Perspectives

If they're in your device ... they're under your skin

"I struggled for money this month and tried to dig myself out – loans, credit cards, extra work. Then I got an email from my bank offering me a credit card with a long interest-free period. I put my details in and waited for a response ...

A young woman looking concerned next to a laptop and mobile phone
35% of us have suffered a cyber attack in the the last 12 months.

"I never got one. A few days later my bank called me to “query some transactions”. I feel stupid to have clicked on something fake when I'm usually so careful.

"You just never think it’ll happen to you - but they cleaned me out."

Cyber crime is a relatively new phenomenon. But social engineering – often key to cyber criminals’ success – has been around for much longer. Centuries, in fact.

Social engineering involves influencing someone to act against their best interests, just like the Trojans.

Social media is easy pickings to cyber criminals. Your work and personal life is laid bare. Combined with information bought on the Dark Web, they can create a compelling case as to why you should do something. Even when your gut is telling you not to. This is social engineering in action.

Legend tells us the Greeks left a giant wooden horse outside the city of Troy after a 10-year siege. The Trojans pulled the horse into the city as a symbol of their victory. In that moment, they lost the war. The horse had men hidden inside, who opened the city gates to the Greek army. 

Cyber criminals play up to your curiosity, fear, or desire. Worse, your sympathetic nature. And guarding yourself against social engineering sometimes means going against societal norms we’ve practised for decades.

One in five people globally say they’re very concerned about identity fraud, cyber fraud or cyber attacks (19%).1

Yet, sometimes we’re our own worst enemy when it comes to protecting ourselves.

Why do we click on things when, deep down, we know we shouldn’t?

Humans have an inherent trust of others and cyber criminals exploit this.

Social engineering attracts criminals because it’s easier to hack humans than systems.

35% of us globally have experienced a type of cyber attack in the last 12 months.2 Most frequently, internet scams and computer viruses.

A group of cyber criminals at computer terminals
Cyber criminals use social engineering to make their attacks as credible as possible.

Many of us are familiar with phishing emails: bogus emails that entice people into giving personal information. The more cyber criminals know about you, the more they can tailor the email. And the more likely you are to open the email and act on it.

But why do cyber criminals constantly bombard us? The short answer is profit.

Once a cyber criminal has access to your computer, they might get access to a list of your friends.

Then they can pose as you to ask for urgent help or charity donations. Or they can pose as a boss or co-worker asking for sensitive information or payments to be made to a corporate credit card.

How do criminals make money from getting access to someone’s computer? Criminals often harvest credit card and banking information from compromised computers, but these are risky and difficult to monetise without getting caught. Ransomware, which is a malware that encrypts computers and key files, has rapidly become a more popular method of gaining money from individuals and companies alike. Criminals use this method and ask directly for payment via anonymous Bitcoin [digital currency] transfers to their account.
Aleksei Gornoi, Threat Intelligence and Assurance Lead, Aviva

Will you stop yourself in time?

Fear and desire are powerful. They can override the most rational thinker’s best judgement.

Crude scams offering love or money are unconvincing. But when so much personal information is available on the internet – both illicitly gained and explicitly stated – more nuanced offers look like the real thing.

Say your Facebook profile publicly states that you love retro video games, Nordic city breaks or Pomeranian dogs. Would an email about these things, ostensibly from an organisation you trust, really spark your suspicion?

Or, more seriously, say you’re running short of money and your 'bank' throws a lifeline into your inbox.

Will you stop yourself in time?

1 Aviva Consumer Attitudes Survey, May 2018
2 Aviva Consumer Attitudes Survey, May 2018

-------------------------------------------------------------------

Advice on protecting yourself or your business against cyber crime is available from the National Crime Agency in the UK.

Enquiries:

Joe Booth
joe.booth@aviva.com

More of our Perspectives