When fiction’s most famous detective, Sherlock Holmes, needed to solve a crime, he used his sharp observational skills and deep understanding of human nature to face off against his arch-nemesis, Dr James Moriarty, a villain adept at exploiting human weaknesses.
Like Moriarty, cybercriminals use cunning strategies to exploit their victims’ psychological vulnerabilities, often emails or messages that appear to be from trusted sources such as banks, employers, or friends. These messages may contain urgent requests or alarming information to provoke an immediate response.
For example, a phishing email might claim there has been suspicious activity on a victim’s bank account and prompt them to click on a link to verify their account details. Or individuals are manipulated into divulging confidential information to compromise their own or a company’s security.
Recently, I worked with Shiven Naidoo, a master’s student in data science, to understand how behavioural science and data science could join forces to combat cybercrime.
COMBINING DISCIPLINES
Data science uses scientific methods, processes, algorithms and systems to extract knowledge and insights from structured and unstructured data. The behavioural sciences study human behaviour, considering principles that influence decision-making and compliance.
We drew extensively from United States psychologist Robert Cialdini’s social influence model in our study which has been applied in cybersecurity studies to explain how cybercriminals exploit psychological tendencies.
Cybercriminals exploit humans’ tendency to be obedient to authority by impersonating trusted figures to spread disinformation. They also exploit urgency and scarcity to prompt hasty actions, or the tendency to follow the actions of those similar to us.
COMBINING INSIGHTS
Our data consisted of known scams such as phishing and other malicious activities. It’s tough to draw insights from unstructured data. Models can’t easily discern between meaningful data points and those that are irrelevant or misleading (we call it “noisy data”). Data scientists rely on feature engineering to cut through the noise.
We used domain knowledge from behavioural science to engineer and label meaningful features in unstructured scam data. Scams were labelled based on how they used Cialdini’s social influence principles. For example, a phishing email might use the principle of urgency by saying “your account will be locked in 24 hours if you do not respond!”.
The results showed that certain social influence principles such as “liking” and “authority” were frequently used together in scams. We also found that phishing scams often employed a mix of several principles. This made them more sophisticated and harder to detect.
The results gave us valuable insights into how often different types of social influence principles (such as urgency, trust, familiarity) are exploited by cybercriminals.
Our results are invaluable for mining insights from complex cybercrime data. This kind of analysis can be used by cybersecurity professionals, data scientists, cybersecurity firms and organisations involved in cybersecurity research to improve automated detection systems and inform targeted training.
Stay informed with The Namibian – your source for credible journalism. Get in-depth reporting and opinions for
only N$85 a month. Invest in journalism, invest in democracy –
Subscribe Now!