IT
Exploitation of natural human behaviours
Often referred to as social engineering , this vector is reliant on human behaviour to allow a bad character to gain access to your digital assets . This can range from cold calling your reception to frequenting social locations and befriending employees to learn about your organisation . The main traits that a successful social engineer relies upon are the human propensity to help others , emotional attachment , conflict avoidance , fear and greed .
Social engineering is not a new phenomenon , confidence tricksters practiced it in the seventies and eighties to illicit loans by having an accomplice ring the finance company whilst they were applying for a loan , so they could discuss large transfers of funds whilst the interviewer was in ear shot to lend credibility to their status .
Common forms of social engineering in 2017 include the sending or faxing of an invoice for work completed , when no work has taken place in the hope that it will slide under the organisations radar and be paid . Further demands such as legal action may follow and our desire to avoid conflict rationalises that paying the invoice is a better option .
The advent of social media now allows bad characters to identify key personal in your organisation ( think LinkedIn ) and then identify those individuals on Facebook and monitor what is transpiring in their private lives . In effect the bad character may locate your financial controller online , regularly view their Facebook profile and wait to they see a post suggesting that they are on leave and then contact your organisation . The bad character advises your business that your controller ( whom they refer to by name ) told them they were going on leave and would send payment or corporate information prior to doing so , but must have forgotten as it was not received . Our instinct to trust and help means that the payment or information is released . If there is push back the social engineer will often become aggressive and threaten legal action , media exposure , demotion or sacking , once again our human traits will kick in and we will try to avoid conflict and abide .
Greed is at the heart of most of the Nigerian 419 scams ( Section 419 being the section of the Nigerian penal code responsible for cybercrimes ). These are the scams where to inherit or be part of a financial windfall the target needs to send an “ Advance Fee ” for the release of the funds supposedly coming your way . Believe it or not , Nigeria has the largest representation when it comes to being victims of Nigerian 419 scammers !