How does fishing deceive the user's brain? Google claims that only 10% of people did it right.

Simple and effective: it is a necessary skill for many hackers to let someone click on malicious links in emails and enter personal information such as passwords. Phishing is the most common form of network attack, and it is still growing.

According to the ongoing research by Google and the University of Florida, it is so effective because it uses the working principle of the human brain to formulate targeted strategies. The most important thing is that it is difficult for people to find the trap because of emotional intelligence, cognitive motivation, emotions, hormones and even personality.

Daniela Oliveira, a Google researcher, said at the Black Hat Cyber Security Conference in Las Vegas that we are all vulnerable to phishing attacks because it deceives the principle of how our brains make decisions.

The problem stems from consciousness: according to Daniela, a Google researcher, 45% of Internet users don't even know what phishing is.

Emotion also plays a role: people who are optimistic and happy but less stressed are more likely to be deceived. Cortisol is a stress hormone, which can improve vigilance and make people more likely to detect deception. Serotonin and dopamine, two hormones related to positive emotions, can lead to dangerous and unpredictable behaviors, thus making people more vulnerable.

Phishers are also particularly good at fabricating information to persuade users to click. Authority is one of the most common and effective weapons, such as an email claiming to be from the CEO of a company, asking employees to provide some information by clicking on the link. Profit and loss model is also a common means, such as the news of Taobao shopping refund.

Some phishing emails also use emotions. After the devastating record-breaking forest fire in California on 20 18, many users' Google mailboxes immediately received emails seeking help for the victims. Emotional hints, such as promising to donate money to people who are forced to leave their hometown, weaken the recipient's ability to distinguish the authenticity of the email. Hackers divert people's attention through the authenticity of the incident, triggering emotional reactions, thus reducing people's doubts about the authenticity of e-mail.

But this does not mean that the only way to prevent fishing is to be a person who is always stressed and cynical. A healthier and more effective way is to enable two-factor authentication for every important login (e-mail, online banking or Alipay, WeChat Weibo, Taobao JD.COM shopping website and other social media). The following is a list of all sites that support two-factor authentication.

For example, when logging in, in addition to entering the password, the system will also send a short message verification code to your mobile phone. Face recognition, fingerprint recognition or physical security key on U shield are all reliable secondary authentication methods. In this way, if you accidentally reveal your password to hackers in a phishing scam, they still can't log in to your account. However, according to Google's survey, less than 10% of users have enabled two-factor authentication on their accounts.