Humans As An Attack Vector

Human element of cybersecurity Everyone in cybersecurity plays a part in detecting and mitigating attacks

If you're an attacker trying to break into a company, you can spend all day hammering on gates/walls or you can send a trojan horse and let phishing do its part.

Humans are generally targeted because of the level of access/information they can provide - websites, mailboxes, databases, etc.

Some threat actors are very selective in their targets, while others spray and pray by breaching as many accounts as they can and decide how to use them later.

Attacks targeting humans share a common trait: they rely on manipulating the victim into helping the attacker, whether knowingly or not. This tactic is known as social engineering, and it works by exploiting human psychology rather than technical flaws.

Common Human Attack Vectors in Phishing

• Authority
• Urgency
• Fear
• Scarcity
• Curiosity
• Social proof
• Reciprocity
• Reward manipulation
• Cognitive overload