McAfee: How cybercrooks get under your skin

McAfee: How cybercrooks get under your skin

Summary: Forensic psychologist and the security vendor have analysed the techniques employed to make users click on malicious links

SHARE:
TOPICS: Security
0

Security firm McAfee has said that cybercriminals are using increasingly sophisticated social-engineering techniques, and that IT managers need to make users aware of the psychological tricks that make the techniques work.

The vendor worked with University of Leicester forensic psychologist Professor Clive Hollin to analyse why users fall for online scams.

According to Hollin, the first part of the process is persuading the user that an email comes from a respectable source. People tend to respond to authority — for example, a lawyer — but will also respond to endorsements from trusted sources, as well as familiarity and banter.

Once trust has been gained, fraudsters attempt to get users to click on a link which takes them to malicious websites by either threatening an unwanted event, such as legal action, or by offering a reward, such as a commodity for a bargain price, said Hollin.

Users who fall for scams are not necessarily technophobes or the innocent, said the psychologist. Risk-takers might be fooled by the prospect of high gain, while the tech-savvy might be vulnerable due to over-confidence.

Sentry Posts Blog

Sentry Posts Blog

Guarding the network

What you need to know — and what you and your peers have to tell us — about security management in our new community group blog

Read more

"Given the right conditions in terms of the persuasiveness of the communication and the critical combination of situational and personal factors, most people may be vulnerable to misleading information. This point is true both for experienced and inexperienced computer users; while naivety may be a partial explanation, even sophisticated users can be deceived and become suggestible to misleading messages," said Hollin.

McAfee's Sal Viveros said IT managers should let end users know the kind of social-engineering tactics that cybercrooks use. "Enforcing policy and education helps to minimise threats," he said.

While the psychological tricks used by cyberfraudsters may play on human nature, Viveros said that the techniques being used are increasingly sophisticated.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion