The psychology of phishing attacks

by | Jun 24, 2022 | Technology

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

In cybersecurity, the human condition is the most frequent — and easiest — target. For threat actors, exploiting their human targets is usually the lowest hanging fruit instead of developing and deploying an exploit. As a result, adversaries often target the employees of an organization first, usually through phishing attacks.

Phishing is a social engineering attack where threat actors send fraudulent communications, usually emails, that appear to be from a trusted source and impart a sense of timeliness to the reader. The FBI’s 2021 Internet Crime Report analyzed data from 847,376 reported cybercrimes and found a sharp uptick in the number of phishing attacks, increasing from 25,344 incidents in 2017 to 323,972 in 2021. 

The growing sophistication of phishing

Early email phishing attacks usually involved some poorly worded scam message to trick users into sending money to fraudulent bank accounts; they have since evolved into sophisticated, well-crafted social engineering attacks. In today’s digital world, everyone knows that phishing is bad, but trust is still a primary vector for these attacks. Threat actors research their targets; they look into public employee profiles and postings, vendor relationships, and if an organization’s HR department uses a specific type of portal to convey information. The basis for all of these potential phishes is the implicit trust the employees have in the pre-existing relationship.

The commonality of these attacks does not reduce their danger. Verizon reported that phishing was the initial attack vector for 80% of reported security incidents in 2020 and was one of the most common vectors for ransomware, a malicious malware attack that encrypts data. Phishing was also the point of entry for 22% of data breaches in 2020.

In addition to the implicit trust of coming from a known sender, a successful phishing email prey …

Article Attribution | Read More at Article Source

Share This