.png?h=313&iar=0&mw=556&w=556&rev=935b59a4371f4f8588b84015729e69ef&hash=579C3FEDEC9056A4293CA9BE6DA8461B)
Read Time: 5 minutes
Despite endless awareness training, cyber risk still slips through the cracks. 60% of breaches trace back to human actions. It’s time to move beyond checklists and cultivate a lasting security culture, where smart habits and shared vigilance become part of every day. In this post, we’ll share simple tips to help you stay balanced, protect your well-being, and keep your energy strong for the challenges ahead.
Three Common Patterns to Recognize
Social engineering is when a malicious actor attempts to manipulate the emotions of another party to compromise assets. Detecting it requires analyzing behavior for three key patterns.
- Unusual Transfer of an Asset.
Fraudsters aim to get you to transfer something of value: money, data or inventory. - Unusual Granting of Access or Control.
Illicit access is often the first objective e.g., holding the door for someone, running a computer program or simply clicking "OK". - Intelligence and Bona Fides Collection
Fraudsters ask questions to gather information that enables fraud elsewhere in the organization.
Key Red Flags to be Aware of
1. Fraudsters must initiate contact
Sophisticated attackers will go to great lengths to make initiation less suspicious, creating a problem that requires a user to initiate contact or to seem to initiate contact in a normal process. Ensure requests are genuine by extra verification:
- Employees never ask for access, control or privileged information when contacting a user or customer unless via secure channels.
- Users/customers initiating a request must prove their identity and authority before the request can be processed
2. Who Is Receiving What
In all fraud patterns, the fraudster receives something such as an asset, access or information. When requests deviate from SOPs and include justifications, they often signal potential fraud.
3. Unusually Stressful and Urgent Interactions
False urgency pushes people to ignore normal approval pathways. Stressors to watch for:
- Attempts to create unreasonable urgency: deadlines, ultimatums
- Fear of loss: "Act now" or "Be the first to respond"
- Fear of consequences: "This is bothering the bosses; we need you to..."
- Abnormal or intense background stressors: couples fighting, traffic, crying babies
- Attempts to trigger an emotional response: crying (to trigger empathy) or shouting (to trigger fear of aggression)
- Appeals for a "rescue": only you can help save the fraudster from consequences
Build a Security-Conscious Culture
Many organizations operate on a "just get it done" mindset that makes them vulnerable. It must be okay to escalate or validate unusual requests. Cybersecurity leaders should guide employees to recognize the underlying patterns and red flags in these scenarios. Crowe’s cyber security awareness provides guidance to design and launch a Security Champion Program that helps organizations beyond basic training and create a culture where everyone in the organization makes safer choices.