author photo
By Bruce Sussman
Mon | Jul 23, 2018 | 8:39 AM PDT

I've just started re-reading one of my favorite leadership books that I haven't read for at least 20 years.

Dale Carnegie's "How to Win Friends & Influence People" is a true classic that focuses on the fine art of human relations and handling others with a positive approach. 

A lot of people who post mean things on social media could stand to read this book! Then again, they're probably too busy scanning their Facebook feed to pick it up.

Carnegie talks about principals behind phishing

I was fascinated by what I read in Chapter 3.

Carnegie talks about fishing for people, and in the process explains why phishing for people in cyber attacks works so well. Check this out:

"I often went fishing up in Maine during the summer. Personally, I am very fond of strawberries and cream, but I have found that for some strange reason, fish prefer worms. So when I went fishing, I didn't think about what I wanted. I thought about what they wanted. I didn't bait the hook with strawberries and cream. Rather, I dangled a worm or a grasshopper in front of the fish and said: 'Wouldn't you like to have that?' Why not use the same common sense when fishing for people?"

And that is, in fact, what perpetrators of smart phishing and Business Email Compromise (BEC) campaigns do—they give people the chance to click, to get or keep, what they want.

Just last week, for example, the Department of Justice revealed 20 tricks of Russian hackers that successfully phished so many staffers at the Democratic National Committee.

Hackers spoofed a DNC employee email and then sent out the phishing attachment "clinton-favorable-rating.xlsx," which dozens of people opened. After all, if you are dedicating your career to electing Hillary as president, how could you resist a document like that? You need to know where things stand.

And think about the other phishing and BEC scams happening now that offer us the chance to take action and get what we want:

  • Scammers say your social media or email account will be deactivated. We take action (and get phished) because "I want to keep my access"
  • Scammers say our bank account or PayPal account is locked out. We take action because "I must have access to my money"
  • Scammers send BEC wire transfer scams where a spoofed message tells the new person in accounting to transfer a payment. They take action because "I want to respond quickly, to make a good first impression."

Carnegie cites other examples in his book and sums it up this way: You must "bait the hook to suit the fish" if you want to influence others to act. 

And in 2018, hackers are doing just that. They are baiting the hook to suit the phish

This is why SecureWorld offers so many resources around Security Awareness, including our recent (and complimentary) web conference, "Cybersecurity Heroes Aren't Born... They're Made," which you can watch on-demand.