Close Menu
    Subscribe
    Education

    Psychological & Human Interest

    adminBy No Comments6 Mins Read


    Imagine a thief breaking into a jewelry store. He could spend years learning how to pick a lock or smash a safe—but he could also simply wait for the jewelry clerk to leave the front door wide open for him.

    That, in a nutshell, is the world of computer hacking. While the movies show us hackers in hoodies furiously typing complex codes, the most dangerous threats today actually target you.

    In the world of cybersecurity, this specific type of attack is called Social Engineering—or in simple terms: Psychological & Human Interest attacks.

    1. What is Psychological & Human Interest in Cybersecurity?

    Psychological attacks are like a seduction, but for your data. Instead of trying to hack the code (the computer), the hacker is trying to hack the mind (the human).

    It works on our natural instincts: our greed, our fear, our curiosity, and our desire to be helpful. The computer or app is just a tool the attacker uses to reach your brain. These attacks don’t rely on software flaws; they rely on human flaws.

    The Lightbulb Metaphor
    Think of your computer like a bright, high-tech lamp. It does exactly what you tell it to do.

    • Hacking the Code: A thief comes in, shatters the glass of the lamp, and steals the bulb.

    • Hacking the Mind: A thief sends you a message that convinces you the lamp is dangerous. You go over and smash the lamp yourself to “protect” yourself.

    2. How the Attack Works

    An attacker’s goal is to get you to perform an action that benefits them. Usually, they want you to click a link, open an email attachment, or enter a password.

    Here is the general sequence of events:

    1. The Targeting (The Setup): The attacker studies you. They might find your name on LinkedIn, see you work for a specific company, or know which brands you trust.

    2. The Bait (The Trigger): The attacker sends you a message. Depending on your psychology, they use a specific lure:

      • Urgency/Scarcity: “Your invoice is overdue! Pay $500 immediately or your service will be cut off!” (Triggering Fear/Business pressure).

      • Curiosity/Excitement: “You’ve been selected for a $1,000 Walmart gift card! Click here to claim it.” (Triggering Greed).

      • Trust/Authority: “Boss approved? Forward me your tax forms, ASAP.” (Triggering Obedience/Allegiance).

    3. The Hook (The Action): You, wanting to help a boss or solve a problem, click the link. The attacker captures your information or installs a minor virus.

    4. The Escape (The Capstone): Once they have what they wanted, they disappear—or sometimes stick around to ask for a few more details, a minor password change, or a financial transfer.

    Note: The “link” looks real. It might look like your bank’s website URL, but if you look closely, the ‘1’ might look like an ‘l’ (a subtle trick). The message seems to come from a co-worker, but it might be a generic email address from a service (like support@gmail.com instead of support@yourcompany.com).

    3. Real-World Examples

    To beat them, you have to learn how to spot them.

    • The “Urgent Invoice” Scam (Business Email Compromise):

      • The Situation: A company’s chief financial officer receives an email from the “CEO” that says, “I’ve just had a verbal approval to wire $10,000 to supplier X for the project due this afternoon. Can you process this ASAP?”

      • The Human Weakness: The CFO trusts the CEO and doesn’t want to look slow. They process the wire, thinking they saved the day.

      • The Result: The company lost $10,000. The CEO was too busy to send the request themselves.

    • The “Worker from Home” Hack:

      • The Situation: A marketing manager receives a message: “We have a client on the line, but our phones are down. Please forward this confidential document so I can send it to their attorney right now.”

      • The Human Weakness: The urge to be helpful and the fear of being unprofessional.

      • The Result: The manager forwards a list of real client names and contact info. The attacker didn’t hack the database; they just asked the manager to open it up.

    4. Why We Are Vulnerable

    Why is it so easy for hackers to trick us?

    1. We Trust: We are social creatures. If someone signs it “John Smith,” our brain assumes it is John Smith.

    2. We are Busy: Most people check emails while walking to lunch, drinking coffee, or watching TV. Their brain registers the email as “Important Business” without actually reading the details.

    3. Firewalls Can’t Protect Lamps: Technology stops bad things entering via cables. It cannot stop bad things entering through a message on your screen if you want to let it in.

    5. Practical, Lawful Defenses: How to Stay Safe

    You cannot armor your brain, but you can put guardrails around your computer. Here is what you can do:

    A. The Pause and Look Approach (Phishing Recognition)
    When you see a message that makes you anxious or excited, do not react immediately. The GREY method works best:

    • Go away from the screen (get a coffee).

    • Return.

    • Examine the sender’s email address.

    • Yell (mentally) “Why?”

    B. Don’t Click Links
    If a bank says your account is frozen, close the email entirely. Open your banking app separately and log in there. The bank will be on the screen if there is a problem; they won’t follow you into the app if you clicked a fake link.

    C. Two-Factor Authentication (2FA)
    This is the single best defense. Even if you (or a hacker) get your password, they still cannot get in.

    • How it works: When you log in, the password is only the first step. Next, you have to type in the code sent to your phone or scanned via a security key. It makes hacking the password useless.

    D. Strong Passwords & Managers
    Stop using “Password123!” or your pet’s name.

    • Use a Password Manager. These are apps that store all your complex passwords and unlock them with one master password. It keeps track of what you used where so you don’t have to remember them.

    E. Software Updates
    When your phone or computer buzzes to say “update required,” click “Install.” Updates aren’t just adding new features; they are often patching security holes that hackers use to trick you. If you don’t patch it, the hacker can exploit it.

    F. Backups
    Have your data backed up (on an external hard drive or cloud service that isn’t connected to the internet when not in use.). If a ransomware virus encrypts your computer because you clicked the wrong link, you can wipe the computer and restore your backup.

    G. Secure Your Wi-Fi
    If you work from home, treat your home Wi-Fi like a bank vault. Change the default password on your router, hide your network name (SSID), and make sure the band is secure (use WPA2 or WPA3 encryption).

    When to Seek Help
    If you receive a request that seems odd—a wire transfer from your boss to an unknown vendor, or an email from “Nigerian royalty” (yes, these still happen)—stop. Call the person or company verbally to verify. Trust your gut, and if you aren’t sure, ask IT or a tech-savvy friend.

    Share.

    Related Posts

    Add A Comment

    Comments are closed.