Skip to main content
Opens in a new tab External site

October 2022 / 5 Min Read

Cyber Crime is Still Focused on The Art of Hacking Humans

 

We all strive for happiness, and when angry or scared, we are inclined to fend off danger and protect ourselves.1

Cyber criminals leverage these universal truths. Well-studied in emotion, hackers exploit human emotions to circumvent traditional security measures. The artful skill of social engineering is pervasive. Cyber professionals estimated that social engineering attacks increased by 270% in 2021, partially caused by the rise in cloud-based computing.2

We all have to be on - 100% of the time.

The five universal emotions most preyed upon by attackers are helpfulness, fear, curiosity, greed or urgency. Think about the feeling invoked by a phone call stating your tax return is under investigation for fraud, or that a loved one has been kidnapped and violence is imminent unless a wire transfer ransom is paid. These scams prey upon fear and urgency. Or, you receive an email regarding a high-value order that just shipped. Curiosity leads some to click the embedded link. A general principle is that one-third will open the link, one-third will click the link, and one-third will enter credentials. This poses quite good odds for the attacker.

Social engineering campaigns are sophisticated and come by many names. For example, one of the most attractive targets today is the call center, in particular one that can distribute funds. Agents are under pressure to obtain positive customer ratings, and we see security compromised in exchange for those high ratings. An agent might be terminated for poor ratings but enabling fraud might not come with consequences. As hard-working criminals, these attackers are avid researchers and well-studied in federal statutes governing wire-transfer thresholds, among others. Via repeated calls, cyber criminals can extract enough data to enable the perfect heist – for example a $2 million wire transfer out of the country or funneled into crypto or gift cards.

Another technique that warrants closer attention is tailgating or piggybacking. This is a physical security breach when an unauthorized person follows an individual into a secure area. It plays on the emotion of helpfulness. As humans, we are often empathetic to assist those in need, such as a person carrying a stack of files. Swiping your card, or holding the door, comes naturally.

To #BeCyberSmart:

Trust but verify.

If something seems off, it probably is. There is nothing wrong with taking a pause to say, “Thank you for your call. May I have your name and number? I’m going to verify some things.” If true and genuine, the caller will take no issue. Similarly, if you receive a website link – do not click. Go to the website on your own. Hackers build elaborate fake websites in the spirit of manipulation.

Validate search results.

Hackers don’t always call you – sometimes you call them. Hackers use targeted ads to achieve trust via the #1 search position, thereby directing you to a fraudulent website. When your vehicle registration fee is due in eight hours and you search for the payment platform, authenticate before sharing information.

Listen for warning signs.

A poor telephone connection or background noise is a red flag. In conversation, be wary of an individual who asks too many questions or conversely seemingly knows too much about you. Developing a connection is a prime way to access intellectual property.

Make smarter decisions to help keep our interconnected world more secure.

1 “The 6 Types of Basic Emotions and Their Effect on Human Behavior.” Kendra Cherry. 05 April 2021. Very Well Mind.

2 “The rise and rise of social engineering.” 26 May 2022. Brit Insurance.

More Like This

Featured Topics:
Cyber Resilience

Article
Cyber Security Comes Down to You

Article
Use These Tips to Strengthen Your Role as the First Line of Cyber Defense

Authors

Erin Whitmore
Director, Proactive Security

Miranda Skar
Security Testing Consultant

Stephen Korinko
Managing Director, Investigations

Chris Rees
Managing Director, Cyber Proactive

← Previous Article
Use These Tips to Strengthen Your Role as the First Line of Cyber Defense

Next Article →
Targeting the Family in Pursuit of High-Net-Worth Individuals

Keep Exploring

Cyber Resilience

As part of Cyber Security Awareness Month, we’re exploring all of the ways organizations can build a sustainable approach to cyber resilience. For more helpful tips and insights, visit our Cyber Resilience hub.

Learn More

Disclaimer
The information contained herein and the statements expressed are of a general nature, not intended to address the circumstances of any particular individual or entity and provided for informational purposes only. The information does not replace the advice of legal counsel or a cyber insurance professional and should not be relied upon for any such purpose. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.

General Disclaimer
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.