Why are phishing attacks successful?

Blog image for Why are phishing attacks successful

CybSafe

We are CybSafe. We’re a British cyber security and data analytics company.

December 5, 2018

Phishing attacks often seem rudimentary. With their spelling and grammar errors, blurry replicas of company logos and conspicuous twists on sender names, they should be easy to spot, shouldn’t they?

So why is it, instead of dying down, phishing attacks are on the rise?

Why is it phishing emails are more likely to cause a breach than any other form of cyber attack?

Why are phishing attacks successful?

 

Phishing emails rely on psychology

Dig beneath the skin of a typical phishing email and you’ll soon see it isn’t as “rudimentary” as it might first appear.

Phishing emails – even the most haphazard – invariably aim to manipulate recipients psychologically. Criminals are fully aware of the power of psychology, and know that if their emails tick certain boxes there’s a chance they’ll lure victims in… no matter how poor their speelling and grammer.

Phishing emails might play on the human desire to help those in need, for example, which you can see in emails purporting to be from a distressed friend in need of help.

Or phishing emails might take advantage of the human tendency to obey authority – which explains the crime known as CEO fraud. CEO fraud is disturbingly simple: criminals purport to be a figure of authority, such as a CEO, and do little more than demand accounts departments transfer large sums of cash. Occasionally, thanks to their desire to obey, accounts departments comply.

Elsewhere, around sales such as Black Friday, criminals build scarcity into their phishing emails. Commitment, consistency, social proof, rapport; criminals routinely use known weapons of influence in their phishing emails to encourage recipients to take some extraordinary actions.

So phishing emails might be filled with spelling errors, typos and inconsistencies… but they can (and do) still influence people’s behaviour. Because, more often than not, it’s psychology that explains why phishing attacks are successful.

Empowering people to defend against phishing

Fortunately, when you know why phishing attacks are successful, you can begin to reverse the trend – and even use psychology to counter threats such as phishing.

CybSafe, for example, is developed in collaboration with psychologists and behavioural scientists. It uses pioneering research from leading academics to ensure people take a genuine interest in cyber security and respond to attacks in the appropriate manner. In doing so, the platform empowers people to spot and shut down phishing attacks at source, ensuring the attacks can do no damage.

In some security circles, people are routinely seen as a cyber weakness. At CybSafe, we actually think the opposite is true.

Clearly, engaged people who actively prevent cyber attacks are far from a weakness.

When properly empowered, people are our ultimate cyber defence.

 

 

Post-pandemic, CISOs are overlooking an important cyber defence

Post-pandemic, CISOs are overlooking an important cyber defence

Following COVID, no CybSafe employee will be bound to a physical office. Instead, CybSafe will be joining the growing list of organisations “working from anywhere”. Not temporarily. Permanently. And not “working from home”. Working from anywhere. Questions about office hours and moving overseas quickly begin. They showcase people’s excitement. But they also highlight an interesting point – For months now, most security professionals have been desperate to “secure remote workers”. 

read more
We thought we needed to secure remote workers. We were wrong.

We thought we needed to secure remote workers. We were wrong.

Following COVID, no CybSafe employee will be bound to a physical office. Instead, CybSafe will be joining the growing list of organisations “working from anywhere”. Not temporarily. Permanently. And not “working from home”. Working from anywhere. Questions about office hours and moving overseas quickly begin. They showcase people’s excitement. But they also highlight an interesting point – For months now, most security professionals have been desperate to “secure remote workers”. 

read more