Many people will be familiar with renowned psychologist Robert Cialdini’s “Six Principles of Influence”. In its most basic form Cialdini offers a step-by-step psychological guide to getting people to say yes.
Very effective in the workplace or that crucial sales meeting, but these principles aren’t necessarily confined to the noble quest of ‘better business.” In fact, cybercriminals are now swotting up on the latest social psychology tactics in order to get their hands on your data. And this battle is growing: according to McAfee Labs, two-thirds of the world’s email is now spam trying to extort information and money.
So what can we do to sniff out a cybercriminal? At Intel Security we have been analysing the most common psychological levers being used by these hackers and phishers and have updated Cialdini principles to reveal how they apply in the digital world and what you need to do to stay safe.
Persuasion Techniques in the Digital World:
Scarcity: An offer to good to be true? It probably is. An email from your bank asking you to do something within 24 hours? Seems too scary to be legitimate? You’re probably right. Cybercriminals use scarcity and urgency to dupe people into clicking on something malicious without taking the time to think.
Authority: Criminals don’t have to dress up in dodgy outfits to mimic a public official or a trusted source anymore. But they still use authority to get their hands on your data. Ask yourself, why has that delivery company sent me that email when I haven’t ordered something?
Social Validation: People tend to comply when others are doing the same thing. A dodgy looking social media message might trick you into clicking a link simply because it has a group of your friends on it. If it seems odd, it’s probably not real!
Liking: People are more likely to comply when the social engineer is someone they like. Be on guard for a hacker that might use charm via the phone or online to ‘win over’ an unsuspecting victim
Reciprocation: A seemingly helpful call from your mobile service provider offering to help you out by talking you through a virus scan? Be aware of these ‘helpful’ people who might trick you into returning the favour and providing details you wouldn’t normally
Consistency: Have you just promised a caller from your bank to adhere to security procedures? And now they’re asking for personal information as part of these procedures? We all try and stick to our promises, but this can get us in trouble if we’re not careful
You can also watch our latest video to learn more about these persuasion techniques: ‘Hacking the Human OS’
Top tips to stay safe online:
- Think before you click – use your best judgment when responding to an email. Are you expecting a parcel delivery? Or why would your bank send you an urgent notification asking you to update your account? Consider what you’re being asked to do before rushing to do something you could regret later
- Check and verify – received a text message, email or message on social media from a friend that just doesn’t sound right? Call them, ask them if it was them. Same goes for the bank notification – find the legitimate phone number and ring and speak to customer service to check and verify everything is above board
- Security software: Make sure you have some form of security software, such as McAfee Live Safe, which you can use across all your devices to help scan and monitor for suspicious links and malicious files
The post Sniffing out a cybercriminal: be on guard for online persuasion tactics appeared first on McAfee Blogs.