Sunday, December 6, 2020
  • Phishing Attacks on Your Brand are Unrelenting, AI is the Only Way to Fight Back
  • Germany’s Anti-Semitic Phonetic Alphabet
  • DEF CON 28 Safe Mode Aerospace Village – Allan Tart’s & Fabian Landis’ ‘Low Cost VHF Receiver’
  • XKCD ‘Contiguous 41 States’
  • DEF CON 28 Safe Mode Aerospace Village – Matt Gaffney’s ‘MITM: The Mystery In The Middle’

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Social Engineering 

Home » Cybersecurity » Social Engineering » COVID-19 and Amygdala Hijacking in Cyber Security Scams

COVID-19 and Amygdala Hijacking in Cyber Security Scams

by SEORG on April 9, 2020

What races through your mind when you see “Coronavirus” or “COVID-19”? Fear, anxiety, curiosity… these internal reactions can prompt actions that we may not normally take. Recent attacks have been sending out mandatory meeting invites that ask you to log in to accounts. Others have been receiving emails to put themselves on a waiting list for a vaccine or treatment. The heightened emotions we experience when we see emails, or messages like this, may prompt us to give personal information out more willingly than we usually would. Security awareness takes a back seat as emotion takes over. It’s known as amygdala hijacking. Why does this happen to us?

COVID-19 and Amygdala Hijacking in Cyber Security Scams

Amygdala Hijacking in Cyber Security Scams

The amygdala is a small part of the brain that is largely responsible for generating emotional responses. An amygdala hijack is when something generates an overwhelming and immediate emotional response.

Many common cyber security scams use amygdala hijacking to their benefit. We see this used often in phishing, vishing, SMShing, and impersonation attacks. Chris Hadnagy of Social-Engineer, LLC did a case study on amygdala hijacking in social engineering.

Phishing

Chris sent out 1,000 phishing emails that offered client employees the chance to enter a raffle to win 1 of 10 free iPhones. All they had to do was click on a link and enter the username and password to their computer. Seventy-five percent (750) of the employees clicked the link and entered their domain credentials.

This might seem shocking to those of us reading it. The phishing email itself seemed somewhat obvious. Entering domain credentials in this situation doesn’t seem logical. Why did so many people click? The answer can be traced back to the amygdala. When the employees saw this email with the offer of something free, they became excited. Their emotional response overrode their logic centers, and they clicked.

Vishing

Out of these 750 names, Chris took 25 and called them. He claimed to be tech support for their company and informed them their computer was now laden with malware due to a phishing email that had just been clicked. To fix this he said he would need to direct them to a website where they can download a .exe and install it. He said this was a cleaning tool that would clean up the malware. It was actually a program that allowed Chris to access their desktop remotely. Amazingly, 24 of 25 of the employees downloaded and ran this program!

The emotion used to prompt the desired response this time was anxiety. The employee was nervous that their system had been compromised and was willing to implement the solution when one was offered. These two tests were extremely successful. Imagine if Chris had been a malicious hacker, rather than a hired security professional. He would now have access to 24 computers within this company. The risk and effort put in on his side was low, especially when compared to the payoff.

Amygdala Hijacking During a Pandemic

Keep this study in mind and think about our current world situation. Many feel anxious about loved ones, their health, and economic stability. This setting lends itself to scams that leverage amygdala hijacking. I am sure you can think of a time in the past when scammers used tragedy to their advantage.

News outlets all around are issuing warnings of COVID-19 scams that are circulating. Knowing the tactics is the start of preparing yourself to avoid these scams. We can protect ourselves if we just stop and think. If you feel yourself reacting emotionally to an email or a phone call, just give your brain a moment. By pausing, you will allow your logic functions to start working again and be able to make a more informed decision.

Ask Yourself

If you are not sure if the email is a phishing email or a legitimate one, there are a few things you can ask yourself to help your assessment: Who, what, when, where, and why?

  • Who – Who sent this email? Is it from someone you know and trust? Is it from a service you use? If so, is the email address theirs?
  • What – What is the topic of the email? If it is from someone you know, does it sound like them? If it’s from a service provider, is the grammar correct and the explanation clear?
  • When – When was the email sent? Is it amid a global crisis? Or, early in the morning when you’re still sleepy? Make sure you aren’t clicking because of your current emotional or physical state.
  • Where – Where is this link sending me? Roll over the link to see if it looks legit. If you are unsure, the best action is to go directly to the company’s site. For example, if this is a request for your password reset, simply reset it through their website rather than through the email.
  • Why – Why do I want to click this link? Is there something in the wording that is making me feel a strong emotion? If so, look closely at the link before clicking.

Answering these questions may not give you a definitive answer as to if the suspected email is legitimate or not, but it will give you a better idea. When in doubt, trust your gut if something feels off.

Applying Your Knowledge

Now that you are familiar with amygdala hijacking and how it can be used against you; you are prepared to defend against it. Whether it’s COVID-19 or in any situation, when you receive an email, phone call, or text… just remember to pause and ask yourself, “who, what, when, where, and why?”. These simple questions can help you remain aware of not only your own emotional responses, but what the sender is requesting as well. Being aware keeps the control in your hands.

Sources:
https://news.yahoo.com/coronavirus-cybercriminals-phishing-cyber-181153504.html
https://www.healthline.com/health/stress/amygdala-hijack#overview
https://www.social-engineer.org/framework/attack-vectors/phishing-attacks-2/
https://www.social-engineer.org/framework/attack-vectors/vishing/
https://www.social-engineer.org/framework/attack-vectors/impersonation/
https://www.social-engineer.org/framework/attack-vectors/smishing/
https://www.social-engineer.com/about/
https://www.youtube.com/watch?v=9e6k_PtEXdM
https://www.social-engineer.com/natural-disasters-social-engineer/
https://www.social-engineer.com/free-yourself-from-fud/
https://www.secfedbank.com/sites/default/files/Five%20Examples%20of%20Social%20Engineering.pdf

Image:
http://www.gcs.k12.al.us/coronavirus-covid19/

The post COVID-19 and Amygdala Hijacking in Cyber Security Scams appeared first on Security Through Education.


Recent Articles By Author
  • DEF CON® Kids: Preparing Them for the Future
  • The Danny Ocean of Social Engineer’s
  • Securing Devices at Home and Work
More from SEORG

*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by SEORG. Read the original post at: https://www.social-engineer.org/social-engineering/covid-19-and-amygdala-hijacking-in-cyber-security-scams/

April 9, 2020April 9, 2020 SEORG Chris Hadnagy, COVID-19 and Amygdala Hijacking in Cyber Security Scams, General Social Engineer Blog, impersonation, Phishing, smishing, social engineering, vishing
  • ← SANS Internet Storm Center Covid19 Domain Classifier, The Video
  • Analysis of a WordPress Credit Card Swiper →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Michael Clark

Prevent Catastrophic Data Loss in the Cloud

Rich Gardner

CISO Roundtable: What We’ve Heard, and What We’re Looking Forward To

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Brazil Govt’s Huge Leak: Health Data of 243M
Securing the Office of the Future
California Federal Court Weighs In (Again) on Social Media Scraping
Web App Security: Don’t Let the Code Injection Grinch Steal Holiday Joy
U.S. Election Security (and Insecurities)
Drupal Core: Behind the Vulnerability
The Future Of Work: The Hybrid Workforce
VMware Horizon Architecture: Planning Your Deployment
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
“Free” Symchanger Malware Tricks Users Into Installing Backdoor

Upcoming Webinars

Mon 07

The Battle for Container Security

December 7 @ 1:00 pm - 2:00 pm
Tue 08

XDR (Extended Detection and Response): The Next Generation of Protection

December 8 @ 11:00 am - 12:00 pm
Thu 10

Data Security for Contact Centers Leveraging Cloud Technologies

December 10 @ 3:00 pm - 4:00 pm
Mon 14

Issues and Answers in Cloud Security

December 14 @ 1:00 pm - 2:00 pm
Tue 15

3 Things to Get Right for Successful DevSecOps

December 15 @ 3:00 pm - 4:00 pm
Wed 16

Unsolved Problems in Open Source Security

December 16 @ 11:00 am - 12:00 pm
Wed 16

Securing Medical Apps in the Age of COVID-19: How to Close Security Gaps and Meet Accelerated Demand

December 16 @ 1:00 pm - 2:00 pm
Wed 16

Deliver your App Anywhere … Publicly or Privately

December 16 @ 3:00 pm - 4:00 pm
Thu 17

Secure Your Peace of Mind and Your Mobile App While Giving Developers Back Their Happy Coding Time

December 17 @ 11:00 am - 12:00 pm
Thu 17

Solving Kubernetes Security Challenges Using Red Hat OpenShift and Sysdig

December 17 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Why Hackers Love the Pandemic
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Why Hackers Love the Pandemic

December 4, 2020 Chris Hallenback | 2 days ago 0
Security and COVID-19: Securing the New Normal
Cybersecurity Data Security Industry Spotlight Network Security Security Boulevard (Original) 

Security and COVID-19: Securing the New Normal

December 3, 2020 DAVID CANELLOS | 3 days ago 0
Web App Security: Don’t Let the Code Injection Grinch Steal Holiday Joy
Cybersecurity Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Web App Security: Don’t Let the Code Injection Grinch Steal Holiday Joy

December 2, 2020 Ameet Naik | 4 days ago 0

Top Stories

Brazil Govt’s Huge Leak: Health Data of 243M
Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Brazil Govt’s Huge Leak: Health Data of 243M

December 4, 2020 Richi Jennings | 1 day ago 0
Second Swiss Firm Said to Be CIA Encryption Puppet
Analytics & Intelligence Cyberlaw Cybersecurity Featured News Security Boulevard (Original) Spotlight Threat Intelligence 

Second Swiss Firm Said to Be CIA Encryption Puppet

November 30, 2020 Richi Jennings | Nov 30 0
Unisys Adds Visualization Tools to Stealth Platform
Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Unisys Adds Visualization Tools to Stealth Platform

November 30, 2020 Michael Vizard | Nov 30 0

Security Humor

via the comic delivery system monikered Randall Munroe resident at XKCD !

XKCD ‘Contiguous 41 States’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2020 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.