Why phishing is so effective and how people not recognizing deceptions depending on factors such as emotional intelligence, and even the personality of the victim.
According to research from Google and the University of Florida, phishing is so effective because it takes advantage of people not recognizing deceptions depending on factors such as emotional intelligence, cognitive motivation, mood, hormones and even the personality of the victim.
Getting someone to click on a malicious link in an email and entering private information like a password is the most important skill in many hacker toolkits. This so-called phishing is the most common form of cyber attacks and is used more and more often.
When retrieving login data, hackers skillfully exploit the fact that people do not recognize delusions based on factors such as their emotional state and motivation. But still few users know how to protect themselves.
“We’re all prone to phishing because it’s tricking the way our brains make decisions,” said Daniela Oliveira, associate professor at the University of Florida, in early August at the Black Hat Cybersecurity conference in Las Vegas. The problems start with the fact that, according to Oliveira and Google researcher Elie Bursztein, 45 percent of Internet users do not even know what phishing is.
Happy, but not alert
The mood also plays a role. People who feel happy and not stressed, recognize fraud less often. The stress hormone cortisol increases alertness, making it more likely to detect a delusion. By contrast, the hormones serotonin and dopamine, which are associated with positive emotions, can lead to risky and unpredictable behavior that makes people more vulnerable.
Phishers can also write exceptionally good news to persuade a person to click. In addition, authority is one of the most common and effective weapons – for example, an e-mail allegedly sent by the company’s managing director, prompting an employee to provide information by clicking on a link. Another tool in the arsenal of phishers is to set up a profit-loss account and, for example, lure it with a refund option from Amazon.
Some of the most eye catching phishing emails play with emotions. After the devastating and record-breaking California forest fires in 2018, Google witnessed a wave of emails asking for donations for the victims. Emotional evidence, such as the promise to raise funds for the homeless, hampered the recipient’s ability to focus on evidence that the email could be a deception. By triggering this emotional reaction, the hackers made people turn off their skepticism.
Phishing protection: two-factor authentication
This does not mean that the only defense against phishing is being constantly stressed out and cynical with anger. Healthier and more effective is the activation of two-factor authentication for each of your important signups, such as email, online banking, social media and shopping sites. However, according to Google 2018, less than ten percent of users had enabled two-factor authentication for their accounts.
If this function is activated, you will be asked for a code that is sent via SMS or for a code from an authentication app. According to experts, the safest method is a physical security key on a USB stick, as hackers without it can not log into third-party accounts even if they have inadvertently given them their password in a phishing attack.