Tamara Chechetkina, head of marketing for information security VK, told KP.RU how to avoid becoming a victim of carders.
Any phishing attack is based on carding methods of psychological influence on a person. Whatever technical implementation the carders choose, they always strive to ensure that the victim performs the action they require - clicking on a link, downloading and launching a malicious attachment, entering confidential data or transferring money. And in order for the deception scheme to work as much as possible, they put a person into a state in which all actions are performed on emotions.
What is social engineering?
In information security, the term social engineering refers to a set of manipulative techniques and techniques for influencing a person in order to obtain his personal data and confidential information. Essentially, this is a body of knowledge from sociology and psychology that allows you to predict and manage people’s behavior by playing on their emotions, feelings, fears and reflexes.
Curiosity, greed, pity and fear are the main feelings and emotions that carders use in phishing attacks in order to capture the victim’s attention and turn off an objective and logical perception of reality. When combined with factors such as urgency, irritation, or authority, they increase the effect of emotion and inattention. “Everything was in a fog,” “I didn’t understand how it happened,” “I did everything automatically”—this is how victims of phishing attacks most often recall their actions, complaining about a state close to passion .
How does this happen?
Curiosity. These are various messages that intrigue the recipient, fueling his interest in what is hidden in the link: “Do you want to know more?”, “Isn’t that you in the photo?”, “I have a unique offer for you.”
Greed. These are various messages about prizes and benefits, which are also fueled by the effect of urgency. Discounts, promotions, sweepstakes and winnings that have found you and are valid only now - you just need to follow the link, log in, enter your bank card details for crediting. And also promises of big money for easy work.
A pity. One of the most insidious deception carding schemes is built around the desire to help: “We need to raise money for an operation,” “Help the shelter survive,” “Help win a competition,” etc.
Fear. This motive is very often combined with the factor of authority and urgency, for example, these are letters from government organizations or messages from the boss, in which the recipient is required to urgently do something, including in order to prevent trouble: “Pay the fine urgently,” “ Urgently transfer money to the company’s account”, “Urgently study the document in the attachment”, etc. This is how endless deception schemes work with notifications about fines, taxes, debts, personal accounts, etc.
How can you tell if it's phishing?
Along with the main technical signs of phishing attacks - imitation of sender names, style and design, the presence of a link or attachment - it is always necessary to critically evaluate the content and psychological component of the message:
- What emotion does it evoke in me?
- Is there an emphasis on urgency?
- Why am I being asked to perform this or that action?
- Do I need to follow a link or open a sent document?
Before you take any action from the message, first answer these questions for yourself and, if you doubt anything, take a break and think about how you can check the information received. Is it possible to contact the sender in an alternative way, for example, call and clarify whether he/she really wrote to me, or go to the company’s official website and clarify the terms of the promotion or the reason for the notification.
Phishing is basically a mass email campaign, and attackers use topics in their messages that can be understood and applied to the largest number of people. Where there is mass demand and excitement, there are more opportunities to deceive. Therefore, the most important way to protect against carding activities is vigilance and vigilance.
Targeted attacks
Another of the main psychological tricks of carders is the principle of trust built on knowledge. Remember that carders carefully prepare for targeted attacks: they collect information from open sources, personalize their messages for each new victim in order to look as believable as possible. Therefore, if in a letter you are addressed by your first and last name and indicate personal information, for example, email, phone number or residential address, this is not a reason to immediately believe everything that is written there. Be critical of what is written there.
If a suspicious message arrives on a social network or instant messenger from your friend, colleague or boss, do not forget that attackers can either hack or clone his account. Therefore, you should not rush to answer and certainly not to take action - call or write to this contact in another messenger to find out all the details.
How to avoid falling for carder's tricks:
- The most important thing is to critically evaluate any incoming information. If you are in doubt or feel that you are being pushed by the urgency of a decision, take a break and do not rush to answer. Remember that the very first sign when dealing with carders is their persistence.
- Check the sender and the information received in any alternative way, check all the details from other sources.
- Stay tuned for news about popular carding and follow simple cyber hygiene rules.
(c) https://www.kp.ru/daily/27607/4934207/
Any phishing attack is based on carding methods of psychological influence on a person. Whatever technical implementation the carders choose, they always strive to ensure that the victim performs the action they require - clicking on a link, downloading and launching a malicious attachment, entering confidential data or transferring money. And in order for the deception scheme to work as much as possible, they put a person into a state in which all actions are performed on emotions.
What is social engineering?
In information security, the term social engineering refers to a set of manipulative techniques and techniques for influencing a person in order to obtain his personal data and confidential information. Essentially, this is a body of knowledge from sociology and psychology that allows you to predict and manage people’s behavior by playing on their emotions, feelings, fears and reflexes.
Curiosity, greed, pity and fear are the main feelings and emotions that carders use in phishing attacks in order to capture the victim’s attention and turn off an objective and logical perception of reality. When combined with factors such as urgency, irritation, or authority, they increase the effect of emotion and inattention. “Everything was in a fog,” “I didn’t understand how it happened,” “I did everything automatically”—this is how victims of phishing attacks most often recall their actions, complaining about a state close to passion .
How does this happen?
Curiosity. These are various messages that intrigue the recipient, fueling his interest in what is hidden in the link: “Do you want to know more?”, “Isn’t that you in the photo?”, “I have a unique offer for you.”
Greed. These are various messages about prizes and benefits, which are also fueled by the effect of urgency. Discounts, promotions, sweepstakes and winnings that have found you and are valid only now - you just need to follow the link, log in, enter your bank card details for crediting. And also promises of big money for easy work.
A pity. One of the most insidious deception carding schemes is built around the desire to help: “We need to raise money for an operation,” “Help the shelter survive,” “Help win a competition,” etc.
Fear. This motive is very often combined with the factor of authority and urgency, for example, these are letters from government organizations or messages from the boss, in which the recipient is required to urgently do something, including in order to prevent trouble: “Pay the fine urgently,” “ Urgently transfer money to the company’s account”, “Urgently study the document in the attachment”, etc. This is how endless deception schemes work with notifications about fines, taxes, debts, personal accounts, etc.
How can you tell if it's phishing?
Along with the main technical signs of phishing attacks - imitation of sender names, style and design, the presence of a link or attachment - it is always necessary to critically evaluate the content and psychological component of the message:
- What emotion does it evoke in me?
- Is there an emphasis on urgency?
- Why am I being asked to perform this or that action?
- Do I need to follow a link or open a sent document?
Before you take any action from the message, first answer these questions for yourself and, if you doubt anything, take a break and think about how you can check the information received. Is it possible to contact the sender in an alternative way, for example, call and clarify whether he/she really wrote to me, or go to the company’s official website and clarify the terms of the promotion or the reason for the notification.
Phishing is basically a mass email campaign, and attackers use topics in their messages that can be understood and applied to the largest number of people. Where there is mass demand and excitement, there are more opportunities to deceive. Therefore, the most important way to protect against carding activities is vigilance and vigilance.
Targeted attacks
Another of the main psychological tricks of carders is the principle of trust built on knowledge. Remember that carders carefully prepare for targeted attacks: they collect information from open sources, personalize their messages for each new victim in order to look as believable as possible. Therefore, if in a letter you are addressed by your first and last name and indicate personal information, for example, email, phone number or residential address, this is not a reason to immediately believe everything that is written there. Be critical of what is written there.
If a suspicious message arrives on a social network or instant messenger from your friend, colleague or boss, do not forget that attackers can either hack or clone his account. Therefore, you should not rush to answer and certainly not to take action - call or write to this contact in another messenger to find out all the details.
How to avoid falling for carder's tricks:
- The most important thing is to critically evaluate any incoming information. If you are in doubt or feel that you are being pushed by the urgency of a decision, take a break and do not rush to answer. Remember that the very first sign when dealing with carders is their persistence.
- Check the sender and the information received in any alternative way, check all the details from other sources.
- Stay tuned for news about popular carding and follow simple cyber hygiene rules.
(c) https://www.kp.ru/daily/27607/4934207/
