that target a specific individual (spear phishing), are based precisely on the emotional pressure. For example the pressure that a CEO can generate if he sends an e-mail to the accounting department with an urgent request to transfer money to a bank account. The CEO’s account has, of course, already fallen into the hands of a cyber criminal and the accounting department cannot help but fulfill the task.
  • The work overload – A study of hospitals targeted by phishing campaigns concluded that overworked staff are the most likely to click on a phishing link. If you don’t have time to think, the response is more likely to be automatic.

“A simple click is all it takes’, we frequently read on the web. But a click can be a weapon for ourselves and the company we work for. Interrupting the automatic click is essential to counteract cyber techniques and phishing success.

It is only possible to acquire the necessary awareness to move around the Internet more safely with the right training and education to acquire a hacker-proof digital posture.