Phishy Psychology Used in Hacker’s Email

Email in Inbox:

Oh My Goodness… Did you know that this picture of you is up online?!

Ah, got you!

And I’m sure many of you received something similar to this once or twice in your inbox.  Phishing is a technique used by hackers trying to obtain personal information in order to gain access into accounts.

These tricky emails use basic human psychology to get you to act!  Hackers will use a sense of urgency in their emails, trying to get their victim to open a link, download an attachment, or disclose personal information.

These cybercriminals might add distinctive information about their victim, a technique called Spear Phishing, to better convince their target.  Spear phish emails are crafted with a specific victim in mind, whether it is an individual or an organization.  These emails look legitimate, as the attacker put time and effort in creating them.

According to Marika Samarati, the writer of The Psychology Behind Phishing Attacks, provides his insight on the matter:

  • They send it when people are more vulnerable and stressed – late in the afternoon, on Fridays or at the end of the month, for instance.
  • They spoof C-suite managers’ email addresses to make sure low-level staff do as requested without arousing suspicion.
  • They take advantage of real-life events, like tax return deadlines, etc.
  • They use fear tactics and urge the recipient to act promptly.

Keeping these few points in mind can help you avoid a phishing email. But the best way to avoid these emails is through education, you and employees!

Educating people about phishing is crucial in protecting information. People should know what to look out for to spot a phishing email and how to avoid falling victim to one. In addition to training, running a simulated phishing attack to test your employees’ knowledge on how to spot a phishing email will help keep them on their toes and show you which employees need additional training.

Prilock offers training for individuals as well as businesses (small and large).  Part of Prilock’s Security Awareness Training is Phish Test Emails to see if people are retaining information from the videos and are applying them in real life situations.

With our training, learning is made fun when discussing serious cybersecurity matters —without the tech talk!