斯坦福大学神经网络_斯坦福大学欺骗专家和网络安全首席执行官解释了为什么人们迷上网络骗局

斯坦福大学神经网络

By Tim Sadler and Jeff Hancock

蒂姆·萨德勒和杰夫·汉考克

We all know the feeling, that awful sinking in your stomach when you realize you’ve clicked a link that you shouldn’t have. Maybe it was late at night, or you were in a hurry. Maybe you received an alarming email about a problem with your paycheck or your taxes. Whatever the reason, you reacted quickly and clicked a suspicious link or gave away personal information before realizing you had made a dangerous mistake.

我们都知道这种感觉，当您意识到单击了本不应该具有的链接时，就会在您的肚子中下沉。 也许是在深夜，或者您很着急。 也许您收到一封关于您的薪水或税款问题的令人震惊的电子邮件。 无论出于何种原因，您都Swift做出了React，并单击了可疑链接或泄露了个人信息，然后才意识到自己犯了危险的错误。

You’re not alone. In a recent survey conducted by my company Tessian, 43% of people admitted to making a mistake at work that had security repercussions, while nearly half (47%) of people working in the tech industry said they’ve clicked on a phishing email at work. In fact, most data breaches occur because of human error. Hackers are well aware of this and know exactly how to manipulate people into slipping up. That’s why email scams — also known as phishing — are so successful.

你不是一个人。 在我的公司Tessian最近进行的一项调查中，有43％的人承认在工作中犯了安全隐患，而在技术行业工作的人中有近一半(47％)表示，他们在以下位置点击了仿冒电子邮件工作。 实际上， 大多数数据泄露是由于人为错误造成的。 黑客对此很清楚，并且确切地知道如何操纵人们使其滑落。 这就是为什么电子邮件诈骗(也称为网络钓鱼)如此成功的原因。

Phishing has been a persistent problem during the COVID-19 pandemic. In April, Google alone saw more than 18 million daily email scams related to COVID-19 in a single week. Hackers are taking advantage of psychological factors such as stress, social relationships, and uncertainty that affect people’s decision-making. Here’s a look at some of the psychological factors that make people vulnerable and what to look out for in a scam.

网络钓鱼在COVID-19大流行期间一直是一个持续存在的问题。 在4月份，仅Google就在一周内每天收到超过1800万次与COVID-19相关的电子邮件诈骗。 黑客正在利用心理因素，例如压力，社交关系和影响人们决策的不确定性。 这是一些使人容易受到伤害的心理因素，以及在骗局中应注意的事项。

压力和焦虑会造成伤害 (Stress and Anxiety Take a Toll)

Hackers thrive during times of uncertainty and unrest, and 2020 has been a heyday for them. In the last few months they’ve posed as government officials, urging recipients to return stimulus checks or unemployment benefits that were “overpaid” and threatening jail time. They’ve also impersonated health officials, prompting the World Health Organization to issue an alert warning people not to fall for scams implying association with the organization. Other COVID scams have lured users by offering antibody tests, PPE, and medical equipment. Where chaos leads, hackers follow.

黑客在不确定和动荡时期ers壮成长，而对于他们而言，2020年是一个鼎盛时期。 在过去的几个月中，他们冒充政府官员 ，敦促接受者退还“过高”的刺激性支票或失业救济金，并威胁入狱时间。 他们还冒充了卫生官员，促使世界卫生组织发出警报，警告人们不要因为暗示与该组织有关联的骗局而堕落。 其他COVID骗局通过提供抗体测试，PPE和医疗设备吸引了用户。 在混乱导致的地方，黑客紧随其后。

The stressful events of this year mean that cybersecurity is not top of mind for many of us. But foundational principles of human psychology suggest that these same events can easily lead to poor or impulsive decisions online. More than half (52%) of those in our survey said that stress causes them to make more mistakes. The reason for this has to do with how stress impacts our brains, specifically our ability to weigh risk and reward. Studies have shown that anxiety can disrupt neurons in the brain’s prefrontal cortex that help us make smart decisions, while stress can cause people to weigh the potential reward of a decision over possible risks, to the point where they even ignore negative information.

今年的紧张事件意味着网络安全并不是我们许多人关注的重点。 但是人类心理学的基本原理表明，这些相同的事件很容易导致不良的或冲动的在线决策。 在我们的调查中，超过一半( 52％ )的人表示压力导致他们犯更多错误。 其原因与压力如何影响我们的大脑有关，特别是我们衡量风险和回报的能力。 研究表明， 焦虑会破坏大脑前额叶皮层中的神经元，从而帮助我们做出明智的决策，而压力会导致人们权衡决策的潜在回报与潜在风险，甚至忽略负面信息。

When confronted with a potential scam, it’s important to stop, take a breath, and weigh the potential risks and negative information, such as suspicious language or misspelled words. Urgency can also add stress to an otherwise normal situation — and hackers know how to take advantage of this. Look out for emails, texts, or phone calls that demand money or personal information within a very short window.

当遇到潜在的骗局时，重要的是停止，屏住呼吸并权衡潜在的风险和负面信息，例如可疑的语言或拼写错误的单词。 紧急情况还会给原本正常的情况增加压力，并且黑客知道如何利用这一点。 在非常短的时间内查看需要金钱或个人信息的电子邮件，短信或电话。

入侵您的网络 (Hacking Your Network)

Some of the most common phishing scams impersonate someone in your “known” network, but your “unknown” network can also be manipulated.

一些最常见的网络钓鱼诈骗冒充了您“已知”网络中的某人，但是您的“未知”网络也可以被操纵。

Your known network consists of your friends, family, and colleagues — people you know and trust. Hackers exploit these relationships, betting they can sway someone to click on a link if they think it’s coming from someone they know. These impersonation scams can be quite effective because they introduce emotion to the decision-making progress. If a phone call or email claims your family member needs money for a lawyer or a medical procedure, fear or worry can replace logic. Online scams promising money add greed into the equation, while phishing emails impersonating someone in authority or someone you admire, such as a boss or colleague, cloud deductive reasoning with our desire to be liked. The difference between clicking a dangerous link or deleting the email can involve simply recognizing the emotions being triggered and taking a second look with logic in mind.

您的已知网络由您的朋友，家人和同事(您认识和信任的人)组成。 黑客利用这些关系，押注他们可以诱使某人单击某个链接，如果他们认为该链接来自他们认识的人。 这些冒名顶替的骗局可能非常有效，因为它们将情绪带入了决策过程。 如果电话或电子邮件声称您的家人需要律师或医疗程序的钱，则恐惧或担忧可以代替逻辑。 在线诈骗承诺会增加金钱的贪婪感，而网络钓鱼电子邮件则冒充权威人士或您所敬佩的人(例如老板或同事)，在演绎推理中诱使我们被人喜欢。 单击危险链接或删除电子邮件之间的区别可能涉及简单地识别触发的情绪并在逻辑上进行第二次观察。

Meanwhile, the rise of social media and the abundance of personal information online has allowed hackers to impersonate your “unknown” network as well — people you might know. Hackers can easily find out where you work or where you went to school and use that information to send an email posing as a college alumnus to seek money or personal information. An easy way to check a suspicious email is by looking beyond the display name to examine the full email address of the sender. Scammers will often change, delete, or add on a letter to an email address.

同时，社交媒体的兴起和在线个人信息的丰富使黑客也可以假冒您的“未知”网络-您可能认识的人。 黑客可以轻松地找出您在哪里工作或在哪里上学，并使用这些信息发送冒充大学毕业生的电子邮件，以寻求金钱或个人信息。 检查可疑电子邮件的一种简单方法是，在显示名称之外查找所有发件人的完整电子邮件地址。 诈骗者通常会更改，删除或添加一封电子邮件地址。

分心和新环境的影响 (The Impact of Distraction and New Surroundings)

The rise of remote work brought on by COVID-19 can also impact people’s psychological states and make them vulnerable to scams. Remote work can bring an overwhelming combination of video-call fatigue, an “always on” mentality, and household responsibilities such as childcare. In fact, 57% of those surveyed in our report said they feel more distracted when working from home. Why is this a problem from a cybersecurity standpoint? Distraction can impair our decision-making abilities. Forty-seven percent of employees cited distraction as the top reason for falling for a phishing scam.

COVID-19带来的远程工作的兴起也可能影响人们的心理状态，并使他们容易遭受骗局。 远程工作可能会导致视频通话疲劳，“永远在线”的心态以及家庭责任(例如育儿)的压倒性结合。 实际上，在我们报告中接受调查的人中，有57％的人说，在家工作时他们会更加分散注意力。 为什么从网络安全角度来看这是一个问题？ 分心会削弱我们的决策能力。 47％的员工认为分心是网络钓鱼诈骗的主要原因。

While many people tend to have their guard up in a physical office, we tend to relax at home and may let our guard down, even if we’re working. With an estimated 70% of employees working from home part or full time due to COVID-19, this creates an opportunity for hackers.

尽管许多人倾向于在物理办公室中加强警卫，但我们倾向于在家中放松身心，即使我们在工作，也可能会让我们放松警惕。 由于COVID-19，估计有70％的员工在家工作或全职工作，这为黑客创造了机会。

It’s also more difficult to distinguish between a legitimate request and something from an impersonator when you’re not in the same office as a colleague. One common scam impersonates an HR staff member to request personal information from employees at home. When in doubt, don’t click any links, download attachments, or provide sensitive data such as passwords, financial information, or a Social Security number until you can confirm a request with a colleague directly.

当您与同事不在同一办公室时，要区分合法请求和模仿者的请求也更加困难。 一个常见的骗局冒充了一名HR工作人员，要求其在家中的员工提供个人信息。 如有疑问，请在直接向同事确认请求之前，不要单击任何链接，下载附件或提供敏感数据，例如密码，财务信息或社会安全号码。

自我保健和意识 (Self-Care and Awareness)

These scams will always be out there, but that doesn’t mean people should constantly worry and keep their guard up — that would be exhausting. A simple combination of awareness and self-care when online can make a big difference.

这些骗局将永远存在，但这并不意味着人们应该不断担心并保持警惕，这将使您筋疲力尽。 在线时将意识和自我护理简单地结合起来就可以带来很大的不同。

Once you know the tactics a hacker might use and the psychological factors such as stress, emotions, and distraction to look out for, it will be easier to spot an email scam without the anxiety. It’s also important to take breaks and prioritize self-care when you’re feeling stressed or tired. Step away from the computer when you can and have a conversation with your manager about why the pressure to be “always on” when working remotely can have a negative impact psychologically and create cybersecurity risks. By understanding why people fall for these scams, we can start to find ways to easily identify and avoid them.

一旦您知道了黑客可能使用的策略以及需要注意的心理因素(例如压力，情绪和分心)，就更容易发现没有焦虑的电子邮件骗局。 当您感到压力或疲倦时，休息一下并优先考虑自我护理也很重要。 尽可能离开计算机，并与您的经理进行对话，以了解为什么远程工作时始终处于“压力”状态的压力会对心理产生负面影响并带来网络安全风险。 通过了解为什么人们会喜欢这些骗局，我们可以开始寻找轻松识别和避免它们的方法。

Tim Sadler is the CEO of Tessian, and Jeff Hancock is the Harry and Norman Chandler Professor of Communication at Stanford University.

蒂姆·萨德勒(Tim Sadler)是Tessian的首席执行官，杰夫·汉考克(Jeff Hancock)是斯坦福大学的哈里·诺曼·钱德勒(Harry and Norman Chandler)传播学教授。

翻译自: https://medium.com/fast-company/a-stanford-deception-expert-and-cybersecurity-ceo-explain-why-people-fall-for-online-scams-e6be5c8b7473

斯坦福大学神经网络