I once received an email from a concerned individual who had contacted me through the email system of a forum for company directors. The emailer told me they had found a fake Facebook page showing me in a less-than-professional light. The fake Facebook page existed (I checked) and it was awful and damning. The person wanted to engage with me to help me “take the page down” (for a fee). This elaborate phishing scam was put together, playing on potential concerns I might have over embarrassing and unflattering portrayals of my personal life. The scammer played on typical human behavior triggered by shame and embarrassment. They contacted me via a professional body and used my trust in that body to cement their claim. The scam didn’t work in my case, but so often, fraudsters turn to human psychology to perpetrate a crime.
For far too long the human in cybersecurity was forgotten. Whenever cybersecurity was discussed, it was about how hackers break into systems using their technical expertise. Whilst this is true to an extent, the underlying pulleys and levers behind cybersecurity incidents, like phishing, are ultimately down to the human in the machine.
What is it about humans that