Helpful information

A few things that you can do to enjoy a safer online experience.

Clicking Without Thinking Is Reckless... Yes don't click on anything you see! Ok ok.. We all know that right? Here's a few more. You're welcome   :)

Use Two-Factor Authentication... Not sure what this is? Something every computer user should know. Google how to set it up and use it.

Look Out for Phishing Scams... Uhmmm that looks like your email or banking... but is not!

Keep Track of Your Digital Footprint... Identity theft anyone? The saying I have nothing to hide is plain silly. We all have secrets somewhere. If you don't want it getting out, don't post it online. This goes for chat applets too.

Keep Up With Updates... Always keep your operating system and software up to date. This goes without saying, even though some updates can be buggy, the pros far outweigh the cons. Keeping up to date helps keep your operating system safe... yep this goes for Mac users too!

Connect Securely... Always whenever possible connect to secure websites especially when making transactions, even filling in your information that may not seem important to you - it is to someone else.

Secure Your Mobile Device... That option to lock your phone? Yep probably a good idea! Ok, now that goes without saying but there are other security options within your mobile, be sure you check them out.

Beware of Social Engineering. This falls in to different categories really but.. Ok, for lack of better words. Please explain Google... "the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes." Thank you Google.

Really in part the point of that is if you're not sure of something look it up. You can find all kinds of information online to help protect yourself online and, through sharing of information (ahem you can use this site too), those around you.

Dan and the Microdyne Team.

The Psychology of Cybercrime: How Hackers Hack Your Mind 

The Modern Landscape of Social Engineering: A Growing Threat

Social engineering is evolving rapidly, with cybercriminals using increasingly sophisticated methods to manipulate individuals and gain access to sensitive information. From phishing emails to browser hijacks, cybercriminals are no longer just targeting high-risk sites but are infiltrating seemingly innocent activities, like searching for recipes. At my business, Microdyne Computer Services, I’ve seen a sharp increase in these types of attacks, particularly through browser hijacks that lock users out of their systems.

In this article we will explore the most common forms of social engineering and manipulation, highlight a real-world case from my business, and explain how scammers manipulate victims using various tactics. At the end, I’ll reveal the most common online search that people have fallen victim to in the past months. The result may surprise you. We’ll also delve into the psychological biases that criminals exploit to their advantage.

Additionally, I have attempted to structure this article with some repetition on key points to help readers remember; giving them the ability to recognize the issues discussed when they come across them. If this article helps just one person; mission accomplished.

Types of Social Engineering Attacks

Social engineering comes in many forms, each designed to trick individuals into making poor decisions that compromise their security. At my business, I regularly encounter clients falling prey through these primary attack vectors:

• Phishing Emails: These are fraudulent messages designed to appear as though they come from trusted entities like banks or government agencies. With advances in artificial intelligence, these emails are becoming more convincing and professional. Instead of the crude, misspelled messages of the past, today’s phishing emails may use company logos, personalized greetings, and legitimate sounding language. The goal is to steal sensitive information, like usernames, passwords, and financial data.
  Browser Hijacks: Recently, a significant number of my clients have fallen victim to browser hijacks while performing what would typically be harmless activities, such as searching for tablecloths, In these cases, the victim unknowingly clicks on a malicious link, triggering a pop-up that locks their screen. The message often claims to be from Microsoft or a well known antivirus company, insisting that their computer has been compromised. The victim is urged to call a fake support number or click a link, leading them deeper into the scam.
  Phone Calls: Phone-based social engineering, or "vishing," is another common attack. The victim receives a call from someone pretending to be a representative from a trusted organization, such as a bank or tech support. The scammer creates the belief of an urgent problem, such as a compromised account or system error, leading the victim to provide sensitive information or follow specific instructions that ultimately benefit the scammer.

A Real-World Example: The Microsoft Scam 

Recently, a woman came into my business, after falling victim to a sophisticated browser hijack while simply searching for a recipe. The attack locked her screen with a fake alert claiming to be from Microsoft, warning her that unusual activity had been detected on her computer. The message urged her to call a support number immediately. These messages often speak of severe consequences if an individual doesn’t comply, and quickly. These scams often emit alarming audio further scaring the victim.

When she called the number, she was connected to someone posing as a Microsoft technician. The scammer falsely claimed that her bank account had been compromised. In a chilling escalation, the scammer pretended to transfer her call to her bank’s head office. The person on the other end told her the breach appeared to be an inside job at her bank, and urged her not to alert her bank, or she would lose all her money. She was instructed to withdraw a large sum of money, to make up an excuse for the transaction if questioned, and to follow their guidance. Their guidance turned out to be an adventure as the criminal couldn’t obtain what he wanted, and had her keep trying various approaches. 

This "adventure" consumed the better part of her day, and by the time she realized it was a scam, she had already lost a substantial amount of money. Because she had withdrawn the cash herself, she was initially unable to recover her funds due to banking policies.

At my business, Microdyne Computer Services, I examined her computer for information to back up my client’s claim and created a report for the bank, and information on remediation steps taken. Thankfully, after sending a formal letter with my incident findings, the bank was able to help her, although this is often not the case, especially when cash is taken out and no ability to track where it went. This is becoming more and more common with banks less able to help with these specific events.

Something as simple as searching for a recipe can lead to trouble, as in my clients case. This case also clearly underscores the randomness of these attacks. Gone are the days of just being careful and staying off “bad” sites. Cybercriminals know where we go and what we search for.

Manipulation Methods Used by Social Engineers

Cybercriminals don’t just rely on technical vulnerabilities, they target human behavior. They are experts at manipulating victims through a variety of tactics that cause people to act against their own best interests. This is known as social engineering, or social engineering and manipulation, which is the most common form of attack whether it be a browser hijack, email, phone call, or the many other forms of compromise. At my business, I frequently see these common manipulation strategies:

• Impersonation: Scammers often pretend to be authority figures, such as representatives from Microsoft, your bank, or even government agencies. This creates a sense of trust and compliance, as people tend to follow instructions from perceived authority figures without question.
  Fear and Panic: One of the most effective ways to manipulate people is through fear. Cybercriminals create a sense of urgency, warning the victim that their bank account, personal data, or computer is in immediate danger. When people are frightened, they are less likely to think critically about the situation.
  Isolation: Scammers often try to isolate their victims, preventing them from asking others for advice or confirmation. In the Microsoft scam example, the attacker convinced the victim not to notify her bank, under the guise that the threat was an inside job. This isolation allows the scammer to maintain control of the situation.

Cognitive Biases: The Hidden Tools of Social Engineers

Because there are many, we'll stick to a few of the most common biases.

Regardless of one’s technical skills, people are often tricked by social engineering attacks, like phishing emails, because these scams exploit trust and urgency. Attackers know how to craft messages that appear legitimate, prompting victims to act quickly without thinking critically.

By knowing how these cognitive biases work, individuals can better recognize when they’re being targeted by scams. This awareness helps us make more informed decisions, reducing the risk of falling victim to such attacks both at home and in the workplace.

Beyond general manipulation tactics, cybercriminals exploit well-known psychological tendencies called cognitive biases. These are mental shortcuts that everyone uses to make decisions quickly, but they can lead to poor judgment, especially when someone is stressed or under pressure.

Urgency Bias

Urgency bias causes people to make hasty decisions when they believe time is running out. Scammers know this and frequently create a sense of immediate danger, pushing victims to act without thinking. In the Microsoft scam, the victim was told that her bank account had been compromised and that she needed to act right away to prevent catastrophic loss. The urgency overwhelmed her ability to consider alternative solutions or verify the legitimacy of the claim.

Scarcity Bias

Scarcity bias convinces people that a resource, whether it be time, money, or access to services, is running out. For example, a scam email might tell the victim that their account will be locked permanently unless they act now. This makes the victim feel like they have no choice but to comply, even though the threat is entirely fabricated.

Authority Bias

Authority bias leads people to follow instructions from individuals they perceive as authority figures, even if it goes against their better judgment. In many scams, the attacker pretends to be a bank representative, law enforcement officer, or tech support agent. Victims are more likely to follow their directions because of the inherent trust we place in these roles.

For simplicity, these are just a few of the most common biases used by criminals. There are many more but I am with hopes the key information for most people included here.

Stress and Decision-Making

When we’re under stress, such as when my client believed her bank account had been hacked and or her computer had been compromised, we tend to make poor decisions. Stress impairs critical thinking and makes us more susceptible to manipulation. Cybercriminals exploit this by creating high pressure scenarios where the victim feels overwhelmed, and thus more likely to fall back on cognitive biases to make quick decisions. In the Microsoft scam example, the victim was under intense stress for hours, preventing her from questioning the scammer's motives or actions. Running on emotion, the scammer had her going complying to one instruction after another.

Why Social Engineering Scams Work: cybercriminals Know Us Better Than We Know Ourselves

Cybercriminals don’t just rely on exploiting technical weaknesses; they understand human psychology in this area very well, and how we behave under stress. By studying patterns of human behavior, cybercriminals can tailor their scams to exploit cognitive biases.

Scammers also often know more about their victims than the victims themselves, thanks to the large amount of data leaks, from security breeches, and publicly available information online such as social media. These criminals use personalization to create a sense of familiarity and trust, making their fraudulent claims seem more legitimate.

In the Microsoft scam, the victim felt as though the attackers knew her situation intimately, which made her more willing to follow their instructions. This personalization, combined with psychological manipulation, makes social engineering one of the most dangerous forms of cybercrime today.

How to Protect Yourself: Practical Tips from Microdyne Computer Services

1. Verify the Source: Always verify the legitimacy of any email, phone call, or pop-up. Contact the organization directly through official channels, such as their website or customer support line, rather than responding directly to the message or call. Even if a number looks correct when receiving a call, phone numbers can be spoofed. Additionally, ensure the website you go to is legitimate. Take the time to learn how to do this.

2. Stay Calm and Don’t Rush: Scammers rely on urgency and panic to make you act hastily. Take a step back, evaluate the situation, and give yourself time to think before taking any action.

3. Secure Your Devices: Install reputable antivirus and anti-malware software and keep your systems up to date. This is a basic first step towards keeping your system safe. At my business, Microdyne Computer Services, I provide guidance on the best security practices to help you stay protected.

4. Trust Your Instincts: If something feels wrong, often enough it is. Whether it’s an email from a supposed friend asking for money or a pop-up claiming your computer is infected, trust your instinct and investigate before acting.

5. Stay Informed: Knowledge is your best defense. Stay educated about common scams and social engineering techniques, so you can recognize them when they happen.

Key Takeaways:

Social engineering is a dangerous and evolving trick that cybercriminals use most commonly and is becoming more complex with real science behind their craft. Although there are technical attacks that do not require human intervention, social engineering and manipulation is by far the most common attack vector today. 

The information obtained through these methods from a scammer can later be used to scam a victim again, using a completely different approach. This could be identity theft or using a victims credibility to scam others, and the list goes on.

The key to avoiding these attacks lies in awareness and vigilance. By understanding how scammers use social engineering to operate, how they exploit cognitive biases, along with a few basic steps you can better protect yourself from falling victim to these sophisticated scams, reducing your threat landscape dramatically. As the saying goes, knowledge is power. You don’t need to have a degree in computer science to keep yourself safe. 

Many of us cringe at the thought of learning basic computer safety. If you already know how to check your email, use Facebook, or watch your favorite cat videos on YouTube, learning good cyber hygiene for most of us is just as easy, and well worth the time invested. Basic computer safety awareness for most of us is often all that is required to stay safe in today’s digital age.

In the beginning of this article I mentioned I would reveal the most common search people used where today's topic was most exploited. That search is (drum roll please)… recipes. As I mentioned earlier, this search in itself among the various others out there seriously underscores the randomness of these attacks.

If you find this information useful or know someone who may, save this article and share with others such as loved ones, family or friends.

Stay safe. Stay secure.

Dan Dueck,

Microdyne Computer Services. 

From Playgrounds to Profiles: A Philosophical Exploration of Social Media’s Impact

As we journey down memory lane, we find ourselves at the intersection of nostalgia and modernity, contemplating how technology, particularly social media, has redefined human connection. For those of us who grew up in an era before smartphones, the tangible warmth of gatherings, be it on playgrounds, in backyards, or at coffee shops, held a sacred place in our lives. These shared experiences forged bonds that felt immediate and real. Today, however, while we still cherish face-to-face interactions, much of our communication has migrated online, prompting a profound inquiry into what it means to connect in the digital age.

Social media platforms serve as both bridges and barriers. They enable us to reach out and touch the lives of friends and family scattered across the globe, cultivating relationships that may have otherwise withered. Yet, in this expansive digital landscape, we must ask ourselves: Does the convenience of online connection replace the depth of genuine human interaction?

While social media can facilitate connection, it often fosters superficial engagements, likes and shares that lack the substance of face-to-face dialogue. This raises critical questions: Are we truly connecting?

In our quest for connection, we trade snippets of our lives for likes and follows. The paradox of privacy is a central theme in this narrative. Social media thrives on the personal details we willingly share, yet these same disclosures expose us to risks we may not fully comprehend. Each post, each check-in, leaves a digital footprint, creating a profile that can be exploited by entities we may never meet.

From a philosophical standpoint, we grapple with the implications of this trade-off. Are we sacrificing our individuality and privacy for the ephemeral gratification of social validation? In the age of surveillance capitalism, where our data fuels an industry driven by profit, we must navigate the delicate balance between openness and security.

Consider the cell phone, that ubiquitous device which has become an extension of ourselves. The benefits are undeniable: immediate access to information, navigation assistance, and a platform for self-expression. Yet, as we cradle these devices, we must confront their darker sides.

Psychologically, the constant availability of our phones can lead to a state of perpetual distraction. This “always-on” mentality disrupts our ability to engage fully with the present moment, diminishing our capacity for deep, meaningful interactions. Studies suggest that the more we rely on digital communication, the less adept we become at reading social cues, a vital component of empathy and understanding. As we retreat into the glow of our screens, we risk losing the richness of in-person relationships that once defined our social lives.

A Personal Perspective: Voices from Microdyne

In my role at Microdyne Computer Services, I’ve had the privilege of engaging with a diverse array of clients, each with unique perspectives on technology's role in their lives. It’s not just about business for me, it’s about people. Some embrace social media for its ability to connect them with distant friends or provide platforms for advocacy, while others express disillusionment, lamenting the erosion of authentic relationships.

This tapestry of opinions invites deeper reflection on the nature of connection itself. Are we, in our pursuit of connection, inadvertently creating environments that breed loneliness? The answer may lie in our ability to cultivate digital spaces that foster authenticity and vulnerability, allowing us to bridge the gap between online interactions and real-world connections.

I invite you, to reflect on your relationship with social media and technology. How has it shaped your interactions with others? Do you feel more connected or more isolated in this digital landscape? Moreover, if you have specific topics related to technology that pique your curiosity, I encourage you to reach out to me at dan@microdynecomputers.org. I’m committed to exploring these questions alongside you, drawing from both my experiences over the time of my professional career, and research, ongoing learning to help provide thoughtful insights. Together, we can navigate this complex terrain and uncover the truths that lie beneath the surface of our digital lives, together, helping us all better understand. With knowledge and awareness, comes the power to transform our digital landscape and personal lives in ways that enhance our overall collective well-being. 

Dan Dueck
Microdyne Computer Services

The temptation of easy money: How Cybercriminals Lure People into Their Ranks

When clients come to me after experiencing a cyberattack, their frustration often leads them to ask, “Why would someone do this? Don’t they have better things to do?” It's a natural reaction, one rooted in disbelief. However, the motivations for engaging in cybercrime are far more complex than mere mischief or boredom. Cybercriminals expertly prey on human weaknesses, enticing people with promises of easy money, low risk, and a seemingly foolproof chance of avoiding capture.

I often share a simple scenario to illustrate the mindset: If you could make $10,000 a day, with no risk of getting caught, would you do it? The responses are varied. Some firmly reject the idea, but many hesitate, acknowledging the temptation even if they wouldn’t act on it. This reveals a critical truth: when the reward feels immense and the risks negligible, even morally upstanding individuals might question their resolve.

Why Do People Get Involved in Cybercrime?

While ethics certainly influence an individual’s decision to avoid criminal behavior, financial pressure often tips the scales. Cybercrime presents a seemingly irresistible opportunity for those who are struggling or seeking a quick way out of financial insecurity. For many, it’s not about a love of crime, it’s about survival, or the allure of a “new life” where financial worries disappear.

The accessibility of cybercrime is another key factor. Unlike traditional crimes that may require physical presence or specialized tools, many forms of cybercrime require minimal skills. A person with no technical background can quickly be trained to participate in fraudulent schemes, such as handling stolen credit card details or making phishing calls. The more sophisticated aspects of cyberattacks, such as the actual hacking, are often outsourced to more technically skilled criminals, allowing others to perform entry-level tasks and start earning significant money almost immediately.

The appeal is clear: easy entry, minimal effort, low risk of capture, and potentially huge financial gains.

Cybercrime Isn’t Just a Foreign Threat

When we think of cybercrime, it’s easy to imagine shadowy figures operating from distant locations, backed by foreign governments or criminal organizations. While such large-scale, state-sponsored cyberattacks do exist, much of the cybercrime affecting individuals and businesses happens right in our own backyards.

Local cybercriminals, often disillusioned by traditional job prospects, see cybercrime as an easy way to make money. The relative anonymity and low risk of getting caught make it an appealing option. This misperception, that cybercrime is a distant threat, can cause us to overlook the fact that these activities might be taking place in our own communities, carried out by individuals who could be our neighbors.

This proximity underscores the importance of addressing cybercrime at a grassroots level. Protecting ourselves, our families, and our businesses starts with community awareness and education. Simple actions—like teaching an elderly relative how to spot a phishing scam or helping a friend avoid falling for an online fraud—can make a substantial difference in reducing the spread of cybercrime.

The Cybersecurity Talent Crisis

While the ranks of cybercriminals are growing, there is a parallel, and troubling, shortage of cybersecurity professionals to counter them. The issue isn't just a lack of interest but a daunting barrier to entry. Becoming proficient in cybersecurity requires years of specialized training and continuous learning, given the evolving nature of cyber threats. In contrast, cybercrime often offers an easier, faster route to financial rewards.

Cybersecurity, like the medical field, demands both expertise and precision, with little margin for error. It’s a high-pressure career that can seem overwhelming to newcomers. This has raised a vital question: How can we make cybersecurity roles more appealing, especially to those who might be tempted by the quick gains of cybercrime?

What Can We Do to Deter Cybercrime?

Many suggest that harsher penalties for cybercriminals might deter others from engaging in illegal activities. However, punishment alone is rarely enough. The common belief among cybercriminals that they won’t be caught often negates the fear of any consequences.

A more effective solution might lie in early education. If young people were taught about both the personal and legal consequences of cybercrime, as well as the lucrative, legitimate opportunities in cybersecurity, they might be less inclined to stray toward illegal activities. Introducing cyber awareness programs in schools and promoting cybersecurity as a viable career path could shift perceptions and steer individuals away from crime before they are tempted by it.

Additionally, offering better financial incentives in the cybersecurity field could be a game-changer. If cybersecurity professionals were compensated in line with the risks and responsibilities of their roles, especially when compared to the quick financial gains of cybercrime, it might attract more talent into the profession.

Are We Doing Enough to Catch Cybercriminals?

While prevention is essential, law enforcement must also be equipped to apprehend cybercriminals. Unfortunately, the resources dedicated to cybercrime often lag behind the scale and sophistication of the threat. Law enforcement agencies need access to cutting-edge tools and training to effectively investigate, track, and arrest cybercriminals.

International cooperation is another significant challenge. Since cybercriminals often operate across borders, jurisdictional issues can slow down investigations or lead to legal loopholes. Strengthening global partnerships and fostering collaboration between governments is critical if we hope to keep pace with cybercrime.

However, it's crucial not to focus solely on reactive measures. A proactive approach, including better prevention strategies, technological advancements, and early detection systems, will be key to staying ahead of cybercriminals.

Making Cybersecurity Careers More Attractive

Addressing the cybersecurity skills gap is not just about training more individuals, it’s about making these careers more attractive and sustainable. Offering accessible training programs, mentorship, and financial incentives could help build a more robust pipeline of cybersecurity talent. This could include faster certification processes that still maintain high standards, giving entry-level professionals a chance to get real-world experience sooner.

Work-life balance, job satisfaction, and stress reduction also need attention. The high-pressure nature of cybersecurity roles can lead to burnout, which in turn pushes talented individuals out of the field. By addressing these challenges, we can retain more professionals and create a more appealing career path.

Final Thoughts

Cybercrime is growing rapidly, fueled by the promise of easy money and the misconception that there is little risk of being caught. But combating it starts with local action, through education, awareness, and making legitimate cybersecurity careers more accessible and rewarding.

We must ask ourselves: Are we doing enough to deter cybercrime, both through education and law enforcement? Could financial incentives and early education programs help steer people away from illegal activities?

As we look toward the future, we must also consider how to prepare the next generation. By improving cybersecurity education and making the profession more accessible and appealing, we can prevent more people from being lured into the world of cybercrime.

What role can you play in this fight? Could you help educate those around you about the dangers of cybercrime, or even inspire someone to pursue a legitimate career in cybersecurity? Cybercrime isn’t going to go away, but we all can play a small role that adds up to help reduce the issue.

Stay safe stay secure.

Dan Dueck 

Microdyne Computer Services