How Cyber Criminals/Hackers Exploit Trust

People make mistakes is a common and relatable phrase, but it's also a malicious one in the hands of cyber criminals, more of whom are exploiting simple human errors to launch successful attacks

?

While many criminals are fairly unsophisticated or downright stupid, advanced threats, including nation state actors evolve their attacks over time to exploit our weaknesses. Humans for the most part want to believe and trust what they read, see and hear and many (without security awareness training) just don’t believe everyone is out to get them. In 2024 it’s better to “Trust No One and Verify Everything” than blindly Trust everything.

Phishing Emails

• Phishing/Spam emails have evolved from gibberish content hawking bogus products and pleas for help from Nigerian princes to personalized email crafted to look like they came from someone you know or a company you do business with. With business spam they try and mimic every detail they can to include proper corporate logos, fonts, tone of messaging etc and even try and get the sender links and contact info as close to the real thing as they can.
• You’re more likely to trust a message if it is from your bank, retailer, or university than some random business you have never heard of.

Social Engineering

• Criminals have wised up and are doing their research, particularly when targeting corporate users for social engineering attacks.
• They recon on social media sites like LinkedIn, corporate news letters and press releases to learn about people in the organization and about you. They will use these details to craft the proper line of questioning, so that they can gain your trust, so you stay on the phone with them, giving you more chances to slip up and give them the information they need.

Text Messages

• Texts have evolved from mystery links to detailed messages. Just like with email messages, malicious actors have signed up for legitimate text messaging from banks and retailers so they can copy their content and then spread malware from their own links

Software Updates

• This is an evolving threat. Actors are trying to work their way into to the software update process by sending you a targeted email saying you need to update application X. The link takes you to a website that looks like the company’s application page, and if you click on the download, your system is infected with malware
• The lesson here is to set automatic updates on your machine or set a schedule to go directly to the application vendor website to look for official releases, and security patches
• Do not click on links in email and text messages about updates