Tribune. More than two-thirds of US companies have already been forced to pay a ransom to recover data after being infected with malware. More than one in two French companies have been attacked in the same way, sometimes with considerable damage. Most recently, it was the pharmaceutical group Pierre Fabre that was affected, after a series of similar cases in hospitals and local communities.
Why does phishing still work? We know too little about it, but nine out of ten operations that are successful in this area target the same link in the systems: the human person, whose behavior is more difficult to manage than that of an algorithm …
Mental shortcuts
Hackers know that people are online almost all the time and very often multitask. They take advantage of their tendency, and sometimes the necessity, to act quickly without really analyzing the details of the situations. They know the mental shortcuts which are so many loopholes in which to rush into. The recipient of an email – and he exchanges 300 billion a day – is therefore invited to click on a link, encouraged to open an attached document, or even ordered to provide information that is a priori innocuous. And, sometimes it does.
With teleworking, which limits informal and direct contact between colleagues, the risks are much higher
Why ? Because we have been able to arouse his trust. Research that we carried out at the University of Paris-Dauphine-PSL made it possible to identify these mental shortcuts exploited to break down the defenses. The logo of a reputable company, the name of a contact person, a short text and an airy layout: the attention is drawn to areas of the screen or keywords, and one is feels on familiar ground.
Hackers also know how to surf on hot topics and therefore seem particularly important at a given time. No wonder if fraudulent emails evoking a contact case among colleagues or anti-Covid vaccines have succeeded in defeating vigilance in recent weeks in several countries.
With teleworking, which limits informal and direct contact between colleagues, the risks are much higher. Since July 2020, hackers have also started to exploit old conversations of their targets to create new ones. The mails are then signed by usual interlocutors, use sentences already read, and are all the more credible.
You have 52.06% of this article left to read. The rest is for subscribers only.