McAfee: How cybercrooks get under your skin

Summary:Forensic psychologist and the security vendor have analysed the techniques employed to make users click on malicious links

Security firm McAfee has said that cybercriminals are using increasingly sophisticated social-engineering techniques, and that IT managers need to make users aware of the psychological tricks that make the techniques work.

The vendor worked with University of Leicester forensic psychologist Professor Clive Hollin to analyse why users fall for online scams.

According to Hollin, the first part of the process is persuading the user that an email comes from a respectable source. People tend to respond to authority — for example, a lawyer — but will also respond to endorsements from trusted sources, as well as familiarity and banter.

Once trust has been gained, fraudsters attempt to get users to click on a link which takes them to malicious websites by either threatening an unwanted event, such as legal action, or by offering a reward, such as a commodity for a bargain price, said Hollin.

Users who fall for scams are not necessarily technophobes or the innocent, said the psychologist. Risk-takers might be fooled by the prospect of high gain, while the tech-savvy might be vulnerable due to over-confidence.

"Given the right conditions in terms of the persuasiveness of the communication and the critical combination of situational and personal factors, most people may be vulnerable to misleading information. This point is true both for experienced and inexperienced computer users; while naivety may be a partial explanation, even sophisticated users can be deceived and become suggestible to misleading messages," said Hollin.

McAfee's Sal Viveros said IT managers should let end users know the kind of social-engineering tactics that cybercrooks use. "Enforcing policy and education helps to minimise threats," he said.

While the psychological tricks used by cyberfraudsters may play on human nature, Viveros said that the techniques being used are increasingly sophisticated.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.