My personality may make me susceptible to phishing


There’s no question that phishing can be considered the star of the cybercrime world. The term comes from “fishing”, because the point of this scam is to “fish” for internet user information. In other words, scammers try to get victims to take the “bait” and provide private data, such as banking information, passwords, personal information, etc. Once they have this data, phishers gain access to bank accounts or private information they can use to rob the owners.

There are different kinds of bait used: emails, text messages or even telephone calls. In a world that is ever more virtual and digital, it’s harder with every passing day to distinguish the real from the fake, copies from the original, news from rumors... and this is the terrain exploited by phishing.

However, this type of crime is different from other, “more technological” cybercrimes because it requires some victim collaboration.

Just as in fishing, the presence of bait alone isn’t enough; it has to be the right bait for the type of fish we are hoping to hook. In this case, the phisher has to attract his or her victim, has to use the right bait to make the victim act and fall into the trap, which in cybercrime slang is often called using social engineering.

This boils down to influence strategies that make someone act a certain way.

One of the phishing practices most used and most profitable for cybercriminals is so-called banking phishing. It works like this: the victim receives an email that seems to be from their bank.

This email generally warns the user about some problem in their bank account, indicating they have to send in certain information or click on an attached link to go to the bank’s website and update certain data.

vulnerable_phishing


When the user enters their private access information what they are really doing is providing this information to the cybercriminal, who can then go onto the bank’s real website, impersonating the customer. As happens with a fish, when the victim realizes that the “fly” they’ve bitten is hiding a hook, it’s too late.

One of the phishing practices most used and most profitable for cybercriminals is so-called banking phishing. It works like this: the victim receives an email that seems to be from their bank.

This email generally warns the user about some problem in their bank account, indicating they have to send in certain information or click on an attached link to go to the bank’s website and update certain data.

As a technique for influencing behavior, social engineering is based on a behavior prediction strategy that uses an understanding of Theories of Personality to create bait and hooks that are practical and useful. This leads us to reflect on a study topic that is of tremendous interest in the world of cybercrime: Victimology.

Specifically, the study of the personality traits that can play a role in making people victims.

Although there are a good number of studies on the personality traits linked to victimization with regard to “analogical” or traditional crime, when it comes to virtual crime there hasn’t been much investigation on how certain personalities, ways of thinking or behaving may mean that someone is more likely to become a cybercrime victim.

There are essentially two hypotheses in this area. Would you like to know them? Download the complete article.

my_personality_cover

MY PERSONALITY

MAY MAKE ME SUSCEPTIBLE TO PHISHING

Therefore, the personality seems to be clearly related to the possibility of being a victim of a cybercrime, especially the phishing that requires the response and collaboration of the victim.

 

Posted by Tim Ayling

Tim Ayling is currently the Vice-President EMEA at buguroo. With over 20 years' experience in the cybersecurity and anti-fraud industry, Ayling began his career in technical support, and moved on to System Engineering. He began his leadership career when he established Entrust Inc. in Australia in 2003 and was made Vice-President Asia Pacific in 2006. Ayling has held numerous leadership roles in large cybersecurity vendors, including serving as the Global Head of Fraud Prevention Solutions at Kaspersky Labs, as EMEA Director of Fraud & Risk Intelligence at RSA Security, as well as spending time in the cyber-security practice of KPMG.

Did you like it? Share in your social communities

 

What did you think about this topic?

Leave your comments

 

Need to reduce fraud in your online banking?

Discover our holistic vision applied to online detection

Request demo