Why we fall for phishing

Why we fall for phishing

When cyber criminals are trying to make off with our login details, they make an effort to exploit the way that our brains work.

For instance, when we are feeling happy and unstressed the hormones serotonin and dopamine contribute to us recognizing fraud less readily. To take advantage of this fact, phishing e-mails are often consciously formulated accordingly – as researchers at Google and the University of Florida recently explained at the Black Hat security conference in Las Vegas, according to the German online edition of “Technology Review”.

Other buttons that phishers like to push, the article goes on to say, are our reactions to authority – think CEO fraud – or the triggering of emotions such as empathy, for instance in connection with catastrophes or by promising to gather donations for the homeless. These kinds of emotional references impair the recipient’s ability to concentrate on clues that the email may actually be a scam. Raising the prospect of financial gain, for instance through a purported opportunity to get a refund from Amazon, also has the power to cloud our judgment.

By the way, an astounding 45 percent of internet users don’t even know what phishing is, according to the Black Hat presentation. To protect users from phishing attacks, the experts incidentally recommended activating two-factor authentication (2FA) wherever possible. In addition to the password, this procedure asks users for a one-time code, which is sent to the user via SMS or generated by an authentication app. However, the recommendation to use a physical security key on a USB medium as the most secure method leaves a rather bitter taste in the mouth, as Google – of all companies – is actually selling exactly these kinds of security keys.

Our recommendation for safeguarding your company inboxes is certainly our Retarus Email Security service with its enhanced phishing filter and dedicated CxO fraud protection. In this way, you can ensure that the vast majority of phishing attempts don’t even make it into your employees’ inboxes. And should one find its way through, our Patient Zero Detection service, which is patented across Europe, is also able to find it afterwards and render it harmless (detect and react). You can find out more details on our website or directly from your local Retarus representative.

Tags: //