Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 30 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

The Invisible Risk

How Cybercriminals Get Away with Phishing

by Javvad Malik
September 23, 2020
in Insight, Malware, Phishing and Ransomware
The Invisible Risk
Share on FacebookShare on Twitter

If you haven’t seen this video on attention, please do so, it’s just over a minute long. 

The video is by Christopher Chabris and Daniel Simons, both authors of the book, ”The Invisible Gorilla,” in which they reveal the numerous ways our intuitions can deceive us. 

In essence, much like we react to the video above, we realise that our minds don’t work the way we think they do. We think we see ourselves and the world as they really are, but we’re actually missing a whole lot. 

For the most part, our brains don’t process chaos very well. So, our brains try to take any given information and turn it into something we’re comfortable and familiar with. 

You may have seen sentences like this on the internet:

Y0UR M1ND 15 R34D1NG 7H15 4U70M471C4LLY W17H0U7 3V3N 7H1NK1NG 4B0U7 17.

That’s your brain adding order and familiarity to an otherwise random string of letters and numbers. 

During brain scans, researchers have found that if we hear a sound that leads us to strongly suspect another sound is on the way, the brain acts as if we’re already hearing the second sound. 

In psychology, the Law of Closure explains our tendency to form imagined connections between things that are otherwise separate. 

 

 

For example, in the above image, there are alternating photos of my colleague, Erich, and I. It is likely that you’ll see alternating columns of Erich and I more easily than rows of single, alternating photos. 

 The stronger connections we can make between items (like between similar or even identical photos), the less chaotic they seem as a whole. 

Criminals also know this, and understand the power of being able to scam or defraud people simply by creating an environment of familiarity. 

For example, in business email compromise (BEC) or CEO fraud, a criminal posing as the CEO or other senior executive will ask the finance department to make a payment to a new third party. This attack has a greater likelihood of being successful if the email mimics the genuine CEO’s style or tone. In doing so, attackers can often blind the recipient to warning signs that may be as blatant as the gorilla in the video. 

Recently, the BBC reported that two Nigerian men were arrested over a German PPE scam. The criminals cloned the website of a Dutch company to obtain an order from a German state to the tune of $2.3 million. When the PPE didn’t show up, a German government representative visited the company’s offices in the Netherlands, only to be told that they had never conducted any business with them.

 Much like the invisible gorilla, once you know to look for it, it is easy to see telltale warning signs. Maybe the website had spelling errors, maybe the URL was different, or maybe the bank account details seemed suspicious. 

The point is that unless people are made aware of the potential threats and the techniques that scammers and criminals use, there is little chance they will pick up on the threats that present themselves in plain sight. 

 In March of 2020, Oklahoma City Police Department shared CCTV footage of a criminal who walked into a convenience store wearing a shirt with the store’s logo on it and convinced the store clerk he was there to take over her shift.  

Once behind the register, he continued checking out customers for several minutes before locking the door and stealing all the money, cigars and lottery tickets. 

 It’s the physical manifestation of a phishing attack in which the threat was invisible. Store clerks are usually vigilant against people who may be shoplifting or brandish a weapon. They are even used to checking for fake currency, but few have ever suspected that a criminal would brazenly walk in claiming to be an employee. 

If you don’t know what you’re looking for, you’re not going to spot it. However, simply telling people about threats often isn’t enough either. You have to reinforce the awareness with actual training that puts people in uncomfortable situations to condition them to react in a positive way.

To illustrate the point, let’s close by having another look at a variation of the invisible gorilla test, and see if you complete the exercise differently, or whether your brain normalises the scene.

 

 

This is why continuous security awareness training is important and needs to be delivered in a way that captures the recipient’s attention without their brain normalising the message to the point where the gorilla, or in our case, the threat, becomes invisible.

FacebookTweetLinkedIn
ShareTweet
Previous Post

Russian cybergang targeting Russian businesses

Next Post

The dangers of ‘dark’ data in M&A deals

Recent News

Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information