Daily Banking News
$42.39
-0.38%
$164.24
-0.07%
$60.78
+0.07%
$32.38
+1.31%
$260.02
+0.21%
$372.02
+0.18%
$78.71
-0.06%
$103.99
-0.51%
$76.53
+1.19%
$2.81
-0.71%
$20.46
+0.34%
$72.10
+0.28%
$67.30
+0.42%

Phishing Attacks Are Targeting People’s Emotions; It’s Time to Leverage AI to


Phishing attacks have always targeted people’s emotions. COVID has drastically amplified those emotions, and hackers have not missed the opportunity. During the pandemic, thousands of attacks are taking place every day, preying on people’s fears and uncertainty regarding the virus, their jobs and their future. COVID-19-themed phishing attacks now account for 30 percent of all phishing websites. Meanwhile, scammers increasingly pose as HR employees “informing” employees that they have been laid off, and others masquerade as banks offering special deals during the economic downturn, all the while steering the user to embedded malware or links to fake websites.

Up to 95 percent of cybersecurity breaches are the result of human error, according to IBM, and in times of crisis that number could soar as stress short-circuits our common sense. Yet our main cyberdefense resources – employee training and antivirus software – aren’t sufficient. Most phishing attacks don’t involve viruses or malware at all, and today’s email gateway security can’t stop hackers’ sophisticated trickery from reaching users.

Now more than ever, cybersecurity needs to bridge the human emotion gap left by anti-virus software and human training. We are always susceptible to deception unless technology intervenes – which is why AI can be our best bet.

Emotions play huge part in phishing, especially now

Humans are primarily driven by emotions, not logic. Our decision making is a direct result of how we feel, and emotions triggered by one event can impair our ability to make sound choices in another. In COVID-19 reports of anxiety, fear, and mental health issues means people are not as emotionally equipped to recognize when they are being taken advantage of.

Phishing emails over the past few months contain words like ‘COVID’, ‘coronavirus’, ‘masks’, ‘test’, ‘quarantine,’ and ‘vaccine’ to play on people’s concerns and socially engineer their reactions. Cybercriminals have falsely alerted employees that someone in their team has tested positive for the virus and they need to read instructions to keep safe, while this is actually a malicious attachment. But people are more likely to open the document because the content is rooted in a potential reality, overriding their ability to assess the email for what it is.

Human error is increasing

Over the past two years, the number of security breaches caused by people within an organization rose 47 percent. Of those insider incidents, 62 percent were caused by negligent employees, unintentionally costing companies $4.6 million per year in damages on average.

Those figures don’t account for increases in human error as a result of the lockdown and new work conditions. Mass layoffs mean heavier workloads while remote work means more distractions at home, opening up the likelihood of teams making mistakes. Not having IT support desks within walking distance adds an extra obstacle to addressing tech concerns, so errors are left to worsen.

Education is not enough

Our go-to cybersecurity solution is investing in employee education and awareness, but at this stage, it’s not effective enough. Employees are not in the right state of mind to participate in certain training, with security firms choosing to remove COVID-19 themed phishing simulations (which represent one in three fake websites) to avoid further traumatizing teams. Instead, companies are advocating for raising awareness, not panic.

We already know that phishing training isn’t as impactful as it’s perceived to be. In one phishing training study, participants received in-depth guidance and specific examples of phishing emails to avoid, yet three months later, they showed very little improvement in their susceptibility to scams. Ironically, one cybersecurity training firm recently found itself the victim of a phishing attack against an employee, in which 28,000 records were…



Read More: Phishing Attacks Are Targeting People’s Emotions; It’s Time to Leverage AI to

Get real time updates directly on you device, subscribe now.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.