The Psychology of Phishing

An anonymous reader writes Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals understand that we are a generation of clickers and they use this to their advantage. They will take the time to create sophisticated phishing emails because they understand that today users can tell-apart spam annoyances from useful email, however they still find it difficult identifying phishing emails, particularly when they are tailored to suit each recipient individually. Fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link. To put that into context a legitimate marketing department at a FTSE 100 company typically expects less than a 2% click rate on their advertising campaigns. So, how are the cybercriminals out-marketing the marketing experts?

well

[Osgeld]

The criminals offer people stuff they want, marketing offers people shit they don't want. Seems simple enough

Not everyone is train-able

[Taco+Cowboy]

How are spammers successful so often? Simple, companies don't train people

As one who has thousands of people working in companies that I either own, co-own, or have invested in, I can tell you that not everyone is trainable

Not that people are stupid - no, as far as I am concern, almost all who are working in the companies I mentioned above are above average in intelligence - but the one thing that is needed the most is not information, rather, it's intuition with a large bit of paranoia mixed in

It takes a paranoid to be suspicious of everything - and in this social-media world that we have today, where everybody shares every bit of their own info to the world - paranoia is becoming a scarce resource

No matter how much info we have shared with our colleagues, no matter how many times we have told them to be ultra careful, you bet someone will get phished, almost in a daily basis, and the local level network will get breached