Proactive IT Strategy at Thriveon

The Cyber Criminal Facade of Trust

Written by Lori Creighton | 12/5/16 1:00 PM

Trust was the underlying theme for the Manufacturers Alliance seminar “Communication Across Cultures.” Whether job training or team building, the effectiveness of communication relies on trust because that’s what gets the message noticed, makes the message believable, and fuels motivation to respond to the message. Unfortunately, cybercriminals know this, too, and they use it to design cyberattacks and social engineering schemes that lure people into letting down their defenses with a facade of trust.

Cyberthreats and Betrayal of Trust

We click on a link in an email that is supposedly from our bank and we follow their directions. When we see a pop-up that tells us to make our computer faster, we believe it and download. It doesn’t cross our minds that the websites that we routinely visit could also unknowingly drop malware on our machines. If we get a call from someone from Microsoft saying they need to remote into our machine to fix something, we let them. Of course, we would never expect that a pdf attached to an email from someone we know would be harmful.

It’s ironic that although cyberattacks are technical in nature, hackers effectively use manipulation and social engineering tactics to get us to believe their message and respond. How did cybercriminals get so good at gaining trust?

Cyber Criminals Know Their Targets

It’s obvious that cybercriminals have studied their targets. They know their habits. They know where they go on the web and what advertisements they are going to click on. They know the kind of language they use, although they don’t get it right all the time. In the case of “spear-phishing” when a hacker targets one specific person, they know where to find the details about that person and how to use them to develop a false rapport.

Cyber Criminals Craft Messages That Get Response

Knowledge of their target has enabled cybercriminals to craft messages that get responses. Sometimes the message is just mimicking others as in the case of malvertising. At other times, the message is about a plausible circumstance such as a recent shipment you made, or a request from your bank to secure your account. In instances of spear-phishing, the message could contain very personal details that can easily be found on social media (like the name of the restaurant where you had dinner last night), or they could appear to come from an authority figure in your life, such the CEO of the company you work for.

Multi-layered Approach to Cybersecurity

A multi-layered approach to cybersecurity provides ways to verify communications as legitimate or suspicious. In the technical layers are spam filters and firewalls that protect you by recognizing sources that are not trusted. For the messages that get through – whether digital, by phone or in person -- it takes some education and common sense to sort out the trustworthy from the fraudulent. It’s sad that we are living in a time when we need to be wary of the ways that cybercriminals go after their targets, but if you don’t get pulled into their facade of trust, you won’t believe their message; you won’t respond; and you won’t become a victim.