The Psychology of Phishing | User Training and Why KnowBe4 Works

Oh man, 60 Little Caesars pizzas! That seems legit!

There are a number of ways that one could gain access to your data but by far, the most successful, or the most detrimental depending on how you look at it, is when a user from inside your organization clicks on an innocent, unassuming looking link or document in an email, thus releasing the Kraken! The malware onto their PC. This is called phishing. The easiest way to prevent all of this would be to cut all access to the Internet. That’ll work right?! No, well then we better get to work on learning how to spot a phishing attempt. All of you Tech Riff super-fans will remember that we have previously released a video on how to spot a phishing email. But the fact remains that even though technology changes so quickly, we, you and I are still our organizations most vulnerable assets. And we can never be too over educated on this.

Psychology Behind an Attack

Let’s talk about the psychology behind an attack. We know it’s dangerous, we know we need to be aware of it. So why do we still do it? What makes us click? A little Neurophysiology lesson for you. Our emotions and responses are largely controlled by the part of our brain called the amygdala. Hackers prey on our heightened emotions in order to influence our behavior beyond what we know we should do. They actually call this an amygdala hijack. Here’s where they get you:

Stress: The more stressed we are, the more likely we are to collect.

Fear: Do this or else.

Pressure: Do this now.

Greed: To claim your millions click here.

Overconfidence: I know how to spot an attack.

Hierarchy: Your boss would like you to do this.

Obedience: Update your records.

Desire to help: The need to please.

The fact is, even though we have known about common phishing attempts for years, behaviors are not changing. Because, well, we’re still human. We need to train our humans. The number one thing that you can do to decrease your human risk is to deploy a training program.

Check out KnowBe4

We highly recommend KnowBe4, and we’ve been using it ourselves for over two years. They have a number of solutions, but at its core, KnowBe4 sets up campaigns to training and then test your users on an ongoing basis. They do this through sending out emails to all users in your organizations that are fake. For example, you might receive one that tells you to update your iCloud password, or that you’ve won 60 Little Caesars pizzas. KnowBe4 offers robust reporting that will determine a baseline click score, and then you can track improvement from there. As hackers grow more complex, we need to step up our defenses.

Having a tool like KnowBe4 can really help. Check out KnowBe4 or others like it, and reach out to us here at Worksighted if you have any questions on how to get started. And that’s it for today’s Tech Riff. Make sure you connect with us on your favorite social, until then stay safe, stay smart.

I’m Killian Smith, take it easy.