Psychological Versus Technical Cyber Attacks

Comparing and contrasting psychological versus technical cyber-attacks is a great way to gain knowledge in the area and better protect oneself from getting hacked.

It is also to understand how the social-psychological, trickery and technical aspects mix and the dynamics they produce, including how each plays a part in a given cyber-attack.

The psychology behind cyber-attacks is often overlooked even by the most prudent cyber citizens and businesses.

The psychological and trickery element can produce fantastic success rates for cybercriminals with very little technical sophistication invested if played right. This cybercriminal strategy can prove more profitable in the long term than more sophisticated medium-scale types of attacks.

Smaller-scale cyber-criminal organizations can perpetuate their malicious acts with much smaller profit margins per successful ‘hack.’ By targeting unsuspecting, less technically inclined users based on researched measures and parameters to determine target groups.

Many of these users cannot afford large payouts, so it is very congruent with this possible cybercriminal strategy to rake in many small payouts, which often amount to mammoth payouts.

Credit: StockPhotoAstur via Canva

Psychological hacking is also known as fake hacking and rightfully so because some hacks may be psychological and have zero or near-zero technical sophistication. A hack on the web is generally understood to be technical in every sense of the term. When zero technical sophistication is employed, then it is, in fact, a fake hack.

Fake Hackers

Fake hackers do not even need to write malware applications, they can simply craft a spoofed email which does not require much sophistication to even zero sophistication. The video may have a compelling title that the researched target group is likely to be interested in, such as How to Save %20 on Every Flight Booked. The video will then present a message to its intended target group (non-technically inclined) that their computer has been hacked (in simpler language sometimes) to wait for a second email for a link to make a payment in the next 2 hours.

The payment may be as low as 25 or 50 dollars, with a warning that the amount doubles every 2 hours if the payment is late. These time limits create a sense of urgency and increase the likelihood that payments are swift and without further delay.

Impersonated Web pages

Another fake hack relates to spoofing well-known web addresses that these target groups may access perhaps a site relating to snowbirds looking for great deals in Florida for the upcoming winter. The hackers can setup a simple webpage add a hyphen or make the name single from plural or vice-versa so it is unlikely to be noticed by the users.

With the growing list of domain extensions this fake hack can become much easier by not even needing to modify the domain name and just switching to another extension. Believe it or not, this can be as simple as copying a known .COM site and buying the .CO for it making it look legitimate and increasing the odds of this simple ‘trick’ or fake hack to work more often.

Once the end-users accesses this spoofed site, a video could be presented telling them that they have been hacked with instructions to make the payment.

Technical Hacks

Technical hacks are far more sophisticated with layers of complexity and can be subject to endless podcasts, blogs, and magazine articles. Those types of hacks are typically designed layer by layer until a very lofty end goal is reached.

The Irony

The irony and twist here are that even the most complex, intricate and sophisticated hacks may have minor to even significant elements of fake hacking playing a role.

Here is one infographic related to common CyberSecurity Mistakes.

Infographic created by MXOtech, a local cloud provider