Why do we fall for Phishing?

Victims often fall for social engineering due to changing techniques and scenarios used by the attackers that prey on basic human reactions.

Hackers, when exploiting human behaviours, taps on the six levers of social influence, which triggers the victims to feel curious and act accordingly due to:

Reciprocation

• After being offered something, you are compelled to return a favour.
• Exploitable Scenario: Enticed to receive a $50 voucher upon clicking a link to fill up a survey.

Scarcity

• A time limit is presented, thus feeling the need to reply or comply.
• Exploitable Scenario: Your windows account may be locked out as your password is expiring.

Consistency

• An offer or request is made by someone or something trustworthy.
• Exploitable Scenario: Your bank informs you of a transaction activity that you can verify using a link provided.

Liking

• Complying to someone familiar, whom you may know or like.
• Exploitable Scenario: IT Care requests you update your directory information through a link.

Authority

• Complying with someone who is a figure of authority.
• Exploitable Scenario: Ministry of Health conducting contact tracing status.

Social Validation

• Easily convinced to act as others are doing the same.
• Exploitable Scenario: Signing up from an SMS link forwarded by a colleague for special flight discounts.