DTX Manchester DTX Manchester
  • About Us
Wednesday, 3 March, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

The Invisible Risk

How Cybercriminals Get Away with Phishing

by Javvad Malik
September 23, 2020
in Insight, Malware, Phishing and Ransomware
The Invisible Risk
Share on FacebookShare on Twitter

If you haven’t seen this video on attention, please do so, it’s just over a minute long. 

The video is by Christopher Chabris and Daniel Simons, both authors of the book, ”The Invisible Gorilla,” in which they reveal the numerous ways our intuitions can deceive us. 

In essence, much like we react to the video above, we realise that our minds don’t work the way we think they do. We think we see ourselves and the world as they really are, but we’re actually missing a whole lot. 

For the most part, our brains don’t process chaos very well. So, our brains try to take any given information and turn it into something we’re comfortable and familiar with. 

You may have seen sentences like this on the internet:

Y0UR M1ND 15 R34D1NG 7H15 4U70M471C4LLY W17H0U7 3V3N 7H1NK1NG 4B0U7 17.

That’s your brain adding order and familiarity to an otherwise random string of letters and numbers. 

During brain scans, researchers have found that if we hear a sound that leads us to strongly suspect another sound is on the way, the brain acts as if we’re already hearing the second sound. 

In psychology, the Law of Closure explains our tendency to form imagined connections between things that are otherwise separate. 

 

 

For example, in the above image, there are alternating photos of my colleague, Erich, and I. It is likely that you’ll see alternating columns of Erich and I more easily than rows of single, alternating photos. 

 The stronger connections we can make between items (like between similar or even identical photos), the less chaotic they seem as a whole. 

Criminals also know this, and understand the power of being able to scam or defraud people simply by creating an environment of familiarity. 

For example, in business email compromise (BEC) or CEO fraud, a criminal posing as the CEO or other senior executive will ask the finance department to make a payment to a new third party. This attack has a greater likelihood of being successful if the email mimics the genuine CEO’s style or tone. In doing so, attackers can often blind the recipient to warning signs that may be as blatant as the gorilla in the video. 

Recently, the BBC reported that two Nigerian men were arrested over a German PPE scam. The criminals cloned the website of a Dutch company to obtain an order from a German state to the tune of $2.3 million. When the PPE didn’t show up, a German government representative visited the company’s offices in the Netherlands, only to be told that they had never conducted any business with them.

 Much like the invisible gorilla, once you know to look for it, it is easy to see telltale warning signs. Maybe the website had spelling errors, maybe the URL was different, or maybe the bank account details seemed suspicious. 

The point is that unless people are made aware of the potential threats and the techniques that scammers and criminals use, there is little chance they will pick up on the threats that present themselves in plain sight. 

 In March of 2020, Oklahoma City Police Department shared CCTV footage of a criminal who walked into a convenience store wearing a shirt with the store’s logo on it and convinced the store clerk he was there to take over her shift.  

Once behind the register, he continued checking out customers for several minutes before locking the door and stealing all the money, cigars and lottery tickets. 

 It’s the physical manifestation of a phishing attack in which the threat was invisible. Store clerks are usually vigilant against people who may be shoplifting or brandish a weapon. They are even used to checking for fake currency, but few have ever suspected that a criminal would brazenly walk in claiming to be an employee. 

If you don’t know what you’re looking for, you’re not going to spot it. However, simply telling people about threats often isn’t enough either. You have to reinforce the awareness with actual training that puts people in uncomfortable situations to condition them to react in a positive way.

To illustrate the point, let’s close by having another look at a variation of the invisible gorilla test, and see if you complete the exercise differently, or whether your brain normalises the scene.

 

 

This is why continuous security awareness training is important and needs to be delivered in a way that captures the recipient’s attention without their brain normalising the message to the point where the gorilla, or in our case, the threat, becomes invisible.

5 1 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Russian cybergang targeting Russian businesses

Next Post

The dangers of ‘dark’ data in M&A deals

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Top 10 awards to enter for cybersecurity 

March 3, 2021
Medal

Identity theft: US Congressional Medal of Honor

March 3, 2021
Dripping tap

Learning from past hacking attacks

March 2, 2021
Twitter Logo

Twitter tightens rules on the spread of misinformation

March 2, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept