That anti-phishing training email your employees just received may, ironically, actually be a phishing email,…
People should learn how to spot the tactics companies (and, more importantly, criminals) use to persuade customers (or marks), especially when those tactics are used deceitfully, according to Eric Ravenscraft at WIRED. Ravenscraft describes various ways user experience (UX) design can be used to manipulate people.
“The term ‘dark patterns’ was first coined by UX specialist Harry Brignull to describe the ways in which software can subtly trick users into doing things they didn’t mean to do, or discouraging behaviour that’s bad for the company,” Ravenscraft explains. “When you want to unsubscribe from a mailing list, but the ‘Unsubscribe’ button is tiny, low-contrast, and buried in paragraphs of text at the bottom of an email, it’s a strong sign the company is putting up subtle roadblocks between you and cancellation.”
Ravenscraft notes that these tactics aren’t always intentional, but they can still influence a user into doing something they don’t want to do.
“Not all dark patterns are designed maliciously, and some UX designers might not even be aware that they’ve built a system that’s tricking users,” he writes. “In many cases, designers might just be doing what works. But being cognizant of how app design plays on human biases is key to avoid falling victim to dark patterns.”
Sometimes, however, companies do use these patterns unscrupulously (though not necessarily illegally).
“The trouble comes when the company that makes an app or site has different priorities than the person using it,” Ravenscraft writes. “For example, when you sign up for a monthly subscription service, most companies will make that process easy. However, if you want to cancel, the company might put a couple of speed bumps in the way to discourage you. Sometimes this can be subtle, like making the ‘Never mind, I’d like to stay’ button bright and colourful while making the ‘Yes, I really want to cancel, let’s get on with it’ button more subtle.”
Ravenscraft concludes that education is the best defence against these tactics. He quotes UX designer Harry Brignull as saying, “If you know what cognitive biases are and the kind of tricks that can be used to change your mind to persuade you to do things, then you’re less likely to have them trick you.”
There’s nothing wrong with persuasion, but it’s always good to understand how it works when you’re on the receiving end. New-school security awareness training can enable your employees to recognize when they’re being manipulated, whether it’s by harmless marketing tactics, underhanded business ploys, or malicious phishing tricks.
WIRED has the story.
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defence. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW