With the advent of new technologies and, more specifically, the development of the Internet, everything around us has been adapted to this format, so criminal acts have also appeared in this environment, cyberattacks are quite common and have taken multiple forms: spyware, advertising software, worms or Trojans. Another of the most common cyberattacks is phishing, which involves stealing information via email.
This type of attack is very dangerous because cybercriminals are presented as individuals or companies that require the user’s action, including opening a malicious file or filling in a number of data, banking or personal, which are supposed to be beneficial for the ‘target’. In addition, it is a method that can infect many people very quickly, it is estimated that in 2019 there have been more than nine million such attacks.
- While it may seem easy to detect these scams.
- Which are in many cases.
- Criminals know how to make users fall into their networks.
- With their methods playing with people’s emotions and basic psychological processes.
- Often achieving that their strategy is unidentified as fraud.
Cybercriminals project their scams based on knowledge in sociology and social psychology. Generally, all your tricks are set up to play with four emotions: greed, curiosity, sadness and fear. The combination of these emotions makes us react almost instinctively.
So, by playing with these four aspects and considering other social behaviors, phishing cybercriminals have generated several tactics to trick us into providing valuable information.
The following describes the three main behaviors that have been taken into account when attacking us, however, this will depend on the personal characteristics of each individual and the ability to differentiate between signals that can be used as alarms.
In general, people tend to follow the orders or instructions, no doubt, of someone who has some prestige or power, that is, this cognitive bias causes them to ignore for a moment their own opinions and possible consequences and respond, mainly for fear reasons, to the orders given by this higher entity.
This representation of authority can be a boss, a large state organization or even a prestigious company, so for phishing, criminals often use accounts that look like companies or large companies, requesting an action that may seem relevant. The recipient of the email will consider, at first glance, that what it reads is real and offers a sense of security.
An example of this strategy is scams performed by the tax administration, requesting access to a link to the false promise to obtain tax refund, or an email from a senior company executive asking to open a folder for a new project.
This management technique has been widely used in areas other than phishing such as marketing, basically consisting of creating an emergency situation that puts the user in the position of having to act quickly, when using this strategy fear is usually the protagonist.
Mail received alerts the person with a message of danger. For example, “Do you have a virus on your computer? Or “someone tried to access your personal account. “Another variant is to generate the need to be the first (?Only the First 50 people who register will receive the prize?) At this point, the fear of missing the opportunity can make us buy or accept the proposal without considering other options.
That is, they provoke a fear that leads to a reckless, quick and irrational decision, ignoring aspects of the message that can be fundamental; In addition, red words are often included to intensify this sense of danger. The problem is that even if one suspects that it is a scam, it can still fall into the trap.
There are many actions that we do automatically, without being fully aware of them, as they are usually the result of experience and repetition, we activate an autopilot and do not pay attention to it, for example, by pressing a big red button that says?Click here? Against a button that goes unnoticed.
In this sense, phishing criminals are taking advantage of this automation to get us into the trap, this can be done by asking you to return an email that was apparently not sent, or give us the wrong option to stop receiving emails from this company. However, in reality, none of the available actions are real.
This type of strategy is effective and dangerous, because these are seemingly innocent actions that we are used to, they play with this, knowing that in the face of these kinds of tasks, our attention decreases and unconsciously we select only impressive information. , we ignore the details and make decisions without further analysis.
There are people who know better than others how to detect these types of fraud, but we are all potential victims. Therefore, to try not to be fooled, it is necessary to be aware of the possibility of danger. Therefore, each email received should be read more consciously. If the sender is not known, try to find out if the email account is real.
Above all, you have to try not to react too quickly and stop to think about the consequences, that is, take a moment to think about what has been received in your email and try to detect signs that may be suspicious. It is important to inform the authorities that this type of fraud does not harm others.